Every day there is something in the news about organizations generally of all different sizes that have been breached and have had to deal with the impact of the loss, compromise or destruction of data. Making key decision-makers aware of the general threat landscape is helpful, but more helpful is making them aware of the threat landscape specific to your organization.
I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.
Last December, the Quebec Superior Court issued its decision in Seggie v. Roofdog Games Inc., in which it attempted to clarify the notion of co-authorship (and by implication, copyright ownership) of a videogame. This case marks the first time that the issue of authorship of a videogame was ever considered by a Canadian court (and one of the very few Canadian cases to consider authorship of software more generally).