Dialectic tensions in the financial markets: a longitudinal study of pre- and post-crisis regulatory technology

This article presents the findings from a longitudinal research study on regulatory technology in the UK financial services industry. The financial crisis with serious corporate and mutual fund scandals raised the profile of compliance as governmental bodies, institutional and private investors introduced a ‘tsunami’ of financial regulations. Adopting a multi-level analysis, this study examines how regulatory technology was used by financial firms to meet their compliance obligations, pre- and post-crisis. Empirical data collected over 12 years examine the deployment of an investment management system in eight financial firms. Interviews with public regulatory bodies, financial institutions and technology providers reveal a culture of compliance with increased transparency, surveillance and accountability. Findings show that dialectic tensions arise as the pursuit of transparency, surveillance and accountability in compliance mandates is simultaneously rationalized, facilitated and obscured by regulatory technology. Responding to these challenges, regulatory bodies continue to impose revised compliance mandates on financial firms to force them to adapt their financial technologies in an ever-changing multi-jurisdictional regulatory landscape

Layered evaluation of interactive adaptive systems : framework and formative methods

Peer reviewedPostprin

Justifications for the Implementation of Shadow IT Solutions by Functional Departments in an Organisation

Background: The implementation of information technology (IT) solutions by end-users, while bypassing organisational laid-down IT acquisition and implementation processes and controls, poses a significant challenge for most organisations. This phenomenon, which is known as Shadow IT (SIT), has major financial, legal and security implications for the organisation. Studies indicate that even when organisations implement IT policy to minimise the implementation of SIT, end-users may still find innovative ways to bypass the IT department when implementing unsanctioned software. Purpose of the research: The objective of this study was to investigate how end-users (functional departments) who implement SIT in organisations justify their actions. The term Justification refers to the techniques employed by a social actor to indicate that their deviant behaviour is actually reasonable. Understanding justifications for SIT is essential for IT managers since they can understand them as justification and not confuse them with other phenomena and at the same time they can devise appropriate strategies to counter them. IT Managers who are not aware of the justifications for SIT may implement measures which may not be effective in curbing the phenomena. Design/Methodology/approach: The study adopted an interpretivist approach. The study was guided by the 'Neutralisation Theory’ from the social deviance discipline. The study examined whether an organisation had an IT policy which prevents end-users from implementing SIT, and also assessed the 'Neutralisation’ techniques employed by end-users to justify SIT. The study adopted a case study approach based on a South African office of a multinational organisation. The study collected data through (i) semi-structured interviews with end-users from different functional departments who were involved with implementation of SIT and (ii) documentation (IT policy and email correspondences). The study adopted the purposeful sampling (snowball) technique to target the employees who were involved with the implementation of SIT. A total of 13 respondents were interviewed. The data was analysed using thematic analysis approach. Findings: The organisation did not have an IT policy which prevented functional departments from implementing SIT. Instead, it had a policy which allowed functional departments to implement their own IT solutions as long as they inform the IT department to assess the software application for potential risks and compatibility with the existing landscape. Most respondents did not use Neutralisation techniques to justify the implementation of SIT due to the policy which allowed them to implement their own IT solutions. Nevertheless, the respondents who employed Neutralisation techniques mainly used Denial of responsibility, Denial of injury and Appeal to higher loyalties to justify SIT. Originality/contribution: The study contributed to the justifications of SIT literature when it explored the concept of SIT in a corporate company setting - as opposed to earlier studies that used quantitative methods and experiments when exploring the concept of SIT. The study also makes a further contribution to literature by investigating SIT in an environment where functional departments are allowed to implement their own IT solutions - this was not explored by previous studies on Justification of SIT. The study also contributes to the practice where there is a need by IT management to minimise SIT by providing awareness of Neutralisation techniques which may be employed by functional departments to justify SIT. Through the understanding of the Neutralisation techniques, IT managers could make sound decisions when implementing measures to minimise SI

Security-Informed Safety

Society relies on the safe functioning of computer based networks and systems whether it is in transportation, in energy production, banking or in medical devices. In some sectors, notably high hazard ones, achieving and assuring safety is a relatively mature undertaking - although of course we must not be complacent [20,21]. The advent of cyber issues brings enormous challenges and changes to the traditional engineering tempo and approach. This is exacerbated by the increasing sophistication of attackers, the commoditisation of low-end attacks, the increasing vulnerabilities of digital systems as well as their connectivity - both designed and inadvertent. In our research and practice we have been considering the impact of cyber issues on safety critical and safety related computer systems1. This article shares some of the issues and lessons learned

Contemporary performance measurement systems: A review of their consequences and a framework for research

The main purpose of this paper is to develop a conceptual framework for understanding the literature on the consequences of contemporary performance measurement (CPM) systems and the theories that explain these consequences. The framework is based on an in-depth review of 76 empirical studies published in high-quality academic journals in the areas of accounting, operations, and strategy. The framework classifies the consequences of CPM into three categories: people's behaviour, organizational capabilities, and performance consequences. This paper discusses our current knowledge on the impact of CPM, highlighting inconsistencies and gaps as well as providing direction for future research