Advanced search
Publication Cover
Information Systems Management Volume 33, 2016 - Issue 4
Submit an article Journal homepage
594
Views
2
CrossRef citations to date
0
Altmetric
Original Articles

The Implementation of Governance, Risk, and Compliance IS: Adoption Lifecycle and Enterprise Value

Konstantina SpanakiDepartment of Innovation and Entrepreneurship, Imperial College Business School, London, UKCorrespondence[email protected]
View further author information
&
Anastasia PapazafeiropoulouDepartment of Computer Science, Brunel University, London, UKCorrespondence[email protected]
View further author information
Pages 302-315 | Published online: 09 Aug 2016

References

  • Adler, P. A., & Adler, P. (1994). Observational techniques. Handbook of Qualitative Research, 40, 377–392.
  • Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: An IT outsourcing perspective. Information Systems Frontiers, 14(2), 179–193. doi:10.1007/s10796-009-9183-y
  • Asprion, P. M., & Knolmayer, G. F. (2013, January). Assimilation of compliance software in highly regulated industries: An empirical multitheoretical investigation. 2013 46th Hawaii International Conference on System Sciences (HICSS; pp. 4405–4414), Wailea, Maui, HI.
  • Bancroft, N., Seip, H., & Sprengel, A. (1998). Implementing SAP R/3: How to introduce a large system into a large organization. Greenwich, CT: Manning Publication Co.
  • Bhattacharya, P. J., & Seddon, P. B. (2011, December). Going beyond operations with enterprise systems. ACIS 2011 Proceedings, Sydney Australia. Retrieved from http://aisel.aisnet.org/acis2011/51.
  • Bhattacharya, P. J., Seddon, P. B., & Scheepers, R. (2012, December). Enterprise systems for innovation in products and processes: Beyond operational efficiency. Location, Location, Location: Proceedings of the 23rd Australasian Conference on Information Systems 2012 ( ACIS 2012; pp. 1–11), Geelong, Australia.
  • Boyatzis, R. E. (1998). Transforming qualitative information: Thematic analysis and code development. Thousand Oaks, CA: Sage Publications, Inc.
  • Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101. doi:10.1191/1478088706qp063oa
  • Butler, T., & McGovern, D. (2012). A conceptual model and IS framework for the design and adoption of environmental compliance management systems. Information Systems Frontiers, 14(2), 221–235. doi:10.1007/s10796-009-9197-5
  • Cangemi, M. P. (2008). The controls challenge. Bank Accounting & Finance, 21(5), 43–52.
  • Cooper, R. B., & Zmud, R. W. (1990). Information technology implementation research: A technological diffusion approach. Management Science, 36(2), 123–139. doi:10.1287/mnsc.36.2.123
  • Coyne, I. T. (1997). Sampling in qualitative research. Purposeful and theoretical sampling; merging or clear boundaries? Journal of Advanced Nursing, 26(3), 623–630. doi:10.1046/j.1365-2648.1997.t01-25-00999.x
  • Davenport, T. H., Harris, J. G., & Cantrell, S. (2004). Enterprise systems and ongoing process change. Business Process Management Journal, 10(1), 16–26. doi:10.1108/14637150410518301”
  • Frigo, M. L., & Anderson, R. J. (2009). A strategic framework for governance, risk, and compliance. Strategic Finance, 90(8), 20.
  • Gangadharan, G., D’andrea, V., De Paoli, S., & Weiss, M. (2012). Managing license compliance in free and open source software development. Information Systems Frontiers, 14(2), 143–154. doi:10.1007/s10796-009-9180-1
  • Gericke, A., Fill, H., Karagiannis, D., & Winter, R. (2009). Situational method engineering for governance, risk and compliance information systems. Philadelphia, PA: ACM.
  • Gozman, D., & Currie, W. (2015, January). Managing governance, risk, and compliance for post-crisis regulatory change: A model of IS capabilities for financial organizations. 2015 48th Hawaii International Conference on System Sciences (HICSS; pp. 4661–4670), Grand Hyatt, HI.
