The Role of Information Systems Auditors in Enhancing Compliance with SOX and FFIEC Standards in Banking
Keywords:
Information Systems Auditing, SOX Compliance, FFIEC Guidelines, Regulatory Compliance, Internal ControlsAbstract
This research examines the critical role of Information Systems auditors in
enhancing compliance with Sarbanes-Oxley Act (SOX) Section 404 and Federal
Financial Institutions Examination Council (FFIEC) guidelines within the banking sector. Through comprehensive analysis of 320 compliance audits across 65
U.S. banking institutions from 2012-2015, this study develops a multidimensional
framework for evaluating IT control effectiveness under regulatory standards. The
findings demonstrate that organizations with integrated IS audit functions achieve
42% higher compliance rates with SOX Section 404 requirements and 58% faster
remediation of FFIEC-identified control deficiencies. The research introduces the
Regulatory Compliance Maturity Model (RCMM), which identifies five critical dimensions influencing audit effectiveness: control environment assessment, documentation rigor, testing methodology, deficiency management, and continuous monitoring. Statistical analysis reveals strong correlation (r=0.81, p¡0.001) between RCMM
scores and regulatory examination outcomes. Banks with mature IS audit capabilities experienced 67% fewer material weaknesses in internal controls and reduced
compliance-related costs by 31% through optimized audit processes. These findings underscore the strategic value of IS auditors in navigating complex regulatory
landscapes and provide practical frameworks for enhancing compliance effectiveness
while reducing associated burdens.
