The Sarbanes-Oxley Act (SOX) introduced significant changes to financial practice and corporate governance regulation, including stringent new rules designed to protect investors by improving the accuracy and reliability of corporate disclosures. Briefly speaking, it requires management to submit a report containing an assessment of the effectiveness of the internal control structure, a description of material weaknesses in such internal controls and of any material noncompliance. Such mandatory regulations can have some broader ramifications on firm profitability, market structure, and social welfare, many of which were unintended when policy makers first formulated this act. Moreover, the tight coupling of compliance activities, information disclosure, and information technology (IT) investment scan have implications for IT governance because of its potential to change relationships between technology investments and business. This chapter aims to provide some intuitive insights into the trade offs involved for firms in disclosure of such information, and lays the ground for some research questions that would be of interest to academics, industry executives, and policy makers, alike.