# SOX-style Product Security ITGC finding template

## Title

Production deployment controls do not provide sufficient segregation of duties

## Criteria

Document the expected control design, policy, or operating requirement.

## Condition

Describe what was observed in the sample and how often it occurred.

## Cause

Explain why the issue exists.

## Risk / Effect

Explain the control failure in business terms:

* unauthorized change risk
* incomplete evidence risk
* privileged misuse risk
* integrity / availability / confidentiality impact

## Recommendation

State the practical remediation steps.

## Suggested fields

* Severity / deficiency classification
* In-scope systems
* Sample size / sample IDs
* Control owner
* Due date
* Compensating controls
* Retest evidence


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.product-security.expert/learning-labs-interview-and-templates/index/sox404-product-security-finding-template.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.