A study of compliance management in information systems research

Regulatory compliance has become a critical concern for many industries around the globe and investment to achieve compliance has increased drastically inline with that concern. While Information Systems (IS) are considered a part of the support architecture, anecdotal evidence suggests that organisations struggle with finding the right tools and guidance on approaches for compliance management. For this reason, we undertake a review of the current research on compliance management topics in the Information Systems domain, with the ultimate goal to carry out a gap-analysis between research-based solutions and the current needs of compliance management professionals. In this paper, we consider thirteen Information Systems journals and perform an exhaustive analysis of the type of compliance management research published at these venues in the last five years. The analysis found forty-five relevant articles, which were then further classified depending on the type of their contribution. The results of the analysis suggest that IS research in managing compliance has received increasing attention in the recent years. The study also suggests that research has predominantly focussed on exploratory studies, rather than proposition of solutions that can assist organizations in their compliance management regimens

Does Agency Size Affect IS Security Compliance for e-Government?

Security compliance has now become a major information systems management problem thanks to government regulations. Organizations are now developing methodologies and tools to assess compliance of Information Systems (IS) security. The research outlined in this paper is part of a longitudinal action research study which aims to help inform and improve security within Whole of Government (WoG). This paper examines the different effects of organisational size on IS security compliance within government organisations and how the adoption of security controls differed across small, medium and large government agencies. This paper identifies differences across government agencies rather than assuming that IS security compliance within e-government would be the same for different sized agencies. The approach utilised within this study may be extended to assess compliance with regulations in small, medium and large, multi-unit organizations in other sectors as well as government

Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations

The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become critical in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance

Exploring the Factors That Contribute Towards Information Security Policy Compliance Culture

There is over-reliance on information systems to run virtually all aspects of modern institutions. This has put more burden on information security managers to come up with more robust and efficient ways to enhance information security policy compliance. Therefore, despite existing efforts in the area of information security management, there remains a critical need for more research to be done. The existing research has also concentrated on hypothesis testing rather than a qualitative approach. So, there is an existential methodology gap that can give another alternative result that still needs to be covered. That is why we embarked on exploring the factors that influence information security compliance in organizations. The research was conducted in two universities with a diverse population. The research design was exploratory, encompassing qualitative in-depth case interviews with grounded theory as the analysis strategy. A total of 20 interviews were conducted and each analysis was done after every few batches of interviews in line with grounded theory principles. A theoretical model was generated and discussed. Implications for the research were also discussed and recommendations made. The study found individual factors, organizational factors, and external influence to be important factors in strategizing how to increase compliance with policies. The results also showed that practitioners need to factor in a combination of elements in their strategies in order to enhance compliance with information security policies. Keywords: Information Security Policy Compliance Culture, Theoretical Model, Grounded Theory, Information systems security DOI: 10.7176/IKM/10-5-05 Publication date:August 31st 202

Evolution of the Governmental Accounting Reform implementation in Greek Public Hospitals: Testing the institutional framework

Purpose – In an attempt to promote efficiency, effectiveness and economy in health service production, the Greek government imposed in 2003 an accrual basis financial and cost accounting system in all public hospitals of the National Health System (NHS). The purpose of this study is not to investigate thoroughly the accounting reform implementation and adoption in specific organizations, but rather to obtain an overall idea of the reform adoption process in Greek public hospitals by identifying major areas of non-compliance with the mandatory legislative accounting framework and various organisational contingencies that influence the level of reform adoption within a broad institutional framework. Design/methodology/approach – Our analysis is based on the results of an empirical survey that took place during 2009. For the purposes of this survey, a compliance index is constructed and applied on a sample of 94 Greek public hospitals using a structured questionnaire and semi-structured interviews with six public hospital Financial and Accounting executives. Findings – The empirical evidence reveals that the level of accrual basis financial and especially cost accounting adoption in Greek public hospitals is realized only to a limited extent. In particular, results show that the relationship between the institutional isomorphic pressures and accounting reform implementation process is restricted by organizational capability factors (i.e., the quality of existing Information Technology systems, the education level of finance and accounting staff, the extent of reform related training, and the professional support of consultants). Research limitations/implications – Although this study takes into consideration the work of previous researchers in the health care area, it acknowledges that empirical research on the subject in the Greek environment is limited. Therefore this study should be viewed as an initial step to address this limitation. Originality/value – This study draws on the information systems change, management accounting innovation, and public sector reform literatures to contribute to the current knowledge in public sector accounting by examining a number of factors that are expected to influence the implementation and adoption process of accrual and cost accounting practises in the Greek public healthcare sector within a broad institutional framework. Contribution - This study contributes to the international literature of New Public Management (NPM) initiatives in public health sector by providing, to our knowledge, the first large cross-sectional assessment of accrual accounting reform adoption and implementation in Greek public hospitals. Additionally, the empirical evidence of this study can enhance researchers’ and managers’ understanding of major implementation processes and challenges and thus help them refine models of effective implementation process and improve systems and processes on similar future projects.Accrual Accounting, Public Sector Accounting, Compliance Index, Public Hospitals, Isomorphism.

Investigating Stakeholder Perceptions of ISO Management Systems in the UK Agricultural Sector

This paper considered perceptions from a relatively small sample of case studies but acknowledges other respondents views have been triangulated to an extent that verifies the samples used are representative of the UK agricultural supply chain. The present study provides a starting-point for further research into the adoption and uptake of ISO management systems standards in the UK agricultural sector and its supply chain. Therefore this paper does not explore the relationships between adoption of ISO management systems and the impact of them it rather explores perceptions of different ISO management systems from stakeholders viewpoints. Following an extensive review of stakeholder perceptions this paper concludes that the uptake of ISO management systems in the UK will continue and more areas of the agriculture supply chain will feel obliged to certify their management systems to a wider range of standards than just the well known quality management and environmental management system standards.  The extensive certification of ISO management systems in the UK is well known and this paper focuses on acceptance and perceptions of such standards in the UK agricultural sector. The research identified a lack of understanding and hence encourages agricultural specialists, teachers and policy makers to provide information to the agricultural sector regarding the value and scope of ISO management systems in supporting best practice and identification of regulatory compliance issues. This paper is significant in that it has acknowledged an uptake and trend in certification of management systems within the agricultural sector in the UK but has identified a lack of understanding of such systems amongst stakeholders of the agricultural supply chain. Finally, the paper clearly shows many noteworthy opportunities for further certified management systems research within the worldwide agricultural supply chain. Keywords:  ISO standards, management systems, stakeholder perceptions, agriculture, food safety, food contro

Implementation of health checking tools using lean method for managing final year project / Siti Izniwafaa Azizan

Good project management includes continuous attention to make sure a project is running well. Currently, most of students of Bachelor in Information Technology (Hons.) Information Systems Engineering had problems in managing their Final Year Project (FYP) as they find difficulty to take an objective view of current state of their FYP. This phenomenon results to ineffective FYP deliverables which lead to failure. This research study is about Project Health Check (PHC) approach to better enables the students to deliver a successful FYP outcome. The PHC templates provide students with early indications of looming problems during the life of a project by checking true status of running task and also encourage students to maintain good practices from start to finish through a simple scheduling approach. The research study focused on Lean method that help in aligning and redesign process workflow through removing waste in the project. Lean management methods helps in increasing the performance of PHC to deliver better FYP report for submission purposed. Both qualitative and quantitative method is used to identify problem, gaining knowledge and achieved result findings. The results show the application of PHC templates in visualization form of checking project health status and checking project compliance. These benefits to a certain extent contribute in managing students’ FYP report compliance and monitoring health status of FYP and indirectly ease supervision task to supervisors