Advanced search
Publication Cover
Information Systems Management Volume 40, 2023 - Issue 4
Submit an article Journal homepage
259
Views
1
CrossRef citations to date
0
Altmetric
Research Article

Probing the Past to Guide the Future IT Regulation Research: Topic Modeling and Co-word Analysis of SOX-IS Research

George Mangalaraja College of Business and Technology, Western Illinois University, Macomb, Illinois, USACorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0003-1024-5477View further author information
ORCID Icon,
Anil Singhb The Robert C. Vackar College of Business and Entrepreneurship, The University of Texas at Rio Grande Valley, Edinburg, Texas, USAORCID Iconhttps://orcid.org/0000-0003-0103-6403View further author information
ORCID Icon &
Aakash Tanejac School of Business, Stockton University, Galloway, New Jersey, USAView further author information
Pages 302-315 | Published online: 03 Nov 2022

References

  • Anand, S. (2008). Information security implications of Sarbanes-Oxley. Information Security Journal: A Global Perspective, 17(2), 75–79. https://doi.org/10.1080/19393550801953372
  • Arnold, V., Benford, T., Canada, J., & Sutton, S. G. (2015). Leveraging integrated information systems to enhance strategic flexibility and performance: The enabling role of enterprise risk management. International Journal of Accounting Information Systems, 19, 1–16. https://doi.org/10.1016/j.accinf.2015.10.001
  • Bart, C., & Turel, O. (2010). IT and the board of directors: An empirical investigation into the “governance questions” Canadian board members ask about IT. Journal of Information Systems, 24(2), 147–172. https://doi.org/10.2308/jis.2010.24.2.147
  • Blei, D. M. (2012). Probabilistic topic models. Communications of the ACM, 55(4), 77–84. https://doi.org/10.1145/2133806.2133826
  • Braganza, A., & Desouza, K. C. (2006). Implementing section 404 of the Sarbanes Oxley act: recommendations for information systems organizations. Communications of the Association for Information Systems, 18, 464–487. https://doi.org/10.17705/1CAIS.01822
  • Brown, A. E., & Grant, G. G. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15, 696–712. https://doi.org/10.17705/1CAIS.01538
  • Brown, W., & Nasuti, F. (2005). Sarbanes-Oxley and enterprise security: IT governance-what it takes to get the job done. Information Systems Security, 14(5), 15–28. https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91010.4
  • Butler, T. (2017). Towards a standards-based technology architecture for RegTech. Journal of Financial Transformation, 45(1), 49–59.
  • Chauhan, U., & Shah, A. (2021). Topic modeling using latent dirichlet allocation: A survey. ACM Computing Surveys (CSUR), 54(7), 1–35. https://doi.org/10.1145/3462478
  • Cleven, A., & Winter, R. (2009). Regulatory compliance in information systems research–literature analysis and research agenda (enterprise, business-process and information systems modeling (pp. 174–186). Springer.
  • Coates, J. C., & Srinivasan, S. (2014). SOX after ten years: A multidisciplinary review. Accounting Horizons, 28(3), 627–671. https://doi.org/10.2308/acch-50759
  • Cook, S. S., Probert, D., & Martin, S. (2009). The lived experience of information technology workers with Sarbanes-Oxley compliance responsibilities. Journal of Global Business Issues, 3(1), 23–31.
