The Consequences of Information Technology Control Weaknesses on Management Information Systems: The Case of Sarbanes-Oxley Internal Reports

In this paper, we investigate the association between the strength of information technology controls over management information systems and the subsequent forecasting ability of the information produced by those systems. The Sarbanes-Oxley Act of 2002 highlights the importance of information system controls by requiring management and auditors to report on the effectiveness of internal controls over the financial reporting component of the firm’s management information systems. We hypothesize and find evidence that management forecasts are less accurate for firms with information technology material weaknesses in their financial reporting system than the forecasts for firms that do not have information technology material weaknesses. In addition, we find that this association appears to be driven by control weaknesses most directly related to data processing integrity. Our results support the contention that information technology controls, as a part of the management information system, affect the quality of the information produced by the system.