  • Hayden, L. (2009). Designing common control frameworks: A model for evaluating information technology governance, risk, and compliance control rationalization strategies. Information Security Journal: A Global Perspective, 18(6), 297–305.
  • Hoffmann, J., Weber, I., & Governatori, G. (2012). On compliance checking for clausal constraints in annotated process models. Information Systems Frontiers, 14(2), 155–177. doi:10.1007/s10796-009-9179-7
  • Klein, H. K., & Myers, M. D. (1999). A set of principles for conducting and evaluating interpretive field studies in information systems. MIS Quarterly: Management Information Systems, 23(1), 67–94. doi:10.2307/249410
  • Lee, R. (1998). An enterprise decision framework for information system selection. Information Systems Management, 15(4), 7–13. doi:10.1201/1078/43186.15.4.19980901/31145.2
  • Leishman, M., Brouwers, P., & Farineau, D. (2009). Continuous auditing/continuous Monitoring–Using technology to drive value by managing risk and improving performance. KPMG International Report.
  • Ly, L. T., Rinderle-Ma, S., Göser, K., & Dadam, P. (2012). On enabling integrated process compliance with semantic constraints in process management systems. Information Systems Frontiers, 14(2), 195–219. doi:10.1007/s10796-009-9185-9
  • Markus, M. L., & Tanis, C. (2000). The enterprise systems experience - from adoption to success. In R. W. Zmud (Ed.), Framing the domains of IT management: Projecting the future through the past (1st ed., pp. 173–207). Cincinnati, OH: Pinnaflex Educational Resources.
  • Marshall, C., & Rossman, G. B. (1999). Designing qualitative research. Thousand Oaks, CA: Sage Publications.
  • Maurizio, A., Girolami, L., & Jones, P. (2007). EAI and SOA: Factors and methods influencing the integration of multiple ERP systems (in an SAP environment) to comply with the sarbanes-oxley act. Journal of Enterprise Information Management, 20(1), 14–31. doi:10.1108/17410390710717110
  • Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook (2nd ed.). Thousand Oaks, CA: Sage.
  • Mitchell, S. L. (2007). GRC360: A framework to help organisations drive principled performance. International Journal of Disclosure and Governance, 4(4), 279–296. doi:10.1057/palgrave.jdg.2050066
  • Mundy, J., & Owen, C. A. (2013). The use of an ERP system to facilitate regulatory compliance. Information Systems Management, 30(3), 182–197. doi:10.1080/10580530.2013.794601
  • Nissen, V., & Marekfia, W. (2013, July). Towards a research agenda for strategic governance, risk and compliance (GRC) management. 2013 IEEE 15th Conference on Business Informatics (CBI; pp. 1–6), Geneva, Switzerland.
  • Nissen, V., & Marekfia, W. (2014). The development of a data-centred conceptual reference model for strategic GRC-management. Journal of Service Science and Management, 7(2), 63–76. doi:10.4236/jssm.2014.72007
  • Papazafeiropoulou, A., & Spanaki, K. (2015). Understanding governance, risk and compliance information systems (GRC IS): The experts view. Information Systems Frontiers, 1–13. doi:10.1007/s10796-015-9572-3
  • Patton, M. Q. (1991). Towards utility in reviews of multivocal literatures. Review of Educational Research, 61, 287–292. doi:10.3102/00346543061003287
  • Patton, M. Q. (2002). Designing qualitative studies. Qualitative Research and Evaluation Methods, 3, 230–246.
  • Racz, N., Seufert, A., & Weippl, E. (2010a, June). A frame of reference for research of integrated governance, risk & compliance (GRC). Proceedings of IFIP CMS 2010, Linz, Austria.