  • Cornock, M. (2018). General data protection regulation (GDPR) and implications for research. Maturitas, 111, A1–A2. https://doi.org/10.1016/j.maturitas.2018.01.017
  • Corrales-Garay, D., Ortiz-de-Urbina-Criado, M., & Mora-Valentín, E. M. (2019). Knowledge areas, themes and future research on open data: A co-word analysis. Government Information Quarterly, 36(1), 77–87. https://doi.org/10.1016/j.giq.2018.10.008
  • Damianides, M. (2005). Sarbanes-Oxley and IT governance: New guidance on IT control and compliance. Information Systems Management, 22(1), 77–85. https://doi.org/10.1201/1078/44912.22.1.20051201/85741.9
  • Dantu, R., Dissanayake, I., & Nerur, S. (2020). Exploratory analysis of internet of things (IoT) in healthcare: A topic modelling & co-citation approaches. Information Systems Management, 38(1), 62–78. https://doi.org/10.1080/10580530.2020.1746982
  • de Vaujany, F. X., Fomin, V. V., Haefliger, S., & Lyytinen, K. (2018). Rules, practices, and information technology: A trifecta of organizational regulation. Information Systems Research, 29(3), 755–773. https://doi.org/10.1287/isre.2017.0771
  • Driskill, T., & Elrod, H. (2020). Improving placement of accounting ethics instruction and curriculum aptness. Journal of Accounting and Finance, 20(5), 61–69. https://doi.org/10.33423/jaf.v20i5.3184
  • Economides, N. (2001). The Microsoft antitrust case. Journal of Industry, Competition and Trade, 1(1), 7–39. https://doi.org/10.1023/A:1011517724873
  • Elgammal, A., Turetken, O., & Van Den Heuvel, W.-J. (2012). Using patterns for the analysis and resolution of compliance violations. International Journal of Cooperative Information Systems, 21(1), 31–54. https://doi.org/10.1142/S0218843012400023
  • Freeman, E. H. (2007). Regulatory compliance and the chief compliance officer. Information Systems Security, 16(6), 357–361. https://doi.org/10.1080/10658980701805050
  • Garrett, N., Beard, N., & Fiesler, C. (2020). More than” if time allows the role of ethics in AI education.” Proceedings of the AAAI/ACM Conference on AI Ethics, and Society February 7–8 New York, NY, ACM.
  • Georg, L. (2017). Information security governance: Pending legal responsibilities of non-executive boards. Journal of Management & Governance, 21(4), 793–814. https://doi.org/10.1007/s10997-016-9358-0
  • Ghosh, D. (2021, January/14). Are we entering a new era of social media regulation? Harvard Business Review, Harvard Business School Publishing. Retrieved from December 30 from: https://hbr.org/2021/01/are-we-entering-a-new-era-of-social-media-regulation
  • Gozman, D., Liebenau, J., & Aste, T. (2020). A case study of using blockchain technology in regulatory technology. MIS Quarterly Executive, 19(1), 19–37. https://doi.org/10.17705/2msqe.00023
  • Granneman, J. (2018). The business guide to improving information security. The Journal of Equipment Lease Financing, 36(3), 1–9. https://www.store.leasefoundation.org/cvweb/Portals/ELFA-LEASE/Documents/Products/JELF%20Fall%202018%20Granneman.pdf
  • Hall, J. A., & Liedtka, S. L. (2007). The Sarbanes-Oxley act: Implications for large-scale IT outsourcing. Communications of the ACM, 50(3), 95–100. https://doi.org/10.1145/1226736.1226742
  • Hannigan, T. R., Haans, R. F., Vakili, K., Tchalian, H., Glaser, V. L., Wang, M. S., Kaplan, S., & Jennings, P. D. (2019). Topic modeling in management research: Rendering new theory from textual data. Academy of Management Annals, 13(2), 586–632. https://doi.org/10.5465/annals.2017.0099
  • Hayek, M., Hayek, C., & Williams, W. A., Jr. (2013). Implication of SOX compliance for HRM: Enhancing internal controls with E-HRM. Journal of Applied Management and Entrepreneurship, 18(4), 18–41. https://doi.org/10.9774/GLEAF.3709.2013.oc.00004
  • Hepner, M., & Dickson, W. (2013). The value of ERP curriculum integration: Perspectives from the research. Journal of Information Systems Education, 24(4), 309–326 http://jise.org/volume24/n4/JISEv24n4p309.html.
