JIS Senior Editors' Blog

Journal of Information Systems

This is a public blog  publicRSS

blog entry

    Overview of JIS Paper. A Method to Evaluate Information...
    blog entry posted February 22, 2016 by Roger S Debreceny, last edited February 26, 2016, tagged research 
    Overview of JIS Paper. A Method to Evaluate Information Systems Control Alignment
    intro text:
    A forthcoming paper in JIS is by W. Alec Cram and R. Brent Gallupe "A Method to Evaluate Information Systems Control Alignment". This is one of the papers presented at the 1st JIS Research Conference (JISC2015). This post provides an overview of the paper. doi: http://dx.doi.org/10.2308/isys-51297

    Information systems controls are commonly viewed by managers and auditors as a means to not only adhere to compliance regulations, but also to aid in risk reduction and performance improvement. Existing frameworks such as COSO and COBIT provide practitioners with valuable guidance on selecting controls, yet organizations continue to be challenged with control deficiencies and poorly performing IS processes. This study considers a supplementary lens to examining the challenges of selecting and refining controls by introducing the concept of information systems control alignment. Here, we suggest that IS controls are most effective when they work together to complement organizational, staff, and process characteristics. In order to further develop this concept, our study sought to create a timely, accessible, and practical tool to determine the extent of control alignment within an IS process. Specifically, we conducted 29 interviews, as well as a pre-test, pilot test, and proof of concept evaluation, in order to develop, refine, and test a method that managers could use to evaluate IS control alignment.

    The resulting method takes the form of a survey, to be completed by a range of organizational representatives, that begins by establishing the particular IS process under investigation (e.g. managing enterprise architecture, managing security, etc.), as well the role of the participant and industry of the company. Next, the method asks participants to consider the characteristics of the control environment (i.e., the strategic, structural and cultural elements of an organization), control mechanisms (i.e., characteristics of the IS controls), socio-emotional characteristics (i.e., the impact that controls have on employees), and control execution (i.e., the extent that controls are evaluated and modified over time). Based on the collected responses from each participant, patterns within each category are depicted on a sliding scale that illustrate how well the identified IS controls align with the other elements.

    By using the tool in practice, managers can determine if there are aspects of the selected controls that conflict with organizational, staff, and process characteristics. This could encourage the selection of alternative controls, such as those that fall more in line with employee preferences or are more appropriate for the organizational structure. We view the method developed in this research as a tool that is complementary to the existing control frameworks, but one that provides a unique view into the importance of not only selecting more controls, but selecting the right controls for the situation. Future opportunities exist to expand the IS control alignment concept by aggregating results from the proposed method across different industries and IS processes. There is also an opportunity to apply the control alignment concept outside of IS, to evaluate the alignment of controls within traditional business processes such as financial close and accounts payable.