  • Racz, N., Seufert, A., & Weippl, E. (2010b, July). A process model for integrated IT governance, risk, and compliance management. Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010; pp. 155–170), Riga, Latvia.
  • Rasmussen, M. (2009). Foundations of GRC: Establishing an enterprise view of risk & compliance. Corporate Integrity, Governance, Risk Manager and Compliance Research. Retrieved from http://fm.sap.com/data/UPLOAD/files/Establishing_an_Enterprise_View_of_Risk_Compliance.pdf
  • Robey, D., Ross, J. W., & Boudreau, M. (2002). Learning to implement enterprise systems: An exploratory study of the dialectics of change. Journal Manage Information Systems, 19(1), 17–46.
  • Ross, J. W., Weill, P., & Robertson, D. C. (2006). Enterprise architecture as strategy: Creating a foundation for business execution. Boston, MA: Harvard Business School Press.
  • Scott, S., & Perry, N. (2012). The enactment of risk categories: The role of information systems in organizing and re-organizing risk management practices in the energy industry. Information Systems Frontiers, 14(2), 125–141. doi:10.1007/s10796-009-9223-7
  • Soja, P. (2006). Success factors in ERP systems implementations: Lessons from practice. Journal of Enterprise Information Management, 19(4), 418–433. doi:10.1108/17410390610678331
  • Soja, P., Themistocleous, M., & Cunha, P. R. (2011, January). Playing catch up: How different is large scale enterprise systems implementation in transition countries and organizations? 2011 44th Hawaii International Conference on System Sciences (HICSS; pp. 1–10), Kauai, HI.
  • Spanaki, K., & Papazafeiropoulou, A. (2013, June). Analysing the governance, risk and compliance (Grc) implementation process: Primary insights. European Conference on Information Systems (ECIS), Utrecht, The Netherlands.
  • Strecker, S., Heise, D., & Frank, U. (2011). RiskM: A multi-perspective modeling method for IT risk assessment. Information Systems Frontiers, 13(4), 595–611. doi:10.1007/s10796-010-9235-3
  • Suri, H. (2011). Purposeful sampling in qualitative research synthesis. Qualitative Research Journal, 11(2), 63–75. doi:10.3316/QRJ1102063
  • Suri, H., & Clarke, D. (2009). Advancements in research synthesis methods: From a methodologically inclusive perspective. Review of Educational Research, 79(1), 395–430. doi:10.3102/0034654308326349
  • Teoh, S., Tng, Q., & Pan, S. (2008, June). The emergence of dynamic capabilities from a SME-enterprise system upgrade. 16th European Conference on Information Systems, Galway, Ireland.
  • Themistocleous, M., Soja, P., & Da Cunha, P. R. (2011). The same, but different: Enterprise systems adoption lifecycles in transition economies. Information Systems Management, 28(3), 223–239. doi:10.1080/10580530.2011.585585
  • Weber, J., Bramsemann, U., & Heineke, C. (2004). Wertorientierte unternehmenssteuerung: Konzepte– implementierung–praxisstatements [Value-based management: Concepts–implementation–practical experiences]. Wiesbaden, Germany: Gabler Verlang.
  • Wiesche, M., Berwing, C., Schermann, M., & Krcmar, H. (2011, June). Patterns for understanding control requirements for information systems for governance, risk management, and compliance (GRC IS). In Proceedings of CAiSE 2011 International Workshops, Advanced Information Systems Engineering Workshops (pp. 208–217), London, UK.
  • Wiesche, M., Schermann, M., & Krcmar, H. (2011). Understanding the role of information technology for organizational control design: Risk control as new control mechanism. In Governance and sustainability in information systems. Managing the transfer and diffusion of IT (pp. 135–152). Berlin, Germany: Springer.
  • Yu, Y. R., Seo, S. C., & Kim, B. K. (2013, January). IT GRC-based IT internal control framework. 2013 15th International Conference on Advanced Communication Technology (ICACT; pp. 382–385), PyeongChang, Korea.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.