Search results

The purpose of this paper is to analyse the corporate governance information disclosed by Spanish listed companies on the internet, with the objective of assessing the extent and the influence of several corporate characteristics on the level of information voluntarily disclosed.

The study took as its reference the existing literature on the examination of the quality of web sites and the importance of content as a key variable in determining web site quality. To quantify the corporate governance information disclosed by Spanish listed companies, three transparency indexes were designed. To contrast which variables determine the information provided online, the investigation based itself on studies about voluntary disclosure in companies, and three lineal regressions models and an ANOVA analysis were performed.

The empirical evidence obtained reveals that the firms that score highest for transparency are also those that are most likely to use the internet as a channel for the disclosure of corporate governance information. The results show that disclosure levels depend on the degree to which firms are followed by analysts, their listing age, their “visibility” and the fact of belonging to the communications and information services industry.

The need for this study was clear in view of the increasing interest shown by supervisory authorities for the oversight of the European and US capital markets in regulating not only the content but also the manner in which corporate governance information is disclosed over the internet. During the coming years, regulatory stock market agencies will have to strive to take advantage of the opportunities that the internet offers to increase both the relational and informational capacity of company web sites.

Corporate governance research has focused mainly on the analysis of the information that firms ought to disclose and the effects of disclosure generally, without considering the media involved. This paper suggests a new approach that examines the relevance of technology, particularly the internet, and orients supervisory authorities in the direction to follow for improving corporate governance transparency in listed companies.

Big Data has become increasingly important to multiple facets of the accounting profession, but accountants have little understanding of the steps necessary to convert Big Data into useful information. This limited understanding creates a gap between what accountants can do and what accountants should do to assist in Big Data information governance. The study aims to bridge this gap in two ways.

First, the study introduces a model of the Big Data life cycle to explain the process of converting Big Data into information. Knowledge of this life cycle is a first step toward enabling accountants to engage in Big Data information governance. Second, it highlights informational and control risks inherent to this life cycle, and identifies information governance activities and agents that can minimize these risks.

Because accountants have a strong ability to identify the informational and control needs of internal and external decision-makers, they should play a significant role in Big Data information governance.

This model of the Big Data life cycle and information governance provides a first attempt to formalize knowledge that accountants need in a new field of the accounting profession.

As an emerging discipline, information governance (IG) presents a number of challenges to organisations and countries. For example, IG has not yet been clearly defined and current proponents present the concepts as records management, information management, enterprise content management, privacy (data protection), freedom of information, corporate governance, information risk, information security and e-discovery, to mention just a few areas. At an organisational level, initiatives focus on one of these aspects, often conflicting with the other elements, and are initiated because of some immediate business challenge, such as the introduction of the Protection of Personal Information Act (data protection or privacy legislation) in South Africa. This is compounded by the fact that the country creates many fragmented policies and pieces of legislation on the same IG aspects which are conducted in a disjointed manner. This study aims to present an integrated IG framework at the country level, comprising key success factors, required instruments (policy and legislation), principles and a proposed list of elements or disciplines, which should be managed in a cohesive manner.

This study adopted the Information Governance Initiative’s pinwheel facets of IG to design an integrated framework of elevating IG to country level. The pinwheel helped to identify different facets of information disciplines and the responsible oversight mechanism for implementation in South Africa. The study relied on data obtained through content analysis of policy documents, legislative frameworks, and literature review regarding the identified facets of IG in South Africa.

The study established that only some aspects/domains/facets of IG are legislated and driven by policy in South Africa. These domains are at different levels of maturity and different stakeholder groups are responsible for each domain; for instance, the National Archives of South Africa is responsible for records management and the State Information Technology Agency is responsible for information technology, while the newly established Information Regulator is responsible for freedom of information and data privacy. There is generally no over-arching structure responsible for overall IG in South Africa as the elements are fragmented in various oversight mechanisms and institutions. As a result, domains compete for limited resources and often lead to “knee-jerk” responses to legislative, legal or risk drivers.

It is concluded that if IG is not regulated and modelled at a country level, it is highly unlikely to filter down to organisations. Implementing IG at country level will go a long way in helping to filter it down to an organisation level.

The study is useful by presenting a framework to ensure that IG is implemented at the country level with a single coordinating body established for oversight mechanisms such as the Information Regulator (which currently has a narrow scope of privacy and freedom of information, although with limited resources).

