An enterprise systems perspective to GRC IS implementation process

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Governance, Risk and Compliance (GRC) Information Systems (IS) as an integrated technology has been introduced recently to facilitate the demanding operational and financial environment of the enterprises. The implementation process and the adoption of such systems is considered as a significant parameter influencing the success of operational performance and financial governance and could support the competitive advantage practices within the organisations. However, GRC literature is limited regarding the analysis of the implementation and adoption success. Therefore, there is a need for further research and contribution about these systems and more specifically their implementation process. Consequently, this investigation and analysis can provide an insight of this process by examining the aspects of the implementation, the lifecycle phases followed and the enterprise value drivers in each of these phases. Therefore, a framework was developed for structuring the analysis of this implementation including all these three elements as these were provided by the theoretic background. The empirical context of this research includes three field investigation studies based on the experience of key implementation stakeholder groups as participants. These investigation studies were analysed using thematic techniques following an interpretative qualitative analysis approach. It was proved that organisations have, directly or indirectly, followed specific lifecycle phases when they implement GRC systems as these are also described in the framework. Also they should consider specific aspects about the GRC systems and enterprise value drivers for the different lifecycle phases but also for a holistic approach of the implementation process. Hence new GRC implementation projects can use the phases and the analysis of these elements to facilitate and ease their decision-making and strategic planning before launching the implementation project. The analysis of the GRC implementation proved that a strict GRC environment can be established in the organisations through the successful implementation of a GRC technology. The implementation process of such technologies would require a preparation for the organisational environment in order the implementation project to succeed the GRC goals and the system to be integrated and optimised harmoniously within the enterprise environment. This study provides insight of how this implementation projects could be planned and developed and gives a directive blueprint for preparing organisations hosting such technological initiatives. The results of all field investigation phases, which can be considered as the contributions to theory and practice of this research, can have twofold implications: initially the development of a theoretical framework based on enterprise systems theories, and also an analysis of the GRC implementation process in specific. The framework is designed to structure the analysis of the GRC implementation aspects, the lifecycle phases and the enterprise value drivers of the GRC implementation process. This framework is used for visualising and structuring a specific analysis of the GRC adoption and success, and therefore this analysis can be used by practitioners and researchers to further evaluate and analyse this process. Furthermore, organisations can use this analysis for decision-making processes; as this analysis can provide a primary view for the implementation projects

The Implementation of Governance Risk and Compliance Information Systems (GRC IS): Adoption Lifecycle and Enterprise Value

Governance, Risk and Compliance (GRC) has become an emerging field within the IS academic community. Motivated by this research direction, the study capitalizes on the theoretical background of Enterprise Systems (ES) and extends the focus on GRC systems’ implementation (enterprise value and lifecycle). Building upon expert views on GRC IS implementation projects, the analysis indicates that the three value drivers of integration; optimization and information should be considered throughout the whole GRC IS implementation lifecycle

Understanding governance, risk and compliance information systems (GRC IS): the experts view

Although Governance, Risk and Compliance (GRC) is an emerging field of study within the information systems (IS) academic community, the concept behind the acronym has to still be demystified and further investigated. The study investigates GRC systems in depth by (a) reviewing the literature on existing GRC studies, and (b) presenting a field study on views about GRC application by professional experts. The aim of this exploratory study is to understand the aspects and the nature of the GRC system following an enterprise systems approach. The result of this study is a framework of particular GRC characteristics that need to be taken into consideration when these systems are put in place. This framework includes specific areas such as: goals and objectives, purpose of the system, key stakeholders, methodology and requirements prior to implementation, critical success factors and problems/barriers. Further discussion about the issues, the concerns and the diverse views on GRC would assist in developing an agenda for the future research on the GRC field

More supportive or more distractive?:Investigating the negative effects of technology at the customer interface

The continuous development of technology leads to stimuli-dense consumption environments for consumers. Although the literature primarily highlighted the advantages of adopting technologies to support consumers’ decision-making process, these systems may also require too much attention and excessive effort to be considered always rewarding. Accordingly, this special issue addresses the interplay between technology-supported consumption experiences and the related distracting mechanisms triggered by this interaction in varied contexts. Specifically, the actual collection of papers in this special issue covers three main themes: (1) conceptualizing a Customer Smartphone Distraction (CSD) organizing framework, (2) drivers (including musical atmosphere, the context of the application, parasocial interaction and anthropomorphisms of virtual agents), and (3) consequences (cognitive, affective and behavioral responses, including sensory overload and discomfort)

Organizational cloud security and control: a proactive approach

Purpose The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship. Design/methodology/approach A case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security. Findings The findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field. Research limitations/implications One of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes. Originality/value This study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments

Data Supply Chain (DSC): development and validation of a measurement instrument

The volume and availability of data produced and affordably stored has become an important new resource for building organizational competitive advantage. Reflecting this, and expanding the concept of the supply chain, we propose the Data Supply Chain (DSC) as a novel concept to aid investigations into how the interconnected data characteristics relate to and impact organizational performance. Initially, we define the concept and develop a research agenda on DSC coupling theoretical background of strategy and operations literature. Along with the conceptualization, we develop a set of propositions and make suggestions for future research including testing and validating the model fit

Access control and quality attributes of open data: Applications and techniques

Open Datasets provide one of the most popular ways to acquire insight and information about individuals, organizations and multiple streams of knowledge. Exploring Open Datasets by applying comprehensive and rigorous techniques for data processing can provide the ground for innovation and value for everyone if the data are handled in a legal and controlled way. In our study, we propose an argumentation and abductive reasoning approach for data processing which is based on the data quality background. Explicitly, we draw on the literature of data management and quality for the attributes of the data, and we extend this background through the development of our techniques. Our aim is to provide herein a brief overview of the data quality aspects, as well as indicative applications and examples of our approach. Our overall objective is to bring serious intent and propose a structured way for access control and processing of open data with a focus on the data quality aspects

IoT and analytical practices in traditional industries: A view of the farming and agricultural sector

IoT and analytical practices in traditional industries: A view of the farming and agricultural secto

A cloud-based supply chain management system: effects on supply chain responsiveness

Purpose: Despite the ongoing calls for the incorporation of the cloud utility model, the effect of the cloud on elements of supply chain performance is still an evolving area of research. In this paper, we develop the architecture of a cloud-based supply chain management (C-SCM) ecosystem and explore how it enhances supply chain responsiveness. Design/methodology/approach: First, we discuss the potential benefits that cloud computing can yield compared to existing mature SCM information systems and solutions through a comprehensive literature review. We conceptualize SCR in terms of the level of visibility in the supply chain, supply chain flexibility, and rapid detection and reaction to changes and then we build the detailed architecture of a cloud based SCM system. The proposed ecosystem introduces a view of SCM and the associated practices when transferred to cloud environments. The potential to enhance SCR through the cloud is explored with scenarios on a case of supply chain operations in fashion retail industry. Findings: Our findings show that the proposed system can enhance all three dimensions of SCR. Implications for supply chain practice and how companies can migrate to a cloud supply chain are drawn. Originality/Value: Given that the development, creation, and delivery of goods and services is increasingly becoming a joint effort of several parties in a supply chain, we contribute to existing literature, by introducing a comprehensive cloud-based SCM system and show how companies can enhance their supply chain responsiveness