  • Hough, J. R., Haines, R., & Giacomo, S. (2007). Contextual factors affecting the integration of enterprise systems in post-merger oil and gas companies. Enterprise Information Systems, 1(4), 421–441. https://doi.org/10.1080/17517570701630404
  • Hu, Q., Hart, P., & Cooke, D. (2007). The role of external and internal influences on information systems security–a neo-institutional perspective. The Journal of Strategic Information Systems, 16(2), 153–172. https://doi.org/10.1016/j.jsis.2007.05.004
  • Jones, R., & Basu, S. (2002). Taxation of electronic commerce: A developing problem. International Review of Law, Computers & Technology, 16(1), 35–51. https://doi.org/10.1080/13600860220136093
  • Kevork, E. K., & Vrechopoulos, A. P. (2009). CRM literature: Conceptual and functional insights by keyword analysis. Marketing Intelligence & Planning, 27(1), 48–85. https://doi.org/10.1108/02634500910928362
  • Kirkpatrick, K. (2019). Regulating information technology. Communications of the ACM, 62(12), 19–21 doi:https://doi.org/10.1145/3365583.
  • Klamm, B. K., & Watson, M. W. (2009). SOX 404 reported internal control weaknesses: A test of COSO framework components and information technology. Journal of Information Systems, 23(2), 1–23. https://doi.org/10.2308/jis.2009.23.2.1
  • Koops, B.-J. (2010). Ten dimensions of technology regulation: Finding your bearings in the research space of an emerging discipline M.E.A. Goodwin, B.J. Koops, R.E. Leenes. Dimensions of technology regulation (Nijmegen: Wolf Legal Publishers (WLP)), 309–324. https://research.tilburguniversity.edu/en/publications/ten-dimensions-of-technology-regulation-finding-your-bearings-in-
  • Kotb, A., Sangster, A., & Henderson, D. (2014). E-business internal audit: The elephant is still in the room! Journal of Applied Accounting Research, 15(1), 43–63. https://doi.org/10.1108/JAAR-10-2012-0072
  • Kumar, V., Pollanen, R., & Maheshwari, B. (2008). Challenges in enhancing enterprise resource planning systems for compliance with Sarbanes-Oxley act and analogous Canadian legislation: MRN. Management Research News, 31(10), 758–773. https://doi.org/10.1108/01409170810908516
  • Kyza, E. A., Varda, C., Panos, D., Karageorgiou, M., Komendantova-Amann, N., Coppolino Perfumi, S., Shah, S. I. H., & Hosseini, A. S. (2020). Combating misinformation online: Re-imagining social media for policy-making. Internet Policy Review, 9(4), 1–24. https://doi.org/10.14763/2020.4.1514
  • Larsen, T. J., & Levine, L. (2005). Searching for management information systems: Coherence and change in the discipline. Information Systems Journal, 15(4), 357–381. https://doi.org/10.1111/j.1365-2575.2005.00202.x
  • Lasky, S. (2019). The impact of data privacy regulations greater on small businesses. Endeavor Business Media, SecurityInfowatch.com. Retrieved 12/30 from https://www.securityinfowatch.com/print/content/21079552
  • Leih, M. J. (2006). The impact of the Sarbanes-Oxley act on IT project management. Journal of Information Technology Theory and Application (JITTA), 8(3), 13–30. https://aisel.aisnet.org/jitta/vol8/iss3/4.
  • Levy, H. B. (2016). Unsolved Problems in auditing a half-century retrospective and update. The CPA Journal, 86(2), 24–30. https://www.cpajournal.com/2016/02/13/unsolved-problems-auditing-half-century-retrospective-update/.
  • Lifer, J. D., Parsons, K., & Miller, R. E. (2009). A comparison of information systems programs at AACSB and ACBSP schools in relation to IS 2002 model curricula. Journal of Information Systems Education, 20(4), 469–476. https://jise.org/volume20/n4/JISEv20n4p469.html.
  • Li, J., Wang, H., Zhang, Z., & Zhao, J. (2010). A policy-based process mining framework: Mining business policy texts for discovering process models. Information Systems & e-Business Management, 8(2), 169–188. https://doi.org/10.1007/s10257-009-0112-x
  • Lowry, P. B., Moody, G. D., Galletta, D. F., & Vance, A. (2013). The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems, 30(1), 153–190. https://doi.org/10.2753/MIS0742-1222300105
  • Luther, M. (2007). Identity-based encryption: From identity and access management to enterprise privacy management. Information Systems Security, 16(1), 9–14. https://doi.org/10.1080/10658980601051268
  • Mähring, M. (2006). The role of the board of directors in IT governance: A review and agenda for research. AMCIS 2006 Proceedings, 377.
