Analysis of the impact of adequacy on operational information technology processes to the requirements of the Sarbanes-Oxley act in a financial company




Sarbanes-Oxley Act; SOX; Corporate governance; Information technology governance; Financial branch.


In the nineties, some US publicly traded companies defrauded their financial results, generating an image of unreal stability. This situation affected the degree of investor confidence, creating the Sarbanes-Oxley Act (SOX), which forced companies to adapt their processes, including those of Information Technology (IT) to the rules of that law. The objective of this work was to analyze the impact caused to the IT operational processes with their adaptation to the requirements of the SOX in a company in the financial sector. This objective was sought by analyzing the information obtained, comparing the situations of various IT operational processes in the Pre and Post SOX periods. Descriptive and exploratory research methodology was adopted. Along with the bibliographic survey, real data reported by professionals who participated in the activities covered in the work were collected through the application of unstructured interviews. The bibliographic survey showed that, although important, there are few works that present the impact and the adequacy of the SOX to their IT operational processes. Most of them are related to process management, which reveals the importance of this work. The results showed the need to implement SOX control processes, such as the creation of a control table to monitor the processing, also showed that there were increases in the processing times of the batch routines and processing of the online applications due to the increase in information generated and stored. It was concluded that there was an impact on the operational processes with their adaptation to the requirements of SOX.

Author Biography

Renato José Sassi, Universidade Nove de Julho

Programa de Mestrado e Doutorado em Informática e Gestão do Conhecimento


Arrivabene, A., Sassi, R. J., & Romero, M. (2011). Corporate sustainability with security to investors: Analyses of Business Intelligence governance following the requirements of Sarbanes-Oxley Law. Proceedings of the 3rd International Conference On Communication Software And Networks (ICCSN), pp. 224- 228. DOI: 10.1109/ICCSN.2011.6013580.

Andrade, A., & Rossetti, J. P. (2004). Governança Corporativa: fundamentos, desenvolvimento e tendências. São Paulo: Atlas.

Agrawal, R., Johnson, C., Kiernan, J., & Leymann, F. (2006). Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology. Proceedings of the 22nd International Conference On Data Engineering (ICDE '06), pp. 92. DOI: 10.1109/ICDE.2006.155.

Badele, C. S., & Fundeanu, D. (2014). Policy's Beneficiaries of Corporate Governance and Diversification Strategy. Procedia - Social and Behavioral Sciences, 124(20), pp. 468-477. DOI: 10.1016/j.sbspro.2014.02.509.

Bequai, A. (2003). Safeguards for IT Managers and Staff under the Sarbanes Oxley Act. Computers & Security, 22(2), pp. 124-127.

Borgerth, V. M. C. (2007). SOX: Entendendo a Lei Sarbanes-Oxley. (1. ed.) Rio de Janeiro: Thomson.

Broni, G., & Velentzas, J. (2012). Corporate Governance, Control and Individualism as a Definition of Business Success. The Idea of a “Post - Heroic” Leadership. Procedia Economics and Finance, 1, pp. 61-70. DOI: 10.1016/S2212-5671(12)00009-3.

Chan, S. (2004). Sarbanes Oxley: The IT Dimension. The Internal Auditor, 61(1), pp. 31- 33.

Crespí-Cladera, R., & Pascual-Fuster, B. (2014). Does the independence of independent directors matter? Journal of Corporate Finance, 28, pp. 116-134.

Claessens, S., & Yurtoglu, B. B. (2013). Corporate governance in emerging markets: A survey. Emerging Markets Review, 15, pp. 1-33.

Defond, M. L., & Francis, J. R. (2005). Audit research after Sarbanes-Oxley. Auditing: A Journal of Practice & Theory, 24, pp. 5-30.

Gelatti, C. B., Meneghetti, D., & Silva, T. M. (2010). Análise da adequação das empresas brasileiras à Lei Sarbanes-Oxley. Revista Brasileira de Contabilidade, 186, pp. 69-84.

Gil, A. C. (2002). Como elaborar projetos de pesquisa. (1. ed.) São Paulo: Atlas.

Hinde, S. (2004). Crime and punishment: corporate governance. Computer Fraud & Security, 6, pp. 4-7.

IBGC. (2020). Instituto Brasileiro de Governança Corporativa. O que é governança corporativa. Conhecimento. Recuperado. Disponível em:

ISO/IEC JTC 1/SC 40 (2015). Information technology — Governance of IT for the organization. Technical Report #ISO/IEC 38500:2015.

Jain, S., Jain, P., & Rezaee, Z. (2010). Stock market reactions to regulatory investigations: Evidence from options backdating. Research in Accounting Regulation, 22(1), pp. 52-57.

Juiz C.; Palacios R. C. (2020). IEEE/ACM Extending Software Development Governance to meet IT Governance. Seoul, Republic of Korea, 2020.05.23.

Juiz, C. and Toomey, M. (2015). To Govern IT, or Not to Govern IT? Commun. ACM. 58, 2 (Jan. 2015), 58–64. doi:

Kaarst-Brown, M. L., & Kelly, S. (2005). IT Governance and Sarbanes Oxley: The Latest Sales Pitch or Real Challenges for the IT Function? Proceedings of the Ieee 38th Hawaii International Conference On System Sciences, pp. 236-246. DOI: 10.1109/HICSS.2005.361.

Karpoff, J. M. (2019). The future of financial fraud. Journal of Corporate Finance, in press.

Kim, E. H., & Lu, Y. (2013). Corporate governance reforms around the world and cross-border acquisitions. Journal of Corporate Finance, 22, pp. 236-253.

