Since becoming a U.S. law in 2002, the Sarbanes-Oxley Act (SOx) has had a major impact on worldwide enterprises and particularly those with securities registered through the Securities and Exchange Commission (SEC). SOx has changed the public accounting regulatory landscape from one of self-regulation by external audit firms to quasi-governmental rules for public accounting firms. More important, SOx now requires business managers to take personal responsibility for the documentation, review, and testing of their enterprise's internal controls. Although the Act requires enterprises to follow Committee of Sponsoring Organizations (COSO) internal control rules, the COSO enterprise risk management (ERM) was released after SOx that is not specifically mentioned in the legislation. Nevertheless, both SOx and COSO ERM have some important dependencies on one another, and today's enterprise manager must have a general understanding of both. This chapter provides a general background on SOx and describes some of its enterprise risk-related attributes.[1]