Presentation is loading. Please wait.

Presentation is loading. Please wait.

Regulatory Compliance in Information Systems Research

Published byMarilynn Perry Modified over 5 years ago

Similar presentations

Presentation on theme: "Regulatory Compliance in Information Systems Research"— Presentation transcript:

1 Regulatory Compliance in Information Systems Research
Literature Analysis and Research Agenda Anne Cleven Research Assistant Chair of Prof. Dr. Robert Winter Institute of Information Management University of St. Gallen Müller-Friedberg-Strasse 8, CH-9000 St. Gallen Tel: Fax:

2 1 2 3 4 5 Motivation Business Engineering
Literature Analysis – Source Selection 3 Literature Analysis – Systemization 4 Conclusion & Future Research Agenda 5

3 Corporate Information Management
Compliance affects… Swartz (2007) “[], a June 2006 AIIM survey co-sponsored by Xerox Global Services revealed that 63 percent of the 741 companies polled had not analyzed the risk they face from mismanaging electronic information. Forty-three percent said their firm did not have a clear approach for meeting compliance requirements. Worse, only 34 percent said that their organizations have widespread understanding of what electronic records are and how they should be retained.“ Corporate Information Management

4 … and … 94% Financial Reporting Panko (2006)

5 … and … “While much has been written about how SOX affects corporate CEOs and their external auditors, little attention has focused on its potential effect on corporate IT departments. Consequently, the full implications of SOX for IT are not well understood. One survey [11] reported “an astounding 93% of chief information officers and other senior IT executives were unaware of their information technology control assessment responsibilities under SOX.” This confusion has led to uncertainty and inconsistency regarding the use of IT outsourcing to address SOX challenges. A survey [9] of 261 corporate decision makers by the consulting firm Meta Group found that 25% had no way of determining the appropriate IT sourcing response to SOX; 21% intended to outsource more in response to SOX; and 19% intended to outsource less.” Hall, Liedtka, e.a. (2007) IT Outsourcing

6 1 2 3 4 5 Motivation Business Engineering
Literature Analysis – Source Selection 3 Literature Analysis – Systemization 4 Conclusion & Future Research Agenda 5

7 Business Engineering company culture, leadership style, behavior patterns, incentive/sanctioning systems, communication practices organizational goals, success factors, products/services, targeted marked segments, core competencies, strategic projects organizationsl units, business roles, business functions, business processes, metrics, service flows, business information objects enterprise services, applications, domains software components, data resources, hardware, network architecture Terminologies, theories, generic methods, reference models, exemplary successful practices

8 1 2 3 4 5 Motivation Business Engineering
Literature Analysis – Source Selection 3 Literature Analysis – Systemization 4 Conclusion & Future Research Agenda 5

9 Literature Analysis – Source Selection
Based on capacious catalog of IS outlets provided by the London School of Economics (LSE) IS outlets focused on the social study of ICT Outlets focused on mainstream IS and management research Practitioner journals Conferences Search period: 2002 – today Search strategy Contributions on regulatory and/or legal compliance Keyword search using the search term ‘compliance’ Abstract evaluation 26 relevant articles

10 Literature Search Results 1/2

11 Literature Search Results 2/2

12 1 2 3 4 5 Motivation Business Engineering
Literature Analysis – Source Selection 3 Literature Analysis – Systemization 4 Conclusion & Future Research Agenda 5

13 Literature Analysis – Systemization
- 2 overviews on leading legal issues that affect IT and IT professionals - 1 analysis of different impacts of regulations on IT - 5x institutional and 1x neo-institutional theory as a theoretical lens through which authours investigate experiences made by companies with the implementation of regulations & deduction of respective guidelines IT auditing as a strategic approach to compliance SOX and strategic IT outsourcing correlation between SOX and strategic success - Regulation, risk and control frameworks and financial reporting, review on corporate governance frameworks, validation of ISO standard, method to develop an enterprise IT-governance - model-based proof of compliance, compliance verification knowledge management, method for rule extraction, compliant SD process, data mining in Basel II context

14 1 2 3 4 5 Motivation Business Engineering
Literature Analysis – Source Selection 3 Literature Analysis – Systemization 4 Conclusion & Future Research Agenda 5

15 Conclusion & Future Research Agenda 1/2
e.g. methods and approaches for the identification of relevant regulations, deduction of a corporate culture that is in line with compliance objectives, operationalization of strategic compliance objectives,… e.g. compliance-related business roles, authorization concepts, control metrics for compliance, standardized transaction control processes,… e.g. common terminology, industry-specific reference models for corporate and IT governance, …

16 Conclusion & Future Research Agenda 2/2
Implications of regulatory compliance on the conduct of daily business have intensely been investigated IS discipline is however still somehow limping behind with the development of suitable concepts and solutions Holistic frameworks supporting the aligned implementation of compliance throughout each of the business engineering layers are missing

17 Thank you for your attention!
Anne Cleven

Download ppt "Regulatory Compliance in Information Systems Research"

Similar presentations

Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Business Architecture

Business Architecture
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Information System Assurance Practices in China Key players doing IS Assurance In China Regulatory Regime and Professional Organizations -Regulatory AuthoritiesRegulatory.

Information System Assurance Practices in China Key players doing IS Assurance In China Regulatory Regime and Professional Organizations -Regulatory AuthoritiesRegulatory.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
TEMPUS ME-TEMPUS-JPHES

TEMPUS ME-TEMPUS-JPHES
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Certified Business Process Professional (CBPP®) Exam Overview

Certified Business Process Professional (CBPP®) Exam Overview
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
‘ KNOWLEDGE MANAGEMENT ’ ACCORDING TO B USINESS S CIENCE Omwoyo Bosire Onyancha University of South Africa Department of Information Science.

‘ KNOWLEDGE MANAGEMENT ’ ACCORDING TO B USINESS S CIENCE Omwoyo Bosire Onyancha University of South Africa Department of Information Science.
Information Technology Audit

Information Technology Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
8 – 12 December 2008 Bruce Le Bransky MAFC / APEC / AFDC Shanghai Conference: Session 7.2: Challenges to Governance Structures.

8 – 12 December 2008 Bruce Le Bransky MAFC / APEC / AFDC Shanghai Conference: Session 7.2: Challenges to Governance Structures.
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.

Similar presentations

Ads by Google