Search results

Process gatekeepers, individuals responsible for strictly enforcing data completeness at critical points within a process, are often used to encourage compliance with processes associated with enterprise systems. The purpose of this paper is to explore the relationship between process gatekeepers and process compliance.

Through a mixed‐method approach of both qualitative and quantitative analyses of one firm's sales processes, the paper identifies and measures four key drivers of compliance with the work process: ease of use, perceived value, urgency, and gatekeeper flexibility.

The paper finds that process context‐specific, gatekeeper‐related factors directly affect an individual's willingness to work within the bounds of prescribed processes. In particular, the paper finds evidence that gatekeeper flexibility appears to encourage process compliance.

These findings are limited in generalizability to a single organization, by potential instrument‐related biases, and by typical caveats associated with models derived from exploratory research.

Implications include the motivation of the need for overall process compliance in realizing the benefits of an enterprise information system, as well as the counterintuitive notion that gatekeeper flexibility may be positively related to process compliance.

This paper introduces the notion of process gatekeeper, devises a context‐specific measure of gatekeeper flexibility, and relates this notion to an overall model associated with process compliance in an enterprise system context.

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

In organizations, individual user’s compliance with business processes is important from a regulatory and efficiency point of view. The restriction of users’ choices by implementing a restrictive information system is a typical approach in many organizations. However, restrictions and mandated compliance may affect employees’ performance negatively. Especially when users need a certain degree of flexibility in completing their work activity. The purpose of this paper is to introduce the concept of directive explanations (DEs). DEs provide context-dependent feedback to users, but do not force users to comply.

The experimental study used in this paper aims at investigating how DEs influence users’ process compliance. The authors used a laboratory experiment to test the proposed hypotheses. Every participant underwent four trials for which business process compliance was measured. Two trial blocks were used to cluster the four trials. Diagrammatic DEs were provided in one of the trial blocks, while textual DEs were provided in the other. Trial blocks were counterbalanced.

The results of the experiment show that DEs influence a user’s compliance, but the effect varies for different types of DEs. The authors believe this study is significant as it empirically examines design characteristics of explanations from knowledge-based systems in the context of business processes.

This study is certainly not without limitations. The sample used for this study was drawn from undergraduate information systems management students. The sample is thus not representative of the general population of organizations’ IT users. However, a student sample adequately represents novice IT users, who are not very familiar with a business process. They are particularly suitable to study how users react to first-time contact with a DE.

The findings of this study are important to designers and implementers of systems that guide users to follow business processes. As the authors have illustrated with a real-world scenario, an ERP system’s explanation can lack details on how a user can resolve a blocked activity. In situations in which users bypass restricted systems, DEs can guide them to comply with a business process. Particularly diagrammatic explanations, which depict actors, activities, and constraints for a business process, have been found to increase the probability that users’ behavior is business process compliant. Less time may be needed to resolve a situation, which can result in very efficient user-system cooperation.

This study makes several important contributions to research on explanations, which are provided by knowledge-based systems. First, the authors conceptualized, designed, and investigated a novel type of explanations, namely, DEs. The results of this study show how dramatic the difference in process compliance performance is when exposed to certain types of DEs (in one group from 57 percent on the initial trial to 82 percent on the fourth trial). This insight is important to derive design guidelines for DE, particularly when multimedia material is used.

The purpose of this paper is to explore the main barriers and key issues that the hotel industry professionals face during the Payment Card Industry Data Security Standards (PCI DSS) compliance process. This paper will help to understand weaknesses and gaps in the PCI compliance process within the hotel industry that will provide a foundation to develop strategies and methods to address those issues in the future.

The paper presents an exploratory study using a two‐stage design. The first stage of the study was designed utilizing the Delphi technique to identify the issues that take place in the PCI compliance process in hotels. After analyzing the results of the first stage of the study, a list of PCI issues was compiled and incorporated in the web hosted questionnaire. In total, 30 hotel executives participated in the second stage of the study providing their evaluation of the importance of the identified PCI compliance issues.

A list of 20 PCI compliance issues that hotel executives face during the process was compiled as an outcome of the first stage of the study. The second stage of the study showed high‐financial cost of implementing and maintaining, lack of qualified staff, inadequate staff training, ambiguous terms in PCI DSS language, and lack of vendors' support and compliance to be the top five issues in PCI compliance in hotels.

The paper provides a useful insight into the issues that take place in the hotel industry during the PCI compliance process. This field has not been studied well in the literature. This paper presents the problems in PCI compliance that need to be addressed in order to make the process more efficient and effective.

The purpose of this study is to examine the factors that affect the adoption of electronic invoices and in turn the impact of these factors on the tax compliance process efficiency of companies.

