Ramifications of the Sarbanes Oxley (SOX) Act on IT governance

In most firms, accounting and financial information and reporting systems are either incorporated or embedded in computer-based information systems (IS). Despite the important roles that these computer-based IS play in facilitating the SOX Act compliance initiatives, the act is silent on the roles of the CIOs, although it does stipulate specific functions for the CEOs, CFOs, and the auditors. Based on a detailed analysis of the extant literature, this article argues that IT units, under the leadership of the CIOs, contribute significantly in the procurement, design, implementation, and the governance of these computer-based IS. The paper aims to discuss these issues.

The researchers generate and empirically test hypotheses using a panel data set obtained from press releases issued by firms following the hiring of CIOs between 1999 and 2005.

The results reveal that, after the enactment of the SOX Act in 2002, many firms hired new CIOs in the post-SOX Act period. Also, many of these executives were hired to fill newly created Chief information officer (CIO) positions. The results support the argument that the SOX Act has influenced the roles of senior IT executives and IT governance.

Although this study focused on hiring trends, there are other characteristics associated with CIOs that might have an impact on corporate IT governance. Future studies could investigate whether or not, for instance, firms reported fewer IT material weaknesses before or after the hire of the CIOs.

This research presents the argument and detailed discussion that while the SOX Act does not explicitly require the CIOs to sign off on the accounting/financial statements and reports, their role is fundamental in making the firm meet the SOX Act compliance standards.