Abstract
After a period of little regulation, many companies are now facing a growing number and an increasing complexity of new laws, regulations, and standards. This has a huge impact on how organizations conduct their daily business and involves various changes in organizational and governance structures, software systems and data flows as well as corporate culture, organizational power and communication. We argue that the implementation of a holistic compliance cannot be divided into isolated projects, but instead requires a thorough analysis of relevant components as well as an integrated design of the very same. This paper examines the state-of-the-art of compliance research in the field of information systems (IS) by means of a comprehensive literature analysis. For the systemization of our results we apply a holistic framework for enterprise analysis and design. The framework allows us to both point out “focus areas” as well as “less travelled roads” and derive a future research agenda for compliance research.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Aier, S., Kurpjuweit, S., Saat, J., Winter, R.: Business Engineering Navigator – A Business to IT Approach to Enterprise Architecture Management. In: Bernard, S., Doucet, G., Gøtze, J., Saha, P. (eds.) Coherency Management – Architecting the Enterprise for Alignment, Agility, and Assurance Ed. (2009)
Braganza, A., Desouza, K.C.: Implementing Section 404 of the Sarbanes Oxley Act: Recommendations for Information Systems Organizations. Communications of the Association for Information Systems 18, 464–487 (2006)
Braganza, A., Franken, A.: SOX, Compliance, and Power Relationships. Communications of the ACM 50(9), 97–102 (2007)
Braganza, A., Hackney, R.: Diffusing Management Information for Legal Compliance: the Role of the IS Organization within the Sarbanes-Oxley Act. Journal of Organizational and End User Computing 20, 1–24 (2008)
Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)
Brown, A.E., Grant, G.G.: Framing the Frameworks: A Review of IT Governance Research. Communications of the Association for Information Systems 15, 696–712 (2005)
Butler, T., McGovern, D.: Adoption IT to Manage Compliance and Risks: An Institutional Perspective. In: Proceedings of the 16th European Conference on Information Systems (ECIS), Galway, Ireland, pp. 1034–1045 (2008)
Coglianese, C.: Information Technology and Regulatory Policy: New Directions for Digital Government Research. Social Science Computer Review 22(1), 85–91 (2004)
Cooper, H.M.: Organizing knowledge syntheses: A taxonomy of literature reviews. Knowledge in Society 1, 104–126 (1988)
Currie, W.: Institutionalization of IT Compliance: A Longitudinal Study. In: Proceedings of the 29th International Conference on Information Systems (ICIS), Paris, France (2008)
Fisher, J., Harindranath, G.: Regulation as a barrier to electronic commerce in Europe: the case of the European fund management industry. European Journal of Information Systems 13, 260–272 (2004)
Goldschmidt, P.: Managing the false alarms: A framework for assurance and verification of surveillance monitoring. Information Systems Frontiers 9(5), 541–556 (2007)
Hall, J.A., Liedtka, S.L., Gupta, P., Liedtka, J., Tompkins, S.: The Sarbanes-Oxley Act: Implications for Large-Scale IT-Outsourcing. Communications of the ACM 50(3), 95–100 (2007)
Hu, Q., Hart, P., Cooke, D.: The Role of External and Internal Influences on Information Systems Security – A Neo-Institutional Perspective. Journal of Strategic Information Systems 16, 153–172 (2007)
IEEE: IEEE Recommended Practice for Architectural Description of Software Intensive Systems (IEEE Std 1471-2000). IEEE Computer Society, New York (2000)
Kim, H.M., Fox, M.S., Sengupta, A.: How To Build Enterprise Data Models To Achieve Compliance To Standards Or Regulatory Requirements (and share data). Journal of the Association of Information Systems 8(2), 105–128 (2007)
Ma, Q., Pearson, J.M.: ISO 17799: Best Practices in Information Security Management? Communications of the Association for Information Systems 15, 577–591 (2005)
Matsuura, J.H.: An Overview of Leading Current Legal Issues Affecting Information Technology Professionals. Information Systems Frontiers 6(2), 153–160 (2004)
Merhout, J.W., Havelka, D.: Information Technology Auditing: A Value-Added IT Governance Partnership between IT Management and Audit. Communications of the Association for Information Systems 23, 463–482 (2008)
Mishra, S., Weistroffer, H.R.: A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process. Communications of the Association for Information Systems 20, 712–727 (2007)
Opengroup: TOGAF Enterprise Edition Version 8.1. The Open Group (2003)
Österle, H., Winter, R.: Business Engineering - Auf dem Weg zum Unternehmen des Informationszeitalters. In: Österle, H., Winter, R. (eds.) Business Engineering, 2nd edn., pp. 3–19. Springer, Berlin (2003)
Panko, R.R.: Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks. Communications of the Association for Information Systems 17, 647–676 (2006)
Raghupathi, W.R.: Corporate Governance of IT: A Framework for Development. Communications of the ACM 50(8), 94–99 (2007)
Schekkerman, J.: How to Survive in the Jungle of Enterprise Architecture Frameworks: Creating or Choosing an Enterprise Architecture Framework. Trafford Publishing, Victoria (2004)
Schwaig, K.S., Kane, G.C., Storey, V.C.: Compliance to the Fair Information Practices: How are the Fortune 500 handling Online Privacy Disclosures? Information & Management 43(7), 805–820 (2006)
Schwerha IV, J.J.: Cybercrime: Legal Standards Governing the Collection of Digital Evidence. Information Systems Frontiers 6(2), 133–151 (2004)
Securities Industry Association, C., Legal, D.: The Role of Compliance. Journal of Investment Compliance 6(3), 4–22 (2005)
Setiono, R., Mues, C., Baesens, B.: Risk Management and Regulatory Compliance: A Data Mining Framework Based on Neural Network Rule Extraction. In: Proceedings of the 27th International Conference on Information Systems (ICIS), Paris, France (2006)
Smith, H.A., McKeen, J.D.: Developments In Practice XXI: IT in the New World of Corporate Governance Reforms. Communications of the Association for Information Systems 17, 714–727 (2006)
Taylor, C.: The Evolution of Compliance. Journal of Investment Compliance 6(4), 54–58 (2005)
Tyler, T., Dienhart, J., Thomas, T.: The Ethical Commitment to Compliance: Buildung Value-Based Cultures. California Management Review 50(2), 31–51 (2008)
Volonino, L., Gessner, G.H., Kermis, G.F.: Holistic Compliance with Sarbanes-Oxley. Communications of the Association for Information Systems 14, 219–233 (2004)
Wagner, S., Dittmar, L.: The Unexpected Benefits of Sarbanes-Oxley. Harvard Business Review 84(4), 133–140 (2006)
Willcocks, L., Whitley, E.A., Avgerou, C.: The ranking of top IS journals: a perspective from the London School of Economics. European Journal of Information Systems 17, 163–168 (2008)
Winter, R.: Design Science Research in Europe. European Journal of Information Systems 17, 470–475 (2008)
Winter, R., Fischer, R.: Essential Layers, Artifacts, and Dependencies of Enterprise Architecture. In: Society, I.C. (ed.) Proceedings of the EDOC Workshop on Trends in Enterprise Architecture Research (TEAR 2006). IEEE Computer Society, Los Alamitos (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cleven, A., Winter, R. (2009). Regulatory Compliance in Information Systems Research – Literature Analysis and Research Agenda. In: Halpin, T., et al. Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2009 2009. Lecture Notes in Business Information Processing, vol 29. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01862-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-01862-6_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01861-9
Online ISBN: 978-3-642-01862-6
eBook Packages: Computer ScienceComputer Science (R0)