Nothing Special   »   [go: up one dir, main page]
  EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The Information Content of Sarbanes-Oxley in Predicting Security Breaches

James Westland

Papers from arXiv.org

Abstract: We investigated publicly reported security breaches of internal controls in corporate systems to determine whether SOX assessments are information bearing with respect to breaches which can lead to materially significant losses and misstatements. SOX Section 404 adverse decisions on effectiveness of controls occurred in 100% of credit card data breaches and around 33% of insider breaches. SOX 404 audits provided a contrarian "effective" control decisions on 88% of situations where there was a control breach concerning a portable device. We found that management and SOX 404 auditors do not general agree on the underlying internal control situation at any time; instead the SOX 404 team was likely to discover material weaknesses and "educate" management and internal audit teams about the importance of these control weaknesses. SOX attestations were poor at identifying control weaknesses from unintended disclosures, physical losses, hacking and malware. Hazard and occupancy models showed that both SOX 302 and 404 section audits provided information on the frequency of breaches, with SOX 404 being three times as informative as section 302 reports. The hazard model found an expected 2.88% reduction in breaches when SOX 302 controls are effective; management "material weakness' attestations provided no information in this structural model, whereas there would be around a 1% increase in breach occurrence when there are significant deficiencies. SOX 404 attestations were the most informative, and a negative SOX 404 attestation is projected to increase the frequency of breaches by around 8.5%.

Date: 2018-02
New Economics Papers: this item is included in nep-acc
References: Add references at CitEc
Citations:

Downloads: (external link)
http://arxiv.org/pdf/1802.10001 Latest version (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:arx:papers:1802.10001

Access Statistics for this paper

More papers in Papers from arXiv.org
Bibliographic data for series maintained by arXiv administrators ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2024-12-28
Handle: RePEc:arx:papers:1802.10001