Sarbanes Oxley and Changes in Internal Controls: Experiences from Dan- ish Companies in a Structuration Perspective

The Sarbanes-Oxley Act of 2002 has had significant impact on internal control systems in the companies that are required to comply with the act. Companies from other countries than the US can be required to comply with SOX if they are e.g. owned by a US parent company that is registered on a US stock exchange. Around 300 Danish companies are currently owned by US corporations and thus required to comply with SOX. This paper looks at the experiences of 4 Danish companies in implementing an internal control system that complies with SOX requirements. Giddens’ structuration theory is used to interpret the findings. The main conclusions are that SOX compliance has led to significant changes in the internal control systems of these companies by standardizing the control system and promoting one type of control system that legitimatize end enforces certain control practices. The study also indicates that a SOX compliant internal control system can be at odds with Danish control culture leading to implementation resistance. Furthermore, SOX is seen as a management tool as much as a compliance standard increasing management control and power. Finally, internal control is viewed as a “necessary evil” that has to be made as unobtrusive as possible, embedding it in information systems and organisational routines.