We present a pragmatic method for management of risks that arise due to spreadsheet use in large organizations. We combine peer-review, tool-assisted evaluation and other pre-existing approaches into a single organization-wide approach that reduces spreadsheet risk without overly restricting spreadsheet use. The method was developed in the course of several spreadsheet evaluation assignments fo...

The role of the board of directors in IT governance draws increasing attention from practitioners faced with evolving competitive pressures and Sarbanes-Oxley compliance requirements. However, research on the topic is in its very early stages. To further the continued development of this emerging research area, this review paper surveys the extant literature, formulates propositions for board i...

In this paper, we investigate whether firm performance is affected by corporate governance and the change of corporate governance after Sarbanes-Oxley Act (SOX hereafter). We find that firm performance, on average, is negatively associated with the corporate governance after the passage of SOX. However, the firm performance is not significantly associated with the change of corporate governance...

In the wake of financial frauds and related audit issues, the US Congress passed the Sarbanes-Oxley (SARBOX) Act of 2002. Key to becoming SARBOX compliant are information systems (IS) that satisfy the mandates regarding internal controls, corporate governance, and fraud detection. These legal developments focusing senior management's attention on (1) internal controls are present and functionin...