Implementing Section 404 of the Sarbanes Oxley Act: Recommendations for Information Systems Organizations
نویسندگان
چکیده
Section 404 of the Sarbanes Oxley (SOX) Act addresses the effectiveness of internal controls, which in most organizations are either fully or partially automated due to the pervasiveness and ubiquity of information technologies. Significant or material control deficiencies have to be reported publicly. The adverse impact on organizations declaring deficiencies can be severe, for example, damage to reputation and/or market value. While there are many practitioner-led manuals and methods for dealing with 404, there has been little published in the academic research literature investigating the role of Information Systems organizations in implementing Section 404. The paper addresses this gap in knowledge. We used institutional theory as the lens through which to examine the experiences of Section 404 implementation in three global organizations. We used the case study method and an abductive strategy to gather and analyze data respectively. Our findings are summarized in six recommendations. We found that institutional pressures play a critical role in the implementation of Section 404. In particular, organizations face coercive pressure to achieve Section 404 compliance, without which punitive sanctions can be imposed by regulators. Organizations tend to imitate one another in the methods they use so that each is perceived to be in line with their competitive environment. Organizations face normative pressures to act in ways that are socially acceptable, which is to achieve compliance. Failure to do so would be a signal to the market that the organization does not take controls seriously. We expand these findings in terms of power and influence tactics that IS organizations can use when implementing Section 404. Our findings provide directions for practice and lines of enquiry for further research.
منابع مشابه
Diffusing Management Information for Legal Compliance: The Role of the IS Organization Within the Sarbanes-Oxley Act
Information systems are vital to successful compliance with Section 404 of the Sarbanes Oxley Act. However, there is little published academic literature which reports systematic studies that explain how IS organizations implement 404. Institutional theory was adopted as the lens through which to examine the experiences of 404 implementation in three global organizations. The methodology for th...
متن کاملSarbanes - Oxley and Enterprise Security: IT Governance - What It Takes to Get the Job Done
everal sections of the Sarbanes– Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commi...
متن کاملThe Impact of Information Technology Internal Controls on Firm Performance
Since the introduction of the Sarbanes-Oxley (SOX) Act in 2002, companies have begun to place more emphasis on information technology (IT) internal controls. IT internal controls are policies that provide assurance that technical systems operate as intended, provide reliable data, and comply with regulations. Research suggests that firms with strong internal controls perform better than those w...
متن کاملEconomic Consequences of the Sarbanes–oxley Act on E-commerce Firms
Regulators and practitioners are concerned about whether SOX Sections 302 and 404 IT-related implementation costs affect the market value of firms in the IT industry. Prior studies indicate that network advantages are the key feature of information-based industries and that E-commerce firms are a major segment of that industry. SOX Section 404 was expected to have significant impact on firms wi...
متن کاملThe Sarbanes-Oxley Act and Corporate Investment: A Structural Assessment∗
We assess the impact of the Sarbanes-Oxley Act of 2002 on corporate investment in an investment Euler equation framework, where a dummy for the passage of the Act is allowed to affect the rate at which managers discount future investment payoffs. Using generalized method of moments estimators, we find that the rate U.S. firm managers apply to discount investment projects rises significantly aft...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CAIS
دوره 18 شماره
صفحات -
تاریخ انتشار 2006