  • Marotta, A., & Madnick, S. (2020). Analyzing the interplay between regulatory compliance and cybersecurity. January. http://dx.doi.org/10.2139/ssrn.3542563
  • McFadzean, E., Ezingeard, J. N., & Birchall, D. (2007). Perception of risk and the strategic impact of existing IT on information security strategy at board level. Online Information Review, 31(5), 622–660. https://doi.org/10.1108/14684520710832333
  • McNamee, R. (2020). Big Tech Needs to Be Regulated. Here Are 4 Ways to Curb Disinformation and Protect Our Privacy. Time, Time USA. Retrieved from December/30 from: https://time.com/5872868/big-tech-regulated-here-is-4-ways/
  • Mishra, S., & Weistroffer, H. R. (2007). A framework for integrating Sarbanes-Oxley compliance into the systems development process. Communications of the Association for Information Systems, 20, 712–727. https://doi.org/10.17705/1CAIS.02044
  • Omar, M., On, B.-W., Lee, I., & Choi, G. S. (2015). LDA topics: Representation and evaluation. Journal of Information Science, 41(5), 662–675. https://doi.org/10.1177/0165551515587839
  • Papazafeiropoulou, A., & Spanaki, K. (2016). Understanding governance, risk and compliance information systems (GRC IS): The experts view. Information Systems Frontiers, 18(6), 1251–1263. https://doi.org/10.1007/s10796-015-9572-3
  • Pearson, S., & Allison, D. (2009). A model-based privacy compliance checker. International Journal of E-Business Research, 5(2), 63–83. https://doi.org/10.4018/jebr.2009040104
  • Pinsker, R., & Wheeler, P. (2009). The effects of expanded independent assurance on the use of firm-initiated disclosures by investors with limited business knowledge. Journal of Information Systems, 23(1), 25–49. https://doi.org/10.2308/jis.2009.23.1.25
  • Ragan, J., Puccio, C., & Talisesky, B. (2014). Accounting control technology using SAP: A case-based approach. American Journal of Business Education (Online), 7(4), 349. https://doi.org/10.19030/ajbe.v7i4.8846
  • Rikhardsson, P., Singh, K., & Best, P. (2019). Exploring continuous auditing solutions and internal auditing: A research note. Accounting and Management Information Systems, 18(4), 614–639. http://dx.doi.org/10.24818/jamis.2019.04006
  • Rubino, M., & Vitolla, F. (2014). Corporate governance and the information system: How a framework for IT governance supports ERM. Corporate Governance, 14(3), 320–338. https://doi.org/10.1108/CG-06-2013-0067
  • Ryle, P. M., Bueltel, B. L., McKnight, M. A., & Beckman, J. K. (2021). Decoding lessons from the facebook consent decree: Does Sarbanes–Oxley foreshadow the future of privacy regulation? International Journal of Disclosure and Governance, 19(1), 1–10. https://doi.org/10.1057/s41310-021-00124-2
  • Schultze, U. (2011). The SOX compliance journey at trinity industries. Journal of Information Technology Teaching Cases, 1(2), 91–113. https://doi.org/10.1057/jittc.2011.11
  • Shan, Y. G., & Troshani, I. (2014). Does XBRL benefit financial statement auditing? The Journal of Computer Information Systems, 54(4), 11–21. https://doi.org/10.1080/08874417.2014.11645718
  • Sherif, K., Pitre, R., & Kamara, M. (2016). Why do information system controls fail to prevent unethical behavior?. VINE Journal of Information and Knowledge Management Systems, 46(2), 251–266. https://doi.org/10.1108/VJIKMS-04-2015-0028
  • Sipior, J. C. (2007). Ethically responsible organizational privacy protection. Information Resources Management Journal, 20(3), i–iii.
  • Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503–522. https://doi.org/10.2307/25750689
  • Stevens, K., Kegelmeyer, P., Andrzejewski, D., & Buttler, D. (2012). Exploring topic coherence over many models and many topics. Proceedings of the 2012 joint conference on empirical methods in natural language processing and computational natural language learning, Jeju Island, Korea.
  • Sumners, G. E., & Soileau, J. S. (2008). Addressing internal audit staffing challenges. Information Systems Management, 25(2), 1–11. https://doi.org/10.1080/07366980701885341
  • Syed, S., & Spruit, M. (2017). Full-text or abstract? examining topic coherence scores using latent dirichlet allocation. 2017 IEEE International conference on data science and advanced analytics, Tokyo, Japan (IEEE).
  • Tabara, N., & Ungureanu, M. (2012). Internal audit and its role in improving corporate governance systems. Annales Universitatis Apulensis: Series Oeconomica, 14(1), 139.
  • Tambe, P., Cappelli, P., & Yakubovich, V. (2019). Artificial intelligence in human resources management: Challenges and a path forward. California Management Review, 61(4), 15. https://doi.org/10.1177/0008125619867910
  • Thuraisingham, B. (2020). Artificial intelligence and data science governance: Roles and responsibilities at the C-level and the board. 2020 IEEE 21st international conference on information reuse and integration for data science (IRI), Las Vegas, NV, USA (IEEE).
  • Trites, G. (2004). Director responsibility for IT governance. International Journal of Accounting Information Systems, 5(2), 89–99. https://doi.org/10.1016/j.accinf.2004.01.001
  • Vaast, E. (2007). Danger is in the eye of the beholders: Social representations of information systems security in healthcare. The Journal of Strategic Information Systems, 16(2), 130. https://doi.org/10.1016/j.jsis.2007.05.003
  • Van Eck, N. J., & Waltman, L. (2010). Software survey: VOSviewer, a computer program for bibliometric mapping. Scientometrics, 84(2), 523–538. https://doi.org/10.1007/s11192-009-0146-3
  • Van Eck, N. J., & Waltman, L. (2022). VOSviewer Manual. The Netherlands: Centre for Science and Technology Studies, Leiden University. https://www.vosviewer.com/documentation/Manual_VOSviewer_1.6.18.pdf
  • Vanian, J. (2021, November/23). A.I. hiring software faces a regulatory reckoning. Fortune. Retrieved 12/30 from https://fortune.com/2021/11/23/a-i-hiring-software-regulation-new-york/
  • Varanda, A., Santos, L., Costa, R. L. D. C., Oliveira, A., & Rabadão, C. (2021). The general data protection regulation and log pseudonymization. International conference on advanced information networking and applications.
  • Walch, K. (2020). This Is The Year of AI Regulations forbes.com, Forbes Media. https://www.forbes.com/sites/cognitiveworld/2020/03/01/this-is-the-year-of-ai-regulations/
  • Wallace, L., Hui, L., & Cefaratti, M. A. (2011). Information security and Sarbanes-Oxley compliance. An Exploratory Study Journal of Information Systems, 25(1), 185–211. https://doi.org/10.2308/jis.2011.25.1.185
  • Wang, Y., & Taylor, J. E. (2019). DUET: Data-driven approach based on latent dirichlet allocation topic modeling. Journal of Computing in Civil Engineering, 33(3). https://doi.org/10.1061/(ASCE)CP.1943-5487.0000819
  • Westland, J. C. (2020). The information content of Sarbanes-Oxley in predicting security breaches. Computers & Security, 90, 101687. https://doi.org/10.1016/j.cose.2019.101687
  • Yu, Y., Li, Y., Zhang, Z., Gu, Z., Zhong, H., Zha, Q., Yang, L., Zhu, C., & Chen, E. (2020). A bibliometric analysis using VOSviewer of publications on COVID-19. Annals of Translational Medicine, 8(13), 816-816. https://doi.org/10.21037/atm-20-4235
  • Zhang, P., Long, J., & Ma, J. (2018). How IT Awareness Impacts IT Control Weaknesses and Firm Performance. Journal of International Technology and Information Management, 27(2), 99. https://scholarworks.lib.csusb.edu/jitim/vol27/iss2/5/.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.