SOX 404-compliant ERP System Internal Control Framework - The Preliminary Outcome

After the enactment of the Sarbanes-Oxley Act (SOX), the importance of related issues, such as internal controls and information security, has greatly increased. In the first stage of this research, the grounded theory methodology is adopted to explore the necessary internal controls in Information Technology (IT) systems. The control criteria are mapped out in the Criteria for Establishment of Internal Control framework. In the second stage, a case study will conduct to verify the feasibility of the first established framework. This paper eventually offers a 12dimensional preliminary framework with a total of 37 control items to provide auditors with the capacity to perform effective audits by inspecting the essential internal control points in Enterprise Resource Planning (ERP) systems. Furthermore, it suggests that companies refer to this framework and consider the limitations of their own IT management in order to establish a robust IT management mechanism.