Distributed trust technologies, such as blockchain, propose to permit peer-to-peer transactions without trusted third parties. Yet not all implementations of such technologies fully decentralize. Information professionals make strategic choices about the level of decentralization when implementing such solutions, and many organizations are taking a hybrid (i.e. partially decentralized) approach to the implementation of distributed trust technologies. This paper conjectures that while hybrid approaches may resolve some challenges of decentralizing information governance, they also introduce others. To better understand these challenges, this paper aims first to elaborate a framework that conceptualizes a centralized–decentralized information governance continuum along three distinct dimensions: custody, ownership and right to access data. This paper then applies this framework to two illustrative blockchain case studies – a pilot Brazilian land transfer recording solution and a Canadian health data consent sharing project – to exemplify how the current transition state of blockchain pilots straddles both the old (centralized) and new (decentralized) worlds. Finally, this paper outlines the novel challenges that hybrid approaches introduce for information governance and what information professionals should do to navigate this thorny transition period. Counterintuitively, it may be much better for information professionals to embrace decentralization when implementing distributed trust technologies, as hybrid models could offer the worst of both the centralized and future decentralized worlds when consideration is given to the balance between information governance risks and new strategic business opportunities.

This paper illustrates how blockchain is transforming organizations and societies by highlighting new strategic information governance challenges using our original analytic framework in two detailed blockchain case studies – a pilot solution in Brazil to record land transfers (Flores et al., 2018) and another in Canada to handle health data sharing consent (Hofman et al., 2018). The two case studies represent research output of the first phase of an ongoing multidisciplinary research project focused on gaining an understanding of how blockchain technology generates organizational, societal and data transformations and challenges. The analytic framework was developed inductively from a thematic synthesis of the findings of the case studies conducted under the auspices of this research project. Each case discussed in detail in this paper was chosen from among the project's case studies, as it represents a desire to move away from the old centralized world of information governance to a new decentralized one. However, each case study also represents and embodies a transition state between the old and new worlds and highlights many of the associated strategic information governance challenges.

Decentralization continues to disrupt organizations and societies. New emerging distributed trust technologies such as blockchain break the old rules with respect to the trust and authority structures of organizations and how records and data are created, managed and used. While governments and businesses around the world clearly see value in this technology to drive business efficiency, open up new market opportunities and create new forms of value, these advantages will not come without challenges. For information executives then, the question is not if they will be disrupted, but how. Understanding the how as will be discussed in this paper provides the business know how to leverage the incredible innovation and transformation that decentralized trust technology enables before being leapfrogged by another organization. It requires a change of mindset to consider an organization as one part of a broader ecosystem, and for those who successfully do so, this paper views this as a strategic opportunity for those responsible for strategic information governance to design the future instead of being disrupted by it.

This paper presents a novel analytic framework for strategic information governance challenges as we transition from a traditional world of centralized records and information management to a new decentralized world. This paper analyzes these transitions and their implications for strategic information governance along three trajectories: custody, ownership and right to access records and data, illustrating with reference to our case studies.

This paper predicts a large number of organizations will miss the opportunities of the new decentralized trust world, resulting in a rather major churning of organizations, as those who successfully participate in building the new model will outcompete those stuck in the old world or the extremely problematic hybrid transition state. Counterintuitively, this paper argues that it may be much less complex for information executives to embrace decentralization as fast as they can, as in some ways the hybrid model seems to offer the worst of both the centralized and future decentralized worlds with respect to information governance risks.

This paper anticipates broader societal consequences of the predicted organization churn, in particular with respect to uncertainty about the evidence that records provide for public accountability and contractual rights and entitlements.

Decentralized trust technologies, such as blockchain, permit peer-to-peer transactions without trusted third parties. Of course, such radical shifts do not happen overnight. The current transition state of blockchain pilots straddles both the old and new worlds. This paper presents a theoretical framework categorizing strategic information governance challenges on a spectrum of centralized to decentralized in three primary areas: custody, ownership and right to access records and data. To illustrate how decentralized trust is transforming organizations and societies, this paper presents these strategic information governance challenges in two blockchain case studies – a pilot Brazilian land transfer recording solution and a Canadian health data consent sharing project. Drawing on the theoretical framework and case studies, this paper outlines what information executives should do to navigate this thorny transition period.

This paper aims to discuss the still immature concept of information governance (IG) from a records and information management (RIM) perspective and attempts to identify some critical aspects, essential elements and challenges, drawing on lessons learned from corporate experience in a global setup.

After a critical consideration of the notion “information governance” the paper reports some issues which turned out to be major barriers to success during IG implementation within a given organisation.

Practical experience highlights the importance of carefully scoping IG frameworks in larger organisations; in particular, balancing the representation of all relevant stakeholders (especially lines of business) and targeting investment in initiatives that foster an information management culture. Equally critical to success is corporate communication which truly values information as a corporate asset and highlights the importance of information lifecycle management rather than technology under the motto “putting the ‘I’ into IT”.

This paper draws on experience from a single case study to discuss some of the cultural factors that influence the design and implementation of IG in general. However, more empirical research is needed in order to broaden the understanding of the impact of IG programmes in real-world organisations.

