National Chung Cheng University
After the enactment of the Sarbanes-OXley Act (SOX), the importance of related issues, such as internal controls and information security, has greatly increased. In the first stage of this research, the grounded theory methodology is adopted to explore the necessary internal controls in Information Technology (IT) systems. The control criteria are mapped out in the Criteria for Establishment of Internal Control framework. In the second stage, a case study will conduct to verify the feasibility of the first established framework. This paper eventually offers a 12- dimensional preliminary framework with a total of 37 control items to provide auditors with the capacity to perform effective audits by inspecting the essential internal control points in Enterprise Resource Planning (ERP) systems.