Transcript Regulatory Compliance in Information Systems Research
Regulatory Compliance in Information Systems Research Literature Analysis and Research Agenda
Anne Cleven
Research Assistant Chair of Prof. Dr. Robert Winter Institute of Information Management University of St. Gallen Müller-Friedberg-Strasse 8, CH-9000 St. Gallen Tel: +41 71 224 2192 Fax: +41 71 224 2189 [email protected]
www.iwi.unisg.ch
Agenda
1 Motivation 2 Business Engineering 3 Literature Analysis – Source Selection 4 Literature Analysis – Systemization 5 Conclusion & Future Research Agenda © Apr-20, IWI-HSG Slide 2
Compliance affects…
“[], a June 2006 AIIM survey co-sponsored by Xerox Global Services revealed that
63 percent
of the 741 companies polled had not analyzed the risk they face from mismanaging electronic information.
Forty-three percent
said their firm did not have a clear approach for meeting compliance requirements. Worse,
only 34 percent said that their organizations have widespread understanding of what electronic records are and how they should be retained
.“ Swartz (2007) © Apr-20, IWI-HSG Slide 3
… and …
94% Panko (2006) © Apr-20, IWI-HSG Slide 4
… and …
“While much has been written about how SOX affects corporate CEOs and their external auditors, little attention has focused on its potential effect on corporate IT departments. Consequently, the full implications of SOX for IT are not well understood. One survey [11] reported “
an astounding 93% of chief information officers and other senior IT executives were unaware of their information technology control assessment responsibilities under SOX.
” This confusion has led to uncertainty and inconsistency regarding the use of IT outsourcing to address SOX challenges. A survey [9] of 261 corporate decision makers by the consulting firm Meta Group found that
25%
had no way of determining the appropriate IT sourcing response to SOX;
21%
response to SOX; and
19%
intended to outsource more in intended to outsource less.” Hall, Liedtka, e.a. (2007) © Apr-20, IWI-HSG Slide 5
Agenda
1 Motivation 2 Business Engineering 3 Literature Analysis – Source Selection 4 Literature Analysis – Systemization 5 Conclusion & Future Research Agenda © Apr-20, IWI-HSG Slide 6
Business Engineering
company culture, leadership style, behavior patterns, incentive/sanctioning systems, communication practices organizational goals, success factors, products/services, targeted marked segments, core competencies, strategic projects organizationsl units, business roles, business functions, business processes, metrics, service flows, business information objects enterprise services, applications, domains software components, data resources, hardware, network architecture Terminologies, theories, generic methods, reference models, exemplary successful practices
© Apr-20, IWI-HSG Slide 7
Agenda
1 Motivation 2 Business Engineering 3 Literature Analysis – Source Selection 4 Literature Analysis – Systemization 5 Conclusion & Future Research Agenda © Apr-20, IWI-HSG Slide 8
Literature Analysis – Source Selection
Based on capacious catalog of IS outlets provided by the London School of Economics (LSE) – IS outlets focused on the social study of ICT – Outlets focused on mainstream IS and management research – Practitioner journals – Conferences Search period: 2002 – today Search strategy – Contributions on regulatory and/or legal compliance a) Keyword search using the search term ‘compliance’ b) Abstract evaluation 26 relevant articles © Apr-20, IWI-HSG Slide 9
Literature Search Results 1/2
© Apr-20, IWI-HSG Slide 10
Literature Search Results 2/2
© Apr-20, IWI-HSG Slide 11
Agenda
1 Motivation 2 Business Engineering 3 Literature Analysis – Source Selection 4 Literature Analysis – Systemization 5 Conclusion & Future Research Agenda © Apr-20, IWI-HSG Slide 12
Literature Analysis – Systemization
- 2 overviews on leading legal issues that affect IT and IT professionals - 1 analysis of different impacts of regulations on IT - 5x institutional and 1x neo institutional theory as a theoretical lens through which authours investigate experiences made by companies with the implementation of regulations & deduction of respective guidelines
-
IT auditing as a strategic approach to compliance
-
SOX and strategic IT
-
outsourcing correlation between SOX and strategic success - model-based proof of compliance, compliance verification knowledge management, method for rule extraction, compliant SD process, data mining in Basel II context - Regulation, risk and control frameworks and financial reporting, review on corporate governance frameworks, validation of ISO 17799 standard, method to develop an enterprise IT-governance
© Apr-20, IWI-HSG Slide 13
Agenda
1 Motivation 2 Business Engineering 3 Literature Analysis – Source Selection 4 Literature Analysis – Systemization 5 Conclusion & Future Research Agenda © Apr-20, IWI-HSG Slide 14
Conclusion & Future Research Agenda 1/2
e.g. methods and approaches for the identification of relevant regulations, deduction of a corporate culture that is in line with compliance objectives, operationalization of strategic compliance objectives,… e.g. compliance-related business roles, authorization concepts, control metrics for compliance, standardized transaction control processes,… e.g. common terminology, industry specific reference models for corporate and IT governance , …
© Apr-20, IWI-HSG Slide 15
Conclusion & Future Research Agenda 2/2
Implications of regulatory compliance on the conduct of daily business have intensely been investigated IS discipline is however still somehow limping behind with the development of suitable concepts and solutions Holistic frameworks supporting the aligned implementation of compliance throughout each of the business engineering layers are missing © Apr-20, IWI-HSG Slide 16
Thank you for your attention!
Anne Cleven
[email protected]
www.iwi.unisg.ch
+41 71 224 2192
© Apr-20, IWI-HSG Slide 17