When implementing IG programmes in global organisations it should not be limited to an IT perspective alone. The biggest challenge is the fact that no department or discipline alone can achieve the desired results. Success is only possible in an orchestrated scenario with clear value propositions for specific business functions.

Based on a small selection of professional literature on the IG approach, the paper presents findings about issues and pitfalls when setting up and implementing an IG programme. It is hoped that it will inspire more exploratory research of this kind from members of the records management community to encourage them to raise the need for IG in their own organisations.

This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.

An empirical survey, using a self‐administered questionnaire, is conducted to explore and evaluate the current status and the main features of ISG in the Saudi environment. The questionnaire is developed based on ISG guidelines for boards of directors and executive management issued by the Information Technology (IT) Governance Institute and other related materials available in the literature. A total of 167 valid questionnaires are collected and processed using the Statistical Package for Social Sciences, version 16.

The results of the study reveal that although the majority of Saudi organizations recognize the importance of ISG as an integrant factor for the success of IT and corporate governance, most of them have no clear information security strategies or written information security policy statements. The majority of Saudi organizations have no disaster recovery plans to deal with information security incidents and emergencies; information security roles and responsibilities are not clearly defined and communicated. The results also show that alignment between ISG and the organization's overall business strategy is relatively poor and not adequately implemented. The results also show that risk assessment procedures are not adequately and effectively implemented, ISG is not a regular item in the board's agenda, and there are no properly functioning ISG processes or performance‐measuring systems in the majority of Saudi organizations. Accordingly, appropriate actions should be taken to improve implementing and measuring the ISG performance in Saudi organizations.

From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The results of the paper enable them to better understand and evaluate ISG and to champion IT development for business success in Saudi organizations.

This paper examines the moderating effect of good corporate governance on the association between internal information quality and tax savings.

This study uses a quantitative approach. It employs an Australian sample of analysis composed of 1,295 firm-year observations from the period 2017 to 2021. Data relating to corporate governance are hand-collected from the annual reports.

Based on the result of the analysis, this study demonstrates that the interaction between corporate governance and quality of internal information is positively associated with tax savings. Superior corporate governance is critical in activating the effect of internal information quality on tax savings. This finding is robust to a battery of robustness checks and additional tests.

This examination utilizes only publicly traded companies from one developed country.

For the company management, an effective governance structure must be at the top because it will determine the development of all other areas. This study emphasizes the need to continuously improve the effectiveness of corporate governance practices. For long-term investors, an important indicator that can be considered in assessing the “safety” of a company’s tax strategy is its corporate governance aspects. For regulators, this study is expected to assist regulators in creating a more adequate corporate governance implementation and disclosure package to be implemented by corporations in the future.

This study provides new evidence on a crucial construct that can strengthen the relationship between internal information quality and tax savings.

This study investigates the impact of supply chain governance (SCG, which includes relational governance and contractual governance) on supply chain resilience (SCR) using the information processing theory. Moreover, the study also examines the mediating role of information processing capability and the moderating role of digital technology (DT) deployment.

A total of 288 questionnaires were collected from the Chinese manufacturing industry, and hierarchical regression was used to empirically test the proposed model.

This study reveals that SCG positively impacts SCR. Moreover, information processing capability plays a mediating role between SCG and SCR. Furthermore, the breadth of DT deployment positively moderates the effect of relational governance on information processing capability, and the depth of DT deployment positively moderates the effects of both relational governance and contractual governance on information processing capability.

This study offers a novel perspective that helps to understand the importance of the supply chain-wide information acquired by SCG in respect of improving SCR. Furthermore, this article extends the application of information processing theory by providing empirical evidence of the mediating role of information processing capability and elucidating the moderating role of DT deployment.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

Information security is a growing concern in society, across businesses and government. As the offshore IT services market continues to grow providing numerous benefits, there are also perceived risks with respect to the quality of information security delivered in the supply chain. This paper aims to examine, as a case, the perceptions of Indian software services provider (service provider) employees with respect to information security governance and its impact on information security service quality that is delivered to customers.

The paper provides a framework built upon the existing dimensions and instruments for total quality management and service quality, suitably modified to reflect the context of information security. SmartPLS, a structural equation modelling technique, has been used to analyse field survey data collected from across various Indian cities and companies.

Significant finding is that information security governance in an IT outsourcing company providing software services has a highly significant impact on the information security service quality, which can be predicted. The paper also establishes that there is a positive relationship collectively between elements of information security governance and information security service quality.

Since data used in this study were taken solely from the responses of employees of outsourced service companies in India, it does not show if this translates into service improvements as perceived by the customer.

Information security governance should be made an integral part of corporate governance and is an effective strategic technique, if software outsourcing business enterprises want to achieve a competitive edge, provide client satisfaction and create trust.

The paper presents empirical data validation of the connection between information security governance and quality of service.