IT-based Fraud Management Approaches in Small and Medium Enterprises – A Multivocal Literature Review

Fraud, particularly cybercrime, is an emerging worldwide risk. Despite this, the risk of fraud appears underestimated in discussions of fraud mitigation and risk management in the context of SMEs. This multivocal literature review discusses ways of minimizing fraud for SMEs and IT-supported concepts that are currently proposed in literature. The present review shows that existing concepts often focus on specific or internal fraud risks and organizational countermeasures, but rarely cover newer fraud risks or suggest IT-supported measures to reduce the risk of fraud for SMEs. However, some IT security approaches have been proposed to mitigate fraud, but the area of internal control concepts of compliance and governance appears unconnected to IS approaches. This review identifies a lack of integrated fraud-management concepts, which is surprising due to the omnipresence of ICT, it found limitations in existing concepts and suggests areas for future IS research and academic discussion

Managing Cybersecurity and Other Fraud Risks in Small and Medium Enterprises – A Framework to Build a Fraud Management Program in Times of Digitalization

Fraud, particularly cybercrime, is an emerging worldwide risk that targets not only large but also small and medium enterprises (SME). SMEs are especially vulnerable because they often have limited resources in terms of money, staff, and IT knowledge. Because of the role SMEs play in the European economy, reducing their vulnerability has gained more importance. Therefore, this study considers the question of how to minimize fraud in SME-related digital and socio-technical work environments. Based on a design science research approach, we developed a fraud management framework to allow SMEs to identify individual fraud risks and establish an individual fraud management program based on the framework at hand. To be adaptable to different industries and sizes of SMEs, we propose a modular concept of documents and workshop material that includes occupational and cyber-fraud cases because previous fraud management concepts often handled only one of them

Causing factors, outcomes, and governance of Shadow IT and business-managed IT: a systematic literature review

Shadow IT and Business-managed IT describe the autonomous deployment/procurement or management of Information Technology (IT) instances, i.e., software, hardware, or IT services, by business entities. For Shadow IT, this happens covertly, i.e., without alignment with the IT organization; for Business-managed IT this happens overtly, i.e., in alignment with the IT organization or in a split responsibility model. We conduct a systematic literature review and structure the identified research themes in a framework of causing factors, outcomes, and governance. As causing factors, we identify enablers, motivators, and missing barriers. Outcomes can be benefits as well as risks/shortcomings of Shadow IT and Business-managed IT. Concerning governance, we distinguish two subcategories: general governance for Shadow IT and Business-managed IT and instance governance for overt Business-managed IT. Thus, a specific set of governance approaches exists for Business-managed IT that cannot be applied to Shadow IT due to its covert nature. Hence, we extend the existing conceptual understanding and allocate research themes to Shadow IT, Business-managed IT, or both concepts and particularly distinguish the governance of the two concepts. Besides, we find that governance themes have been the primary research focus since 2016, whereas older publications (until 2015) focused on causing factors

Forum - Ausgabe 2012/2013

Informiert über die Forschungsaktivitäten an der Hochschule Konstanz im Jahr 2012/2013

Digitalisierung – Das Ende der Unternehmens-IT?

In vielen Unternehmen wird traditionell die Verantwortung für IT in Produkten und Produktion organisatorisch anders verankert als die Verantwortung für alle anderen IT-Aufgaben, die der so genannten Unternehmens-IT obliegen und in klassischen IT-Abteilungen wahrgenommen werden. Der Digitalisierungstrend verschärft diese Zweiteilung weiter und droht die Unternehmens-IT überflüssig zu machen, obwohl sie vordergründig viel bedeutender werden müsste. Worauf ist diese Entwicklung zurückzuführen? [Aus dem Volltext.

Forum - Ausgabe 2013/2014

Informiert über die Forschungsaktivitäten an der Hochschule Konstanz im Jahr 2013/2014

Forum - Ausgabe 2011/2012

Informiert über die Forschungsaktivitäten an der Hochschule Konstanz im Jahr 2011/2012