|dc.description.abstract||With the innovation of information technology (IT), various kinds of information systems have been applied to the enterprise. Taking advantage of the network, there are lots of commercial activities going through the Internet as well. A significant portion of enterprise operations are relying on the information technology, making the IT-related company governance an important issue that businesses have to deal with.
As a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom, the Sarbanes-Oxley Act of 2002 (SOX) is a United States federal law enacted on July 30, 2002 to rebuild public confidence, strength the visibility and reliability of finance statements. In Section 404, the Act requires management to build and maintain an adequate level of internal control over financial reporting. It also has significant impact on the IT governance.
This research is an exploratory research to provide an overview of the procedure that the case company implemented SOX. The study also reviewed the frameworks related to IT governance, including COSO, COBIT as well as Sections 302 and 404 of SOX. The result of study shows that the case company experienced problems in different aspects including system, manpower and technical knowledge. After many years of auditing and remediation, the company has made great improvement to SOX compliance and IT governance. The research finally provides the implementation framework and suggestions from the case study.