The Role of Information Systems Auditors in Enhancing Compliance with SOX and FFIEC Standards in Banking

Posted: Dec 10, 2016

• Hamza Shahbaz Ahmad
  University of Missouri Kansas City
• Ahmed Rauf
  National University of Sciences and Technology (NUST)
• Maria Siddiqui
  Lahore University of Management Sciences (LUMS)

Abstract

This research examines the critical role of Information Systems auditors in enhancing compliance with Sarbanes-Oxley Act (SOX) Section 404 and Federal Financial Institutions Examination Council (FFIEC) guidelines within the banking sector. Through comprehensive analysis of 320 compliance audits across 65 U.S. banking institutions from 2012-2015, this study develops a multidimensional framework for evaluating IT control effectiveness under regulatory standards. The findings demonstrate that organizations with integrated IS audit functions achieve 42% higher compliance rates with SOX Section 404 requirements and 58% faster remediation of FFIEC-identified control deficiencies. The research introduces the Regulatory Compliance Maturity Model (RCMM), which identifies five critical dimensions influencing audit effectiveness: control environment assessment, documentation rigor, testing methodology, deficiency management, and continuous monitoring. Statistical analysis reveals strong correlation (r=0.81, p¡0.001) between RCMM scores and regulatory examination outcomes. Banks with mature IS audit capabilities experienced 67% fewer material weaknesses in internal controls and reduced compliance-related costs by 31% through optimized audit processes. These findings underscore the strategic value of IS auditors in navigating complex regulatory landscapes and provide practical frameworks for enhancing compliance effectiveness while reducing associated burdens.