Skip to main content
SpringerLink
Log in

Regulatory Compliance in Information Systems Research – Literature Analysis and Research Agenda

  • Conference paper
Book cover Enterprise, Business-Process and Information Systems Modeling (BPMDS 2009, EMMSAD 2009)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 29))

Abstract

After a period of little regulation, many companies are now facing a growing number and an increasing complexity of new laws, regulations, and standards. This has a huge impact on how organizations conduct their daily business and involves various changes in organizational and governance structures, software systems and data flows as well as corporate culture, organizational power and communication. We argue that the implementation of a holistic compliance cannot be divided into isolated projects, but instead requires a thorough analysis of relevant components as well as an integrated design of the very same. This paper examines the state-of-the-art of compliance research in the field of information systems (IS) by means of a comprehensive literature analysis. For the systemization of our results we apply a holistic framework for enterprise analysis and design. The framework allows us to both point out “focus areas” as well as “less travelled roads” and derive a future research agenda for compliance research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aier, S., Kurpjuweit, S., Saat, J., Winter, R.: Business Engineering Navigator – A Business to IT Approach to Enterprise Architecture Management. In: Bernard, S., Doucet, G., Gøtze, J., Saha, P. (eds.) Coherency Management – Architecting the Enterprise for Alignment, Agility, and Assurance Ed. (2009)

    Google Scholar 

  2. Braganza, A., Desouza, K.C.: Implementing Section 404 of the Sarbanes Oxley Act: Recommendations for Information Systems Organizations. Communications of the Association for Information Systems 18, 464–487 (2006)

    Google Scholar 

  3. Braganza, A., Franken, A.: SOX, Compliance, and Power Relationships. Communications of the ACM 50(9), 97–102 (2007)

    Article  Google Scholar 

  4. Braganza, A., Hackney, R.: Diffusing Management Information for Legal Compliance: the Role of the IS Organization within the Sarbanes-Oxley Act. Journal of Organizational and End User Computing 20, 1–24 (2008)

    Article  Google Scholar 

  5. Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)

    Article  Google Scholar 

  6. Brown, A.E., Grant, G.G.: Framing the Frameworks: A Review of IT Governance Research. Communications of the Association for Information Systems 15, 696–712 (2005)

    Google Scholar 

  7. Butler, T., McGovern, D.: Adoption IT to Manage Compliance and Risks: An Institutional Perspective. In: Proceedings of the 16th European Conference on Information Systems (ECIS), Galway, Ireland, pp. 1034–1045 (2008)

    Google Scholar 

  8. Coglianese, C.: Information Technology and Regulatory Policy: New Directions for Digital Government Research. Social Science Computer Review 22(1), 85–91 (2004)

    Article  Google Scholar 

  9. Cooper, H.M.: Organizing knowledge syntheses: A taxonomy of literature reviews. Knowledge in Society 1, 104–126 (1988)

    Google Scholar 

  10. Currie, W.: Institutionalization of IT Compliance: A Longitudinal Study. In: Proceedings of the 29th International Conference on Information Systems (ICIS), Paris, France (2008)

    Google Scholar 

  11. Fisher, J., Harindranath, G.: Regulation as a barrier to electronic commerce in Europe: the case of the European fund management industry. European Journal of Information Systems 13, 260–272 (2004)

    Article  Google Scholar 

  12. Goldschmidt, P.: Managing the false alarms: A framework for assurance and verification of surveillance monitoring. Information Systems Frontiers 9(5), 541–556 (2007)

    Article  Google Scholar 

  13. Hall, J.A., Liedtka, S.L., Gupta, P., Liedtka, J., Tompkins, S.: The Sarbanes-Oxley Act: Implications for Large-Scale IT-Outsourcing. Communications of the ACM 50(3), 95–100 (2007)

    Article  Google Scholar 

  14. Hu, Q., Hart, P., Cooke, D.: The Role of External and Internal Influences on Information Systems Security – A Neo-Institutional Perspective. Journal of Strategic Information Systems 16, 153–172 (2007)

    Article  Google Scholar 

  15. IEEE: IEEE Recommended Practice for Architectural Description of Software Intensive Systems (IEEE Std 1471-2000). IEEE Computer Society, New York (2000)

    Google Scholar 

  16. Kim, H.M., Fox, M.S., Sengupta, A.: How To Build Enterprise Data Models To Achieve Compliance To Standards Or Regulatory Requirements (and share data). Journal of the Association of Information Systems 8(2), 105–128 (2007)

    Google Scholar 

  17. Ma, Q., Pearson, J.M.: ISO 17799: Best Practices in Information Security Management? Communications of the Association for Information Systems 15, 577–591 (2005)

    Google Scholar 

  18. Matsuura, J.H.: An Overview of Leading Current Legal Issues Affecting Information Technology Professionals. Information Systems Frontiers 6(2), 153–160 (2004)

