Understanding information security compliance - Why goal setting and rewards might be a bad idea

Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention

Foxes in the Henhouse: An Exploratory Inquiry into Financial Markets Fraud

Conventional understandings of fraud are organized around the fraud triangle first developed in the 1950s by Cressey. This conceptual device remains central in our pedagogy and research on this especially timely topic. As long as fraud is imagined to be not much different than a stereotypical act by a single individual out of financial desperation and impulsiveness, the fraud triangle provides a reasonably powerful conceptual organization. However, when applied to abuses that occur in highly organized financial markets, its application takes on new meanings that push the boundaries of its usefulness. Using interviews with traders and other securities market participants, this paper concludes that the prospects for ill-gotten gain are much more systematic and the product of incomplete regulation

Flexible Global Carbon Pricing: A Backward-Compatible Upgrade for the Kyoto Protocol

The Kyoto Protocol’s approach of assigning emission targets, or “caps,” promises certainty that it cannot deliver, because it exacerbates problems with international cooperation and commitment. Global carbon pricing addresses these problems and, with less risk and more reward, can generate and sustain stronger policies. This paper proposes a system, “flexible global carbon pricing,” designed to replace the Kyoto Protocol. It provides backward-compatibility with the Kyoto Protocol by allowing un-modified cap and trade as one form of national carbon pricing. Instead of many national “caps,” the proposal sets a global target price for carbon and specifies a pair of incentives. A Pricing Incentive rewards nations that set their carbon price higher than the global target and penalizes nations that underachieve. These rewards and penalties sum to zero by design. The strength of the Pricing Incentive is adjusted automatically so that the global average carbon price converges to the global target price. A Clean Development Incentive (CDI), free from the gaming problems that plague the U.N.’s Clean Development Mechanism, encourages full participation by low-emission countries. An example, based on a $20 price target, causes transfers from the United States of only seven cents per capita per day. Nevertheless, India’s CDI receipts cover its compliance costs. The example shows that low costs can be guaranteed.Kyoto protocol,cap and trade,flexible global carbon pricing,international cooperation

Moral Intuitions and Organizational Culture

Many efforts to understand and respond to a succession of corporate scandals over the last few years have underscored the importance of organizational culture in shaping the behavior of individuals. This focus reflects appreciation that even if an organization has adopted elaborate rules and policies designed to ensure legal compliance and ethical behavior, those pronouncements will be ineffective if other norms and incentives promote contrary conduct. Responding to the call for creating and sustaining an ethical culture in organizations requires appreciating the subtle ways in which various characteristics of an organization may work in tandem or at cross-purposes in shaping behavior. The idea is to identify the influences likely to be most important, analyze how people are apt to respond to them, and revise them if necessary so that they create the right kinds of incentives when individuals are deciding how to act. This can be a tall order even if we assume that most behavior is the result of a deliberative process that weighs multiple risks and rewards. It’s even more daunting if we accept the notion that conscious deliberation typically plays but a minor role in shaping behavior. A focus on what two scholars describe as “the unbearable automaticity of being” posits that most of a person’s everyday life is determined not by conscious intentions and deliberate choices but by mental processes outside of conscious awareness. In this article, I discuss a particular strand of research that is rooted in the study of non-conscious mental processes, and consider its implications for ethics and culture in the organizational setting. This is work on the process that we use to identify and respond to situations that raise what we think of as distinctly moral questions. A growing body of research suggests that a large portion of this process involves automatic non-conscious cognitive and emotional reactions rather than conscious deliberation. One way to think of these reactions is that they reflect reliance on moral intuitions. When such intuitions arise, we don’t engage in moral reasoning in order to arrive at a conclusion. Instead, we do so in order to justify a conclusion that we’ve already reached. In other words, moral conclusions precede, rather than follow, moral reasoning. If this research accurately captures much of our moral experience, what does it suggest about what’s necessary to foster an ethical organizational culture? At first blush, the implications seem unsettling. The non-conscious realm is commonly associated with irrational and arbitrary impulses, and morality often is characterized as the hard-won achievement of reason over these unruly forces. If most of our moral judgments are the product of non-conscious processes, how can we hope to understand, much less influence, our moral responses? Are moral reactions fundamentally inscrutable and beyond appeals to reason? If reason has no persuasive force, does appreciation of the non-conscious source of our moral judgments suggest that any effort to promote ethical conduct must rest on a crude behaviorism that manipulates penalties and rewards? I believe that acknowledging the prominent role of non-conscious processes in shaping moral responses need not inevitably lead either to fatalism or Skinnerian behaviorism. Research has begun to shed light on how these processes operate. Related work has suggested how our moral responses may be rooted in human evolution. This perspective focuses on the ways in which our capacity for moral judgment is embedded in physical and mental processes that have provided an adaptive advantage in human evolution. These bodies of research contribute to a richer portrait of human cognition and behavior that can be valuable in thinking about how to promote ethical awareness and conduct. As Owen Flanagan has put it, “seeing clearly the kinds of persons we are is a necessary condition for any productive ethical reflection.” If there were such a thing as a normative theory of human movement, it would be futile if it exhorted us to fly. Efforts to create an organizational culture that encouraged people to fly would be doomed as well. In thinking about ethics, we need to have a sense of what lies between simply accommodating what we tend to do and demanding that we fly. My hope is that this article takes a small step in that direction

What a performance: performance related pay in the public services.

Linking pay to performance is something employers increasingly seek to achieve. This was once seen as an objective which could only be met in the private sector. That is no longer true. In the 1990s the British public services have experienced a revolution which has attracted the interest and concern of public service managers and unions around the world. The days when government officials marched in step up incremental pay scales are gone. Virtually all civil servants are now subject to new forms of performance management, or performance pay. This approach now extends to many other areas of the public services. But are these new systems of financial reward as effective as their creators had hoped? This is one of the questions which prompted the substantial programme of research carried out by David Marsden and Stephen French under the auspices of the Industrial Relations programme of the Centre for Economic Performance (with financial assistance from the Anglo-German Foundation). It is the most extensive study of its kind, looking at performance pay systems in the Inland Revenue and the Employment Service; within the NHS; and in the teaching profession.

Smart risk management : a guide to identifying and reducing everyday business risk

https://egrove.olemiss.edu/aicpa_guides/1611/thumbnail.jp

The Impact of Systematically Hiring Top Talent: A Study of Topgrading as a Rigorous Employee Selection Bundle

This research contributes to the employee selection literature by examining the various aspects of value creation derived from systematic approaches to selective hiring and onboarding best practices. These best practices covering the end-to-end spectrum of talent acquisition activities from pre-recruitment to post-hiring performance management are examined through the construct of employee selection bundles. A rigorous type of employee selection bundle called Topgrading is examined across six case studies. This research builds on the employee selection literature by exploring the cross section of organizational learning theory, goal setting theory, and process management theory on the employee selection bundle as a mechanism that positively impacts firm performance

The role of 'perceptions of information value' in information security compliance behaviour: a study in Brunei Darussalam's public organisations

It has been widely accepted that information is an asset and it needs to be protected. Many types of countermeasures were developed and implemented to ensure continuous protection of information where it is deemed necessary. Unfortunately, in many cases, breaches of security are the result of non-compliance behaviours of users or stakeholders of the system. These non-compliance behaviours increase the vulnerability of such system. Organisations are trying to improve their stakeholders compliance behaviour through different ways for example by providing necessary awareness, education and training and to the extent of providing rewards for healthy behaviours and reprimanding and penalising stakeholders for breaches of security. Despite all these efforts, information security breaches are still on the rise and many types of research have been done to understand this issue. It is postulated that an object is protected if it is appreciated. Appreciation of an object might relate to a value perceived by the owner in association with the object. For the similar reason, this thesis investigates the role of perceptions of information value in the context of its security. It is postulated that perceptions of information value could become an alternative way to understand information security compliance behaviour. Utilising a conceptual framework deduced from current literature to structurally analyse a list of research objectives, empirical evidence of the potential role of information perceived value in promoting better compliance behaviour have indeed been discovered. There is evidence that a perception of information value is developed through a systematic process of value assignment or information value assignment process. These processes are significant to the development of stakeholders intention to behave. The finding of this process has provided a platform for the organisation to understand the casual behind the information security behaviours displayed by stakeholders in the organisation. Further evidence has also suggested that the information value assignment is fuelled or influenced by several factors. These factors have provided a unique opportunity for the organisation to manipulate and nurture to have maximum impact on their information value assignment process, resulting in a possible improved intention to behave, thus, subsequently might affect the actual information security compliance behaviour