Contrasting Information Systems and Financial Executive Perspective on Implementing Regulatory Controls

New corporate compliance regulations such as the Sarbanes Oxley (SOX) Act of 2002 contain requirements for the chief executive and financial officers to certify the effectiveness of internal controls and processes leading to financial reporting. An inevitable result of implementing compliance with these regulations is an increased focus on improving systems and greater interdependence between the financial and IS functions. In this paper, we analyse the data collected on implementation of regulatory compliance and present some new empirical insights on the regulatory control implementation process and consequential changes in the institutional properties of IS and the accounting functions within the organization

Dialectic tensions in the financial markets: a longitudinal study of pre- and post-crisis regulatory technology

This article presents the findings from a longitudinal research study on regulatory technology in the UK financial services industry. The financial crisis with serious corporate and mutual fund scandals raised the profile of compliance as governmental bodies, institutional and private investors introduced a ‘tsunami’ of financial regulations. Adopting a multi-level analysis, this study examines how regulatory technology was used by financial firms to meet their compliance obligations, pre- and post-crisis. Empirical data collected over 12 years examine the deployment of an investment management system in eight financial firms. Interviews with public regulatory bodies, financial institutions and technology providers reveal a culture of compliance with increased transparency, surveillance and accountability. Findings show that dialectic tensions arise as the pursuit of transparency, surveillance and accountability in compliance mandates is simultaneously rationalized, facilitated and obscured by regulatory technology. Responding to these challenges, regulatory bodies continue to impose revised compliance mandates on financial firms to force them to adapt their financial technologies in an ever-changing multi-jurisdictional regulatory landscape

Regulatory Strategies

Over the years, there has been a shift from a wide command-and-control style of supervision whereby the regulator imposes detailed rules with which regulators supervise to one which consists of risk based regulatory strategies. ‘Enforced Self Regulation’, a regulatory strategy whereby negotiation takes places between the State and the individual firms, lies between the command-and-control style of supervision and meta risk regulation in that firms are still required to regulate but according to their own models. It differs from the traditional command-and-control style of bank supervision in that firms and not the regulator, are required to regulate. It is similar to meta-risk regulation in that the individual firm’s model is taken into consideration in regulating such firms. Whilst the merits and disadvantages of the individual regulatory strategies are considered, this paper concludes that all regulatory strategies should take into consideration the importance of management responsibilities – both on individual and corporate levels

Regulatory Strategies

Over the years, there has been a shift from a wide command-and-control style of supervision whereby the regulator imposes detailed rules with which regulators supervise to one which consists of risk based regulatory strategies. ‘Enforced Self Regulation’, a regulatory strategy whereby negotiation takes places between the State and the individual firms, lies between the command-and-control style of supervision and meta risk regulation in that firms are still required to regulate but according to their own models. It differs from the traditional command-and-control style of bank supervision in that firms and not the regulator, are required to regulate. It is similar to meta-risk regulation in that the individual firm’s model is taken into consideration in regulating such firms. Whilst the merits and disadvantages of the individual regulatory strategies are considered, this paper concludes that all regulatory strategies should take into consideration the importance of management responsibilities – both on individual and corporate levels.bank;regulation;risk;command;control

Regulatory strategies

Over the years, there has been a shift from a wide command-and-control style of supervision whereby the regulator imposes detailed rules with which regulators supervise to one which consists of risk based regulatory strategies. ‘Enforced Self Regulation’, a regulatory strategy whereby negotiation takes places between the State and the individual firms, lies between the command-and-control style of supervision and meta risk regulation in that firms are still required to regulate but according to their own models. It differs from the traditional command-and-control style of bank supervision in that firms and not the regulator, are required to regulate. It is similar to meta-risk regulation in that the individual firm’s model is taken into consideration in regulating such firms. Whilst the merits and disadvantages of the individual regulatory strategies are considered, this paper concludes that all regulatory strategies should take into consideration the importance of management responsibilities – both on individual and corporate levels.command,control,regulation,meta,risk

An Examination of the Role of vCISO in SMBs: An Information Security Governance Exploration

Information security threats and their associated breaches are exponentially growing, with millions of records containing personally identified information released to the public each year. Cyber incidents targeting businesses nearly doubled in US past 6 years, with more than 130 large-scale targeted breaches per year in U.S. In the first half of 2020, 36 billion records were exfiltrated by external hackers, with the average cost to recover from a cyber-attack averaging $21.00 per record. While Small and Mid-sized Businesses (SMBs) attempt to stay ahead of this growing trend and protect organizational data, they have specific behaviors that do not affect larger organizations. The four behaviors (non-strategic executive-level sponsorship, apathetic risk management procedures, constrained resources, and non-existent technical skills) are identified in the literature and recognized within the small to midsized industry. If not correctly identified and remediated, these behaviors may impede the businesses from protecting information assets and achieve a mature level of information security governance. To assist organizations in achieving information security governance, the literature identifies five domains that all organizations should possess for organizational alignment and governance maturity. These governance domains are Strategic Alignment, Value Delivery, Risk Management, Performance Measurement, and Resource Management. However, extant literature does not align the five governance domains with the small to midsized business behaviors, nor provide a solution to assist SMBs in achieving information security governance. The literature review focused on four main aspects that are relevant to the study: SMB Characteristics, Virtual Leadership, Information Security Governance, and Information Security program. Previous research identified how similar organizations utilized virtual leadership positions to overcome SMB behaviors to attain organizational business requirements but did not identify virtual positions that can assist SMBs with information security governance. To bridge this gap, this study explored a recent phenomenon, identified as a virtual Chief Information Security Officer (vCISO), that can align the SMB behaviors with the five governance domains and provide a viable solution for SMBs to achieve Information Security Governance within the identified behaviors. Specifically, this qualitative exploratory study interviewed six vCISOs and 14 companies to examine the role the vCISO provided in bridging SMB’s organizational behaviors with the five Information Security Governance domains

Political Disagreement and Delegation in a Multi-Level Governance Setting

A large share of delegation models takes into account the effect of political disagreement when explaining delegation. Yet, delegation models make sharply contrasting predictions on how political disagreement translates into the level of discretion delegated to agencies. Moreover, empirical findings are contradictory. The current paper addresses this puzzle by disentangling mechanisms driving the effect of political disagreement on delegation. Furthermore, we distinguish conditions interacting with the effect of political disagreement on discretion. We apply the conditions to the research context of the present paper: economic restructuring in the UK under New Labour, which took place in a multi-level governance setting. We derive hypotheses on the effect of political disagreement on discretion and explore our theoretical predictions with the use of a novel dataset on economic restructuring in the UK under New Labour (Bennett and Payne 2000). Our analysis show that political disagreement leads to lower levels of discretion delegated.

The interplay of strategic and internal green marketing orientation on competitive advantage

This paper seeks to clarify and refine the relationship between strategic and internal green marketing and firm competitiveness. Despite the significance of corporate environmental strategy to firms adopting a triple-bottom line performance evaluation, there is insufficient focus on strategic green marketing and its impact on a firm’s competitiveness. This study fills the gap by providing a comprehensive view of strategic green marketing and its impact on competitive advantage. Findings also reveal the moderating role of internal green marketing actions towards the development of a sustained competitive advantage. Specifically, the findings build on contemporary green marketing literature suggesting that a significant interplay between strategy and people exists which enhances the creation of competitive advantage. This in turn increases financial performance. Finally, this research uses an updated approach to build on current literature concerning the drivers and outcomes of strategic green marketing. This provides managers with nuanced insights about environmentally-driven competitive advantage