Sarbanes-Oxley Links IT to Corporate Compliance

In the wake of financial frauds and related audit issues, the US Congress passed the Sarbanes-Oxley (SARBOX) Act of 2002. Key to becoming SARBOX compliant are information systems (IS) that satisfy the mandates regarding internal controls, corporate governance, and fraud detection. These legal developments focusing senior management's attention on (1) internal controls are present and functioning i and (2) the adequacy of the internal audit (IA) and information technology (IT) departments to help management satisfy its SARBOX requirements This tutorial identifies the requirements ("sections") of SARBOX that affect IS , including auditing, security, business intelligence, customer relationship management, supply chain management, and electronic records (e-records) management. By explaining the three major compliance and corporate governance mandates, this article suggests important research areas, which include IS assurance methods for evaluating and documenting internal controls for reporting purposes, IT infrastructure and data warehousing, and best practices in auditing for evidence of fraud.