The Compliance of IT Control and Governance: A Case of Macao Gaming Industry

The Compliance of IT Control and Governance: A Case of Macao Gaming Industry

Colin Lai (Macao Polytechnic Institute, Macao), Hung-Lian Tang (Eastern Michigan University, Ypsilanti, MI, USA), J. Michael Tarn (Department of Business Information Systems, Western Michigan University, Kalamazoo, MI, USA) and Sock Chung (Eastern Michigan University, Ypsilanti, MI, USA)
Copyright: © 2016 |Pages: 17
DOI: 10.4018/IJISP.2016010102
OnDemand PDF Download:
No Current Special Offers


This study used a multiple-case study methodology in exploring the status of IT control in the casino gaming industry. The observations of this research should very much represent the overall status of the concerned issues regarding the casino gaming industry of Macao. Having attained a more complete level of IT control not only helps the company in satisfying the concerned regulatory compliance requirements, but also makes IT works more effectively for the companies in helping them to gain the competitive advantage in the fierce competitive environment in the gaming industry. The findings of this research can help the gaming companies to identify the potential enhancement areas of IT control. This study has captured the IT control status of the gaming industry at an initial stage of development in Macao. Further, the results can serve as a solid foundation for future research on the casino gaming industry and extending similar research to be conducted on other industries and government agencies, which are promoting the awareness of the importance of IT control.
Article Preview


Corporate accountability and information reliability is an essential part of compliance requirements for business stakeholders. To protect the stakeholders from financial frauds such as Anderson, Enron and WorldCom (Hall and Liedtka, 2007), legislation was passed by the United States (US) congress for governing companies’ information reliability and corporate accountability. The Sarbanes-Oxley Act of 2002 (hereinafter referred to as SOX) was one such example of setting new standards for corporate control and governance for reducing the chances of further corporate scandals (Damianides 2005). Due to the US economic power and great influence on the world economy, the impact of SOX has been affecting major companies across the globe (Barta and Walker 2008). Corporations SOX not only has immense impact on corporate internal control requirement over financial reporting, but also signifies a need for perfecting IT control and overall IT governance of companies (Hall and Liedtka 2007; Haworth and Pietron 2006; Damianides 2005).

IT control in this study is defined as a procedure or policy that provides a reasonable assurance that the IT used by an organization operates as intended in compliance with applicable laws and regulations. IT control objectives can include the confidentiality, integrity, and availability of data and the overall management of the IT function of the business organization ( IT control processes created by management for IT implementations are aligned with an organization’s strategies and objectives (Li, Lim and Wang, 2007). Control Objectives for Information and related Technology (COBIT), a framework providing a set of best practices for IT management, has gained wide acceptance for IT governance and IT control (Tuttle and Vandervelde 2007; Guldentops 2002). COBIT has evolved from an audit framework in 1996 to a governance and management of enterprise IT framework in 2012, which addresses policies as fundamental factors for influencing proper governance and management over IT (Carrillo 2013). Another framework is the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). With cross references of control components and objectives of the COSO and COBIT frameworks, the IT Governance Institute developed a common set of control considerations that can be used by companies to determine whether their entity-level IT control objectives have met the SOX regulatory compliance requirement (ISACA 2013; Chan 2004).

In 2012, six gaming concessionaries were authorized to operate in Macao (DSEC 2012). Sociedade de Jogos de Macau, and Galaxy Entertainment Group are local-based companies with origin in Macao or publicly listed in the Hong Kong stock market. Wynn Macau and Sands China are US-based companies with origin in the United States and publicly listed in the US stock market. Melco Crown Entertainment Limited, and MGM China are joint venture companies with more than one parent companies and are comprised of local and foreign corporations publicly listed in overseas stock market. Both US-based and joint venture companies are publicly listed in the US, so they have to comply with SOX.

The purpose of this research was to gain better understanding of the Macao gaming industry from an IT perspective. Specifically, the research focused on the level of IT control, as IT governance has become an important element of modern corporate governance. The two research questions were:

  • 1.

    What is the status of IT control of the gaming industry in Macao?

  • 2.

    Are there differences in the level of IT control among these gaming companies?

Complete Article List

Search this Journal:
Open Access Articles
Volume 15: 4 Issues (2021): 2 Released, 2 Forthcoming
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing