There is an overview of SARBOX and Corporate governance in general at:
http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=498 There is also a PowerPoint presentation on QuestDirect, named wn8910.ppt in the education libary. Also check out the PeopleSoft webcast deck at:
http://www.bfmag.com/webcasts/6-05-03/slides.pdf (PeopleSoft face the same SARBOX challenges as JDE).
I believe most companies are leveraging COBIT/COSO to track risks and controls. PWC recently surveyed companies attitude and plans for SARBOX, it can be found at:
http://www.barometersurveys.com/pro...lNewsByDocID/D63C106CE958FCBB85256D550072B841
It would be very helpful if JDE provided some recommendations, guidlines, checklists, COSO risk/control matrices that CNC, application, control and audit teams could work against but I haven't seen anything to date.
In my personal opinion I think most of the SARBOX requirements can be met by building sound operational and technical processes in and around JDE. In theory this could include improving backup processes for DEV and other environments.
Hopefully your company will have someone (or a team) on point for SARBOX compliance and reporting, if your company uses external auditors that person (or team) may be able direct specific questions to them.
Regards, Nick (An IT Auditor - Xe & ERP8 )