Skip to main content
SpringerLink
Log in
Book cover

Information Systems: People, Organizations, Institutions, and Technologies pp 391–398Cite as

Compliance Management is Becoming a Major Issue in IS Design

  • Chapter
  • First Online:

Abstract

This article aims at improving the information systems management support to Risk and Compliance Management process, i.e. the management of all compliance imperatives that impact an organization, including both legal and strategically self-imposed imperatives. We propose a process to achieve such regulatory compliance by aligning the Governance activities with the Risk Management ones, and we suggest Compliance should be considered as a requirement for the Risk Management platform. We will propose a framework to align law and IT compliance requirements and we will use it to underline possible directions of investigation resumed in our discussion section. This work is based on an extensive review of the existing literature and on the results of a four-month internship done within the IT compliance team of a major financial institution in Switzerland, which has legal entities situated in different countries.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. IT Policy Compliance Group (2008) 2008 Annual Report: IT Governance, Risk and Compliance Improving Business Results and Mitigating Financial Risk. Retrieved May20, 2008 from http://www.itpolicycompliance.com/research_reports/it_governance/

  2. Purdy, R. M. (2006) Compliance Initiatives Can Yield IT Opportunities. U.S. Banker. Retrieved from http://www.americanbanker.com/article.html?id=20060601WEM27QCJ&queryid=189565628&hitnum=1

  3. Volonino, L., Gessner, G.H., Kermis, G.F. (2004) Holistic Compliance with Sarbanes-Oxley. Communications of the Association for Information Systems. 14(11): 219–233.

    Google Scholar 

  4. Rasmussen, M (2005) Seven habit of highly effective compliance programs. Retrieved from http://www.forrester.com/Research/PDF/0,5110,37240,00.pdf.

  5. Gasser, U., Hausermann, D. M. (2007) E-compliance: Towards A Roadmap For Effective Risk Management. Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=971848.

  6. Kark, K., Othersen, M. & McClean, C. (2007) Defining IT GRC. Retrieved from http://www.forrester.com/Research/PDF/0,5110,43341,00.pdf.

  7. McClean, C., Rasmussen, M. (2007). Topic Overview: Governance, Risk, And Compliance. Retrieved from http://www.forrester.com/Research/PDF/0,5110,39611,00.pdf.

  8. Her Majesty Treasury (2004). The Orange Book. Management of Risk – Principles and Concepts. Retrieved from http://www.hm-treasury.gov.uk/media/3/5/FE66035B-BCDC-D4B3-11057A7707D2521F.pdf.

  9. Giblin, C., Liu, A. Y., Müller, S., Pfitzmann, B., & Zhou, X. (2005) Regulations Expressed As Logical Models (REALM). 18th Annual Conference on Legal Knowledge and Information Systems (JURIX 2005), IOS Press, Amsterdam.

    Google Scholar 

  10. Sheth, A. (2005) Enterprise Applications of Semantic Web: The Sweet Spot of Risk and Compliance. IFIP International Conference on Industrial Applications of Semantic Web (IASW2005), Jyvaskyla, Finland.

    Google Scholar 

  11. El Kharbili, M., Stein, S., Markovic, I., Pulvermueller, E. (2008) Towards a Framework for Semantic Business Process Compliance Management. GRCIS’08 Workshop at 20th International Conference, CAISE 2008, Montpellier, France.

    Google Scholar 

  12. Security And Exchange Commission (1993) Reporting Requirements for Brokers or Dealers under the Security Exchange Act of 1934. Retrieved from http://www.sec.gov/rules/final/34-38245.txt.

  13. Federal Rules of Civil Procedure (2007) Rule 34 (a) Retrieved from http://www.law.cornell.edu/rules/frcp/Rule34.htm.

  14. Henderson, J. C., Venkatraman, H. (1993) “Strategic alignment: Leveraging information technology for transforming organizations.” IBM Systems Journal 32(1): 472–484.

    Article  Google Scholar 

  15. COSO (2004) Enterprise Risk Management Integrated Framework- Executive Summary.. Retrieved from www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf.

  16. Lau, G. T., Kerrigan, S., Law, K. H. & Wiederhold, G. (2004) An E-Government Information Architecture for Regulation Analysis and Compliance Assistance. 6th International Conference on Electronic Commerce (ICEC), Delft, The Netherlands.

    Google Scholar 

  17. Maher, M. M. (2005) “Tips for Managing Relationship with Regulators.” ABA Bank Compliance 26(3): 24-28.

    Google Scholar 

  18. ISACA (2007) Control Objectives for Information and related Technology (COBIT) 4.1. Retrieved from http://www.isaca.org.

