Effect of the SOX Act on IT Governance

Sarbanes-Oxley (SOX) Act stipulates specific roles for the CEO, CFO, and the Auditor. However, the role of the Chief Information Officer (CIO), usually in charge of IT governance (ITG), is implicit. This is despite the fact that in many firms, accounting and financial information and reporting systems either incorporate or are embedded in sophisticated information systems. Through a discussion of the literature, this paper argues that CIOs contribute to the design, implementation, and governance of these information systems which are fundamental to the SOX Act Compliance success. Hypotheses are generated and tested using panel data on the hiring of CIOs between 1999-2005. The results reveal that, after the enactment of the SOX Act in 2002, many firms created new CIO positions and staffed them with internal hires. Many of these new hires reported to the CEOs and had a strong business background characterized by graduate degrees in business administration (MBAs).