The Consequences of Information Technology Control Weaknesses on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports

In this article, the association between the strength of information technology controls over management information systems and the subsequent forecasting ability of the information produced by those systems is investigated. The Sarbanes–Oxley Act of 2002 highlights the importance of information system controls by requiring management and auditors to report on the effectiveness of internal controls over the financial reporting component of the firm’s management information systems. We hypothesize and find evidence that management forecasts are less accurate for firms with information technology material weaknesses in their financial reporting system than the forecasts for firms that do not have information technology material weaknesses. In addition, we examine three dimensions of information technology material weaknesses: data processing integrity, system access and security, and system structure and usage. We find that the association with forecast accuracy appears to be strongest for IT control weaknesses most directly related to data processing integrity. Our results support the contention that information technology controls, as a part of the management information system, affect the quality of the information produced by the system. We discuss the complementary nature of our findings to the information and systems quality literature.