ABSTRACT: The Sarbanes-Oxley Act of 2002 (SOX) created a resurgence of organizational focus on internal controls. In this study, we examine the extent to which the information technology (IT) controls suggested by the ISO 17799 security framework have been integrated into organizations’ internal control environments. We collected survey data from 636 members of the Institute of Internal Auditors (IIA) on the current usage of IT controls in their organizations. In addition to identifying the most and least commonly implemented IT controls, the survey results indicate that control implementation differences exist based on a company’s status as public or private, the size of the company, and the industry in which the company operates. Training of internal auditors and/or IT personnel is also associated with significant differences in implemented controls. We discuss the implications of our research and offer suggestions for future research.
Skip Nav Destination
Article navigation
Spring 2011
Research Article|
March 01 2011
Information Security and Sarbanes-Oxley Compliance: An Exploratory Study
Linda Wallace;
Linda Wallace
Virginia Polytechnic Institute and State University
Search for other works by this author on:
Meghann Abell Cefaratti
Meghann Abell Cefaratti
Northern Illinois University
Search for other works by this author on:
Online ISSN: 1558-7959
Print ISSN: 0888-7985
American Accounting Association
2011
Journal of Information Systems (2011) 25 (1): 185–211.
Citation
Linda Wallace, Hui Lin, Meghann Abell Cefaratti; Information Security and Sarbanes-Oxley Compliance: An Exploratory Study. Journal of Information Systems 1 March 2011; 25 (1): 185–211. https://doi.org/10.2308/jis.2011.25.1.185
Download citation file:
Pay-Per-View Access
$25.00