    Article  Google Scholar 

  19. Merhout, J.W., Havelka, D.: Information Technology Auditing: A Value-Added IT Governance Partnership between IT Management and Audit. Communications of the Association for Information Systems 23, 463–482 (2008)

    Google Scholar 

  20. Mishra, S., Weistroffer, H.R.: A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process. Communications of the Association for Information Systems 20, 712–727 (2007)

    Google Scholar 

  21. Opengroup: TOGAF Enterprise Edition Version 8.1. The Open Group (2003)

    Google Scholar 

  22. Österle, H., Winter, R.: Business Engineering - Auf dem Weg zum Unternehmen des Informationszeitalters. In: Österle, H., Winter, R. (eds.) Business Engineering, 2nd edn., pp. 3–19. Springer, Berlin (2003)

    Chapter  Google Scholar 

  23. Panko, R.R.: Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks. Communications of the Association for Information Systems 17, 647–676 (2006)

    Google Scholar 

  24. Raghupathi, W.R.: Corporate Governance of IT: A Framework for Development. Communications of the ACM 50(8), 94–99 (2007)

    Article  Google Scholar 

  25. Schekkerman, J.: How to Survive in the Jungle of Enterprise Architecture Frameworks: Creating or Choosing an Enterprise Architecture Framework. Trafford Publishing, Victoria (2004)

    Google Scholar 

  26. Schwaig, K.S., Kane, G.C., Storey, V.C.: Compliance to the Fair Information Practices: How are the Fortune 500 handling Online Privacy Disclosures? Information & Management 43(7), 805–820 (2006)

    Article  Google Scholar 

  27. Schwerha IV, J.J.: Cybercrime: Legal Standards Governing the Collection of Digital Evidence. Information Systems Frontiers 6(2), 133–151 (2004)

    Article  Google Scholar 

  28. Securities Industry Association, C., Legal, D.: The Role of Compliance. Journal of Investment Compliance 6(3), 4–22 (2005)

    Google Scholar 

  29. Setiono, R., Mues, C., Baesens, B.: Risk Management and Regulatory Compliance: A Data Mining Framework Based on Neural Network Rule Extraction. In: Proceedings of the 27th International Conference on Information Systems (ICIS), Paris, France (2006)

    Google Scholar 

  30. Smith, H.A., McKeen, J.D.: Developments In Practice XXI: IT in the New World of Corporate Governance Reforms. Communications of the Association for Information Systems 17, 714–727 (2006)

    Google Scholar 

  31. Taylor, C.: The Evolution of Compliance. Journal of Investment Compliance 6(4), 54–58 (2005)

    Article  Google Scholar 

  32. Tyler, T., Dienhart, J., Thomas, T.: The Ethical Commitment to Compliance: Buildung Value-Based Cultures. California Management Review 50(2), 31–51 (2008)

    Article  Google Scholar 

  33. Volonino, L., Gessner, G.H., Kermis, G.F.: Holistic Compliance with Sarbanes-Oxley. Communications of the Association for Information Systems 14, 219–233 (2004)

    Google Scholar 

  34. Wagner, S., Dittmar, L.: The Unexpected Benefits of Sarbanes-Oxley. Harvard Business Review 84(4), 133–140 (2006)

    Google Scholar 

  35. Willcocks, L., Whitley, E.A., Avgerou, C.: The ranking of top IS journals: a perspective from the London School of Economics. European Journal of Information Systems 17, 163–168 (2008)

    Article  Google Scholar 

  36. Winter, R.: Design Science Research in Europe. European Journal of Information Systems 17, 470–475 (2008)

    Article  Google Scholar 

  37. Winter, R., Fischer, R.: Essential Layers, Artifacts, and Dependencies of Enterprise Architecture. In: Society, I.C. (ed.) Proceedings of the EDOC Workshop on Trends in Enterprise Architecture Research (TEAR 2006). IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Management, University of St. Gallen, Mueller-Friedberg-Strasse 8, 9000, St. Gallen, Switzerland

    Anne Cleven & Robert Winter

Authors
  1. Anne Cleven
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Winter
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. LogicBlox, Atlanta, GA, USA

    Terry Halpin

  2. Norwegian University of Science and Technology, NTNU,, Trondheim, Norway

    John Krogstie

  3. University of Paris 1 Pantheon Sorbonne, Paris, France

    Selmin Nurcan

  4. Capgemini and Radboud University Nijmegen, Nijmegen, The Netherlands

    Erik Proper

  5. University of Applied Sciences, Aalen, Germany

    Rainer Schmidt

  6. University of Haifa, Carmel Mountain, Haifa, Israel

    Pnina Soffer

  7. University of Manchester, Manchester, UK

    Roland Ukor

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cleven, A., Winter, R. (2009). Regulatory Compliance in Information Systems Research – Literature Analysis and Research Agenda. In: Halpin, T., et al. Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2009 2009. Lecture Notes in Business Information Processing, vol 29. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01862-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01862-6_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01861-9

  • Online ISBN: 978-3-642-01862-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation