Communications of the Association for Information Systems


The Sarbanes-Oxley Act introduces a new set of requirements into software development. Corporations need to assess their internal control effectiveness for business processes to show compliance with the act. This paper proposes a conceptual framework for integrating Sarbanes-Oxley compliance needs into software development by mapping the activities of an established framework for internal controls to the various workflows of the systems development process. Theoretical and practical contributions are discussed and future research directions are explored.