Emerging Challenges in Information Systems Research for Regulatory Compliance Management

  • Norris Syed Abdullah
  • Shazia Sadiq
  • Marta Indulska
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6051)


Managing regulatory compliance is increasingly challenging and costly for organizations world-wide. While such efforts are often supported by information technology (IT) and information systems (IS) tools, there is evidence that the current solutions are inadequate and do not fully address the needs of organizations. Often such discrepancy stems from a lack of alignment between the needs of the industry and the focus of academic research efforts. In this paper, we present the results of an empirical study that investigates challenges in managing regulatory compliance, derived from expert professionals in the Australian compliance industry. The results provide insights into problematic areas within the compliance management domain, as related to regulatees, regulations and IT compliance management solutions. By relating the identified challenges to existing activity in IS research, this exploratory paper highlights the inadequacy of current research and presents the first industry-relevant compliance management research agenda for IS researchers.


Regulatory Compliance Business Information Systems Empirical Study 


  1. 1.
    Lu, R., Sadiq, S., Governatori, G.: Compliance Aware Business Process Design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Anon, J.L., Filowitz, H., Kovatch, J.M.: Integrating Sarbanes-Oxley Controls into an Investment Firm Governance Framework. The Journal of Investment Compliance 8, 40–43 (2007)CrossRefGoogle Scholar
  3. 3.
    Pershkow, B.I.: Sarbanes-Oxley: Investment Company Compliance. The Journal of Investment Compliance 3, 16–30 (2003)CrossRefGoogle Scholar
  4. 4.
    Bace, J., Rozwell, C., Feiman, J., Kirwin, B.: Understanding the Costs of Compliance. Gartner Research. Gartner, Inc. (2006)Google Scholar
  5. 5.
    McGreevy, M.: AMR Research Finds Spending on Governance, Risk Management, and Compliance Will Exceed $32B in 2008. AMR Research, Inc. (2008)Google Scholar
  6. 6.
    Reilly, K.: AMR Research Finds Spending on Sarbanes-Oxley Compliance will Remain Steady at $6.0B in 2007. AMR Research (2007)Google Scholar
  7. 7.
    Robinson, K.T., Hawkins, R.W.: Investment Company and Investment Adviser Compliance Programs: New Requirements in a Changed Regulatory Environment. The Journal of Investment Compliance 4, 14–19 (2004)CrossRefGoogle Scholar
  8. 8.
    Syed Abdullah, N., Indulska, M., Sadiq, S.: A Study of Compliance Management in Information Systems Research. In: The 17th European Conference on Information Systems (ECIS 2009), Verona, Italy (2009)Google Scholar
  9. 9.
    Turner, R., Florio, C.D.: Investment Management Compliance: The Dawn of A New Era? The Journal of Investment Compliance 4 (2005)Google Scholar
  10. 10.
    Kramp, M.K.: Exploring Life and Experience through Narrative Inquiry. In: Marrais, K.d., Lapan, S.D. (eds.) Foundations for Research: Methods in Education and the Social Sciences, pp. 103–121. Erlbaum, Mahwah (2004)Google Scholar
  11. 11.
    Australian Competition & Consumer Commission: Trade Practices Compliance Programs. Commonwealth of Australia (2008)Google Scholar
  12. 12.
    Morton, J.C.: The Development of A Compliance Culture. The Journal of Investment Compliance 6, 59–66 (2005)CrossRefGoogle Scholar
  13. 13.
    KPMG: The Compliance Journey: Leveraging Information Technology to Reduce Costs and Improve Responsiveness. KPMG International (2006)Google Scholar
  14. 14.
    Kharbili, M.E., Stein, S., Markovic, I., Pulvermüller, E.: Towards a Framework for Semantic Business Process Compliance Management. In: GRCIS 2008, Montpellier, France (2008)Google Scholar
  15. 15.
    SAI Global Research: Risk and Compliance in Australia: The Issues and Trends as Seen by Practitioners (2008) Google Scholar
  16. 16.
    Sadiq, S., Indulska, M.: Driving Compliance through BPM. The University of Queensland (2008)Google Scholar
  17. 17.
    Abrams, C., Känel, J.v., Müller, S., Pfitzmann, B., Ruschka-Taylor, S.: Optimized Enterprise Risk Management. IBM Systems Journal 46, 219–234 (2007)CrossRefGoogle Scholar
  18. 18.
    Governatori, G., Milosevic, Z., Sadiq, S., Orlowska, M.: On Compliance of Business Processes with Business Contracts. ITEE Technical Report. The University of Queensland, Brisbane (2007)Google Scholar
  19. 19.
    Karagiannis, D., Mylopoulos, J., Schwab, M.: Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act. In: 15th IEEE International Requirements Engineering Conference (RE 2007), pp. 315–321 (2007)Google Scholar
  20. 20.
    Liu, Y., Müller, S., Xu, K.: A Static Compliance-checking Framework for Business Process Models. IBM Systems Journal 46, 335–361 (2007)CrossRefGoogle Scholar
  21. 21.
    Wilkins, R.: The Problems of Duplication and Inconsistency of Regulation in a Federal System. In: Grabosky, P., Braithwaite, J. (eds.) Business Regulation and Australia’s Future. Australian Institute of Criminology, Canberra (1993)Google Scholar
  22. 22.
    Harmer, R.: Current Views on Compliance & Governance. Rob Harmer Consulting Services (2004)Google Scholar
  23. 23.
    Paul, S.: Demand for Governance, Risk and Compliance Products on The Rise. The Hindu Business Line (2008)Google Scholar
  24. 24.
    Caldwell, F., Eid, T.: Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms. Gartner Research. Gartner, Inc. (2008)Google Scholar
  25. 25.
    Agrawal, R., Grandison, T., Johnson, C., Kiernan, J.: Enabling the 21st Century: Health Care Information Technology Revolution. Communications of the ACM 50, 35–42 (2007)CrossRefGoogle Scholar
  26. 26.
    Sadiq, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Kim, H.M., Fox, M.S., Sengupta, A.: How to Build Enterprise Data Models to Achieve Compliance to Standards or Regulatory Requirements (and share data). Journal of the AIS 8, 105–128 (2007)Google Scholar
  28. 28.
    Davis, C.J., Hikmet, N.: Training as Regulation and Development: An Exploration of the Needs of Enterprise Systems Users. Information & Management 45, 341–348 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Norris Syed Abdullah
    • 1
  • Shazia Sadiq
    • 1
  • Marta Indulska
    • 2
  1. 1.School of Information Technology & Electrical EngineeringThe University of QueenslandBrisbaneAustralia
  2. 2.UQ Business SchoolThe University of QueenslandBrisbaneAustralia

Personalised recommendations