School of Accountancy
Section 404 of the Sarbanes-Oxley Act (SOX) requires auditors and managers to assess public companies internal control over financial reporting. Since some of the material weaknesses in internal control noted by auditors and management relate to IT issues, Section 404 reports offer a new opportunity to examine the types of IT-related control issues that public companies are struggling to address. This study presents a summary of the most commonly cited IT-related material weaknesses in internal control described in recent Section 404 internal control reports and describes the characteristics of companies with IT-related weaknesses. We also provide insights into companies remedial actions to correct their IT control weaknesses.
Review of Business Information Systems
Digital Object Identifier (DOI)