Brunel University Research Archive (BURA) >
Schools >
Brunel Business School >
Brunel Business School Research Papers >

Please use this identifier to cite or link to this item: http://bura.brunel.ac.uk/handle/2438/3893

Title: Implementing section 404 of the sarbanes oxley act: Recommendations for information systems organizations
Authors: Braganza, A
Desouza, KC
Keywords: Implementation
IS strategy
Sarbanes Oxley
Information systems
Institutional theory
Publication Date: 2006
Publisher: The Berkeley Electronic Press
Citation: Communications of the Association for Information Systems. 18 (22)
Abstract: Section 404 of the Sarbanes Oxley (SOX) Act addresses the effectiveness of internal controls, which in most organizations are either fully or partially automated due to the pervasiveness and ubiquity of information technologies. Significant or material control deficiencies have to be reported publicly. The adverse impact on organizations declaring deficiencies can be severe, for example, damage to reputation and/or market value. While there are many practitioner-led manuals and methods for dealing with 404, there has been little published in the academic research literature investigating the role of Information Systems organizations in implementing Section 404. The paper addresses this gap in knowledge. We used institutional theory as the lens through which to examine the experiences of Section 404 implementation in three global organizations. We used the case study method and an abductive strategy to gather and analyze data respectively. Our findings are summarized in six recommendations. We found that institutional pressures play a critical role in the implementation of Section 404. In particular, organizations face coercive pressure to achieve Section 404 compliance, without which punitive sanctions can be imposed by regulators. Organizations tend to imitate one another in the methods they use so that each is perceived to be in line with their competitive environment. Organizations face normative pressures to act in ways that are socially acceptable, which is to achieve compliance. Failure to do so would be a signal to the market that the organization does not take controls seriously. We expand these findings in terms of power and influence tactics that IS organizations can use when implementing Section 404. Our findings provide directions for practice and lines of enquiry for further research.
URI: http://bura.brunel.ac.uk/handle/2438/3893
Appears in Collections:Business and Management
Brunel Business School Research Papers

Files in This Item:

File Description SizeFormat
viewcontent.cgi.pdf194.25 kBAdobe PDFView/Open

Items in BURA are protected by copyright, with all rights reserved, unless otherwise indicated.

 


Library (c) Brunel University.    Powered By: DSpace
Send us your
Feedback. Last Updated: September 14, 2010.
Managed by:
Hassan Bhuiyan