“…Consequently, evaluation of controls for these critical information systems has received considerable attention by academia, the press, and governmental regulators, particularly in the wake of the Sarbanes-Oxley Act (see Brown et al, 2007 andDamianides, 2005). Under this recent scrutiny, constant monitoring of internal controls, defined by the Committee of Sponsoring Organizations (COSO) as policies and procedures intended to safeguard an organization's assets from fraud or error, ensures that the information being captured by these complex technology-driven systems is accurate (2008).…”