The Sarbanes-Oxley Act of 2002 (SOX) created a resurgence of organizational focus on internal controls. In this study, we examine the extent to which the information technology (IT) controls suggested by the ISO 17799 security framework have been integrated into organizations’ internal control environments. We collected survey data from 636 members of the Institute of Internal Auditors (IIA) on the current usage of IT controls in their organizations. In addition to identifying the most and least commonly implemented IT controls, the survey results indicate that control implementation differences exist based on a company’s status as public or private, the size of the company, and the industry in which the company operates. Training of internal auditors and/or IT personnel is also associated with significant differences in implemented controls. We discuss the implications of our research and offer suggestions for future research.
The purpose of this research is to investigate the relationship between internal control material weaknesses (ICMWs), as measured by presence, number, and type, and Foreign Corrupt Practices Act (FCPA) violations. Our results indicate that firms with ICMWs are more likely to violate the FCPA and firms with multiple ICMWs have a higher likelihood of violating the FCPA than firms with fewer ICMWs. Further, firms with ICMWs related to the risk assessment, control environment, and control activities components of internal controls (based on COSO internal control framework) present a higher risk of FCPA violations than firms without ICMWs in those areas. These findings substantiate the importance of effective internal controls in supporting firms' regulatory compliance.
The “gig” economy has exploded as more consumers purchase products and services from gig businesses and more workers pursue gig employment. This case uses a fictional gig company, HungryHound (HH), mirroring services provided by Grubhub, DoorDash, and UberEats, to expose students to the complexities of gig businesses and to areas requiring judgment in the revenue recognition standard. Specifically, students determine the appropriate revenue treatment among varying alternatives and apply the guidance in identifying the customer(s), determining principal and/or agent classifications, and reporting the financial statement effect for transactions. Completion of the case requires critical thinking in evaluating and applying ambiguous revenue guidance. Students also learn about current variation in accounting treatments among gig companies. The case is designed to give instructors flexibility, where case deliverables can be used together or as standalone assignments and can be deployed in an undergraduate or graduate intermediate accounting course or capstone course.
A data center migration (DCM) refers to the physical and/or logical relocation of IT services from one physical and/or virtual location to another. The demand for and occurrences of DCMs have increased in recent years. In this case study, we examine a DCM completed by a governmental organization with approximately 80,000 users. We identify key success factors and measure the importance of specific DCM activities. Analyzing both quantitative and qualitative data to derive factors that contribute to DCM success, the following overarching conclusion emerged: Key success factors in a data center migration include proper planning, consideration of procedures to minimize end-user impact including downtime, and effective communication among team members before and during the data center migration. DCMs have practical implications for regulatory compliance and enterprise risk management efforts. Opportunities for future research include employing structure-mapping theory to test the predictive value of DCM success factors in other system implementation and migration contexts such as cloud migrations.
Data Availability: A complete copy of the questionnaire is available upon request.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.