  19. Rifaut, A. (2005) Goal-Driven Requirements Engineering for Supporting the ISO 15504 Assessment Process. Software Process Improvement, 12th European Conference, EuroSPI 2005, Budapest, Hungary, Springer.

    Google Scholar 

  20. Governatori, G., Milosevic, Z., Sadiq, S: (2006) Compliance Checking between Business Processes and Business Contracts. 10th IEEE Conference on Enterprise Distributed Object Computing.

    Google Scholar 

  21. Lezoche, M., Missikoff, M., Tininini, L. (2008) Business Process Evolution: a Rule-based Approach. 20th International Conference, CAISE 2008, Montpellier, France.

    Google Scholar 

  22. Namiri, K., Stojanovic, N. (2007) A Semantic-based Approach for Compliance Management of Internal Controls in Business Processes. CAiSE Forum 2007.

    Google Scholar 

  23. Agrawal, R., Johnson, C., Kiernan, J., Leymann, F. (2006) Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology. 22nd international Conference on Data Engineering., Washington, DC, USA, IEEE Computer Society.

    Google Scholar 

  24. Zur Muehlen, M., Rosemann, M. (2005) Integrating Risks in Business Process Models. Australasian Conference on Information Systems (ACIS 2005), Manly, Sydney, Australia.

    Google Scholar 

  25. Heiser, J., Perkins, E., Witty, R.J., Williams, B., Miklovic, D., De Lotto, R.J., Vining, J., Van Decker, J.E., Colville, R.J., Nicolett, M., Stevens, L., McKibben, D., Furlonger, D., Caldwell, F., Proctor, P.E., Chin, K., Logan, D., Ouellet, E., Wheatman, J., DiCenzo, C., McDonald, N., Bace, J., Knox, R.E., Noakesfix, K., Allan, A., Eld, T., Kreizman, C., Brittain, K., McNee, S (2008) “Hype Cycle for Governance, Risk and Compliance Technologies, 2008.”. Retrieved from Gartner, Inc.

    Google Scholar 

  26. Gangemi, A., Prisco, A., Sagri, M.T., Steve, G., Tiscornia, D. (2003) Some ontological tools to support legal regulatory compliance, with a case study. Workshop on Regulatory Ontologies and the Modeling of Complaint Regulations (WORM CoRe 2003), Catania, Italy, Springer LNCS Catania.

    Google Scholar 

  27. Hoekstra, R., Breuker, J., Di Bello, M. & Boer, A. (2007) The LKIF Core ontology of basic legal concepts. Workshop on Legal Ontologies and Artificial Intelligence Techniques (LOAIT 2007).

    Google Scholar 

  28. Skinner, C. (2008) Forensically evolving regulations. Retrieved from http://www.thefinanser.co.uk/2008/09/forensically-ev.html.

  29. Hevner, A., March, S., Park J., Ram, S. (2004) “Design Science in Information Systems Research,” MIS Quarterly, Vol. 28 No. 1, pp. 75-105.

    Google Scholar 

  30. Gangemi A. (2007). Design Patterns for Legal Ontology Construction. In P. Casanovas, P. Noriega, D. Bourcier, F. Galindo (Ed.), Trends in Legal Knowledge: The Semantic Web and the Regulation of Electronic Social Systems. European Press Academic publishing.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. HEC Lausanne, Lausanne, Switzerland

    R. Bonazzi, L. Hussami & Y. Pigneur

Authors
  1. R. Bonazzi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. L. Hussami
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Y. Pigneur
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Bonazzi .

Editor information

Editors and Affiliations

  1. Sistemi Informativi (CeRSI), Centro di Ricerca sui, Via G. Alberoni 7, Roma, 00198, Italy

    Alessandro D'Atri

  2. Dipto. Elettronica Informatica, Sistemistica (DEIS), Università Calabria, Via P. Bucci 41 c, Rende, 87036, Italy

    Domenico Saccà

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Physica-Verlag Heidelberg

About this chapter

Cite this chapter

Bonazzi, R., Hussami, L., Pigneur, Y. (2009). Compliance Management is Becoming a Major Issue in IS Design. In: D'Atri, A., Saccà, D. (eds) Information Systems: People, Organizations, Institutions, and Technologies. Physica-Verlag HD. https://doi.org/10.1007/978-3-7908-2148-2_45

Download citation

Publish with us

Policies and ethics

Search

Navigation