A questionnaire survey was distributed to 276 users who adopted electronic invoicing. Partial least squares regression was used to analyze the collected data.

This study found that perceived benefits and trust in e-government had a positive influence on the adoption of electronic invoices. At the same time, the adoption of electronic invoice was found to have a positive impact on the overall efficiency of the tax compliance process. Moreover, the factors affecting adoption of electronic invoices can have a mediating effect on that adoption and tax compliance process efficiency.

This study only explored these influencing factors on companies that have adopted electronic invoicing. Future research should distinguish between adopters and non-adopters.

The results of this study can guide tax authorities and other electronic invoice suppliers when promoting the adoption of electronic invoicing.

This research can provide guidance to tax authorities to improve their own electronic invoice system by creating a workforce that have the skills to strengthen citizen’s trust in the electronic invoice system.

This study contributes to the electronic adoption literature by examining those factors that impact tax compliance processes efficiency.

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

The purpose of this study is to examine whether the compliance management activities in the risk management environment of financial institutions can be enhanced using a Process Mining application.

In this research, an implementation procedure for a selected Process Mining application is developed and evaluated at a financial institution in Germany.

The evaluation of the process data with the Process Mining application Disco shows that the compliance of the real-life execution of business processes can be monitored in real-time. Moreover, potential non-compliant activities and durations can be analysed in a detailed manner.

When the research results are regarded, it must be considered that a general condition for the usage of a Process Mining application is that the process data is available and exportable in the required format and that data privacy regulations are fulfilled.

This research presents a practical use case for the implementation of a Process Mining application at the risk management department of financial institutions. It shows the value of using a technical application to carry out tedious tasks that are usually executed manually. This value is discussed and compared with the aim to help financial institutions in determining how the effectiveness and efficiencies of compliance management activities can be improved. Therefore, this research can be taken as a foundation for the practical implementation of a Process Mining application at financial institutions.

The study applies Erving Goffman's (1974) “frame analysis” principles to examine how Sharia governance is practiced in Islamic banks and explores the interaction and strategies adopted by bank managers to influence the decisions of Sharia scholars. The study also aims to identify inherent flaws in the Sharia compliance review system.

The study employs the principles of Goffman as a lens to critically analyse a rich dataset obtained through interviews undertaken with 46 key players operating in the governance framework of the Malaysian Islamic banking industry due to its progressive Islamic governance framework.

The study demonstrates that managers of Islamic banks may engage in “passing” and “covering” strategies while interacting within the governance structure. Concurrently, Sharia boards (SBs) implement “protective practices” during their interactions, adding complexity to their responsibilities within the banks. Consequently, SBs cannot merely be viewed as instruments for legitimising banking operations. This raises questions about the “impression management,” “concealment” and “competence” strategies employed by managers and SB members, as suggested by Goffman's framework. These findings indicate that there is room for further enhancement in the governance practices of Islamic banks.

Future research could explore aspects related to the governance of Islamic banks, such as investigating the independence and effectiveness of internal Sharia officers. Examining the strategies employed during their interactions with external Sharia boards and other stakeholders could provide further valuable insights.

By highlighting shortcomings in the governance and compliance review process, the findings could serve as a valuable resource for policymakers. The insights derived could inform the development of regulations aimed at reducing opportunistic behaviour and promoting accountability in the Islamic banking sector.

This study uniquely employs Goffman's concepts of “frontstage” and “backstage” strategies to offer insights into the interactions between Islamic bank managers and SBs and the impact of these interactions on Sharia compliance. The study contributes to the understanding of the dynamics between key players in the governance of Islamic banks and the factors influencing their adherence to Sharia principles.

The purpose of this paper is to focus on changes in the compliance function within major European banks and other financial intermediaries and on the effects of Markets in Financial Instruments Directive (MiFID) implementation.

The four areas of research seek to answer the following questions: Is the positioning of the compliance function “at the top” of the organizational structure? Are the roles attributed to the compliance function, their knowledge and their instruments consistent with their responsibilities? Do the methodologies applied follow a qualitative and/or a quantitative approach? Is the interaction between the compliance function inside and outside the structure appropriate to the goals of compliance? In total, 31 top international groups based in Europe were invited to take part in the research, 16 of them accepted.

The authors observed a resolute adjustment to the regulations in terms of macrostructure and high levels of compliance function competences in investment services and business knowledge, with a low variation. The encouraging news coming out of the results of the research is the confirmation of the presence of a connection between the compliance function and both the system of values and of incentives.

The paper's international sample offers a unique opportunity to highlight the critical areas of the compliance function within international groups, with growing operational complexity in a framework of principle‐based regulation.