Labadessa, E.; Rosini, A. M.; Palmisano, A.; Conceição, M. M. Good hospital governance: planned adjustments for results in improving public care for patients. Research, Society and Development, [S. l.], v. 9, n. 2, p. e06921587, 2020. DOI: 10.33448/rsd-v9i2.1587. Disponível em: Acesso em: 25 dec. 2020.

Leveson N. (2011). Engineering a safer world: Systems thinking applied to safety. MITpress.

Li, W., Chen, C. C., & French, J. J. (2012). The relationship between liquidity, corporate governance, and firm valuation: Evidence from Russia. Emerging Markets Review, 13(4), pp. 465-477.

Lo, D. (2012). OHS Stewardship - Integration of OHS in Corporate Governance. Procedia Engineering, 45, pp. 174-179.

Lunardi, G. L., Becker, J. L., & Maçada, A. C. G. (2012). Um estudo empírico do impacto da governança de TI no desempenho organizacional. Produção, 22(3), pp. 612-624.

Luo, Y. (2005). How does globalization affect corporate governance and accountability? A perspective from MNEs. Journal of International Management, 11(1), pp. 19-41,

Lynch A. H.; Veland S. (2018). Urgency in the Anthropocene. MITPress.

Menezes, A. M. (2018). A Influência da Lei Sarbanes-Oxley (SOX) nas Normas e Regras Nacionais da Governança Corporativa no Setor de Telecomunicações do Brasil. 2018. 128. Dissertação – Universidade Federal do Paraná, Curitiba, 2018.

Paré, G., Guillemette, M.G. and Raymond, L. (2019). IT centrality, IT management model, and contribution of the IT function to organizational performance: A study in Canadian hospitals. Information & Management. (Aug. 2019), 103198. DOI:

Parkinson, J., & Bloom S. (2003). Surviving Sarbanes Oxley. Optimize, 73, pp. 31-42.

Posthumusa, S., & Solms, R. Von. (2005). IT oversight: an important function of corporate governance. Computer Fraud & Security, 2005(6), pp. 11-17.

Purcinelli, L. M.; Abreu, R.; Roux, A. M. (2019). Automation Through an ERP System of the Accounting and Internal Control Procedures According with SOX Law. Coimbra, Portugal: IEEE 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), 2019.07.15, DOI: 10.23919/CISTI.2019.8760666.

Rezaee, Z. (2004). Corporate Governance Role in Financial Reporting. Research in Accounting Regulation, 17, pp. 107-149,

Schmitt, A., Raisch, S., & Volberda, H. W. (2016). Strategic renewal: Past research, theoretical tensions and future challenges. International Journal of Management Reviews, 00, 1–18.

Soh D. S. B.; Martinov N. B. (2011). The internal audit function: Perceptions of internal audit roles, effectiveness and evaluation. Managerial Auditing Journal 26,7(2011),605–622.

Solms, B. Von. (2006). Information Security – The Fourth Wave. Computers & Security, 25(3), pp. 165-168. DOI: 10.1016/j.cose.2006.03.004.

Souza, L. O. de; Pedreiro, I. L. D.; Barbosa, A. L. M. A.; Castro, W. A. de. (2019). The influence of Corporate Governance on the profitability of Financial Institutions. Research, Society and Development, [S. l.], v. 8, n. 8, p. e09881179, 2019. DOI: 10.33448/rsd-v8i8.1179. Disponível em: Acesso em: 25 dec. 2020.

Swartz, N. (2003). The Cost of Sarbanes Oxley. Information Management Journal, 37, pp.8 - 26.

Sievinen, H. M., Ik¨aheimonen, T., & Pihkala, T. (2020). Strategic renewal in a later- generation family-owned company. Long Range Planning, 53(2), 1–19.

Tan, Z. (2014). The construction of calculative expertise: The integration of corporate governance into investment analyses by sell-side financial analysts. Accounting, Organizations and Society, 39(5), pp. 362-384,

Tariq, Y. B., & Abbas, Z. (2013). Compliance and multidimensional firm performance: Evaluating the efficacy of rule-based code of corporate governance. Economic Modelling, 35, pp. 565-575,

Tham D. K.; Madni M. A. (2014). IEEE SOX compliance with OEE, enterprise modeling and temporal-ABC. Waikoloa, HI, USA, 2014.10.27. DOI: 10.1109/WAC.2014.6935737.

Todeva, E. (2005). Governance, control and coordination in network context: the cases of Japanese Keiretsu and Sogo Shosha. Journal of International Management, 11(1), pp. 87-109.

Turel, O., Liu, P. and Bart, C. (2019). Board-Level IT Governance. IT Professional. 21, 2 (Mar. 2019), 58–65. DOI:

Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harward Business School Press.

Windsor, D. (2009). Tightening corporate governance. Journal of International Management, 15(3), pp. 306-316.

Wintoki, M. B. (2007). Corporate boards and regulation: The effect of the Sarbanes–Oxley Act and the exchange listing requirements on firm value. Journal of Corporate Finance, 139(2-3), pp. 229-250.

Zalewska, A. (2014). Challenges of corporate governance: Twenty years after Cadbury, ten years after Sarbanes–Oxley. Journal of Empirical Finance, 27, pp. 1-9,



How to Cite

ARRIVABENE, A. .; SASSI, R. J.; ANDRELO, P. F. A. .; MOURA, M. L. A. de O. . Analysis of the impact of adequacy on operational information technology processes to the requirements of the Sarbanes-Oxley act in a financial company. Research, Society and Development, [S. l.], v. 10, n. 1, p. e7710111374, 2021. DOI: 10.33448/rsd-v10i1.11374. Disponível em: Acesso em: 2 feb. 2023.



Exact and Earth Sciences