An enterprise systems perspective to GRC IS implementation process

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Governance, Risk and Compliance (GRC) Information Systems (IS) as an integrated technology has been introduced recently to facilitate the demanding operational and financial environment of the enterprises. The implementation process and the adoption of such systems is considered as a significant parameter influencing the success of operational performance and financial governance and could support the competitive advantage practices within the organisations. However, GRC literature is limited regarding the analysis of the implementation and adoption success. Therefore, there is a need for further research and contribution about these systems and more specifically their implementation process. Consequently, this investigation and analysis can provide an insight of this process by examining the aspects of the implementation, the lifecycle phases followed and the enterprise value drivers in each of these phases. Therefore, a framework was developed for structuring the analysis of this implementation including all these three elements as these were provided by the theoretic background. The empirical context of this research includes three field investigation studies based on the experience of key implementation stakeholder groups as participants. These investigation studies were analysed using thematic techniques following an interpretative qualitative analysis approach. It was proved that organisations have, directly or indirectly, followed specific lifecycle phases when they implement GRC systems as these are also described in the framework. Also they should consider specific aspects about the GRC systems and enterprise value drivers for the different lifecycle phases but also for a holistic approach of the implementation process. Hence new GRC implementation projects can use the phases and the analysis of these elements to facilitate and ease their decision-making and strategic planning before launching the implementation project. The analysis of the GRC implementation proved that a strict GRC environment can be established in the organisations through the successful implementation of a GRC technology. The implementation process of such technologies would require a preparation for the organisational environment in order the implementation project to succeed the GRC goals and the system to be integrated and optimised harmoniously within the enterprise environment. This study provides insight of how this implementation projects could be planned and developed and gives a directive blueprint for preparing organisations hosting such technological initiatives. The results of all field investigation phases, which can be considered as the contributions to theory and practice of this research, can have twofold implications: initially the development of a theoretical framework based on enterprise systems theories, and also an analysis of the GRC implementation process in specific. The framework is designed to structure the analysis of the GRC implementation aspects, the lifecycle phases and the enterprise value drivers of the GRC implementation process. This framework is used for visualising and structuring a specific analysis of the GRC adoption and success, and therefore this analysis can be used by practitioners and researchers to further evaluate and analyse this process. Furthermore, organisations can use this analysis for decision-making processes; as this analysis can provide a primary view for the implementation projects

The Implementation of Governance Risk and Compliance Information Systems (GRC IS): Adoption Lifecycle and Enterprise Value

Governance, Risk and Compliance (GRC) has become an emerging field within the IS academic community. Motivated by this research direction, the study capitalizes on the theoretical background of Enterprise Systems (ES) and extends the focus on GRC systems’ implementation (enterprise value and lifecycle). Building upon expert views on GRC IS implementation projects, the analysis indicates that the three value drivers of integration; optimization and information should be considered throughout the whole GRC IS implementation lifecycle

Understanding governance, risk and compliance information systems (GRC IS): the experts view

Although Governance, Risk and Compliance (GRC) is an emerging field of study within the information systems (IS) academic community, the concept behind the acronym has to still be demystified and further investigated. The study investigates GRC systems in depth by (a) reviewing the literature on existing GRC studies, and (b) presenting a field study on views about GRC application by professional experts. The aim of this exploratory study is to understand the aspects and the nature of the GRC system following an enterprise systems approach. The result of this study is a framework of particular GRC characteristics that need to be taken into consideration when these systems are put in place. This framework includes specific areas such as: goals and objectives, purpose of the system, key stakeholders, methodology and requirements prior to implementation, critical success factors and problems/barriers. Further discussion about the issues, the concerns and the diverse views on GRC would assist in developing an agenda for the future research on the GRC field

More supportive or more distractive?:Investigating the negative effects of technology at the customer interface

The continuous development of technology leads to stimuli-dense consumption environments for consumers. Although the literature primarily highlighted the advantages of adopting technologies to support consumers’ decision-making process, these systems may also require too much attention and excessive effort to be considered always rewarding. Accordingly, this special issue addresses the interplay between technology-supported consumption experiences and the related distracting mechanisms triggered by this interaction in varied contexts. Specifically, the actual collection of papers in this special issue covers three main themes: (1) conceptualizing a Customer Smartphone Distraction (CSD) organizing framework, (2) drivers (including musical atmosphere, the context of the application, parasocial interaction and anthropomorphisms of virtual agents), and (3) consequences (cognitive, affective and behavioral responses, including sensory overload and discomfort)

Organizational cloud security and control: a proactive approach

Purpose The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship. Design/methodology/approach A case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security. Findings The findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field. Research limitations/implications One of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes. Originality/value This study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments

Management of new procedures' implementations risks in the hotel industry: A case study from Crete, Greece

In a continuous changing world, where the innovation is highly demanded for companies to remain powerful players in the global game of competition, risk management attracts more attention and higher interest. The establishment of new processes in the hotels’ operation enhances the concept of uncertainty that risk is related to, and the implementation of a risk management plan, is considered extremely important for the prevention of any unexpected worrying results (Wut et.al, 2021). It is globally accepted, that tourism industry is vulnerable in risks, as it is a combination of several factors that affect its efficient operation. Focus on the hotels, which are key components in touristic activities, they have to deal with several aspects to win their competitive advantage in the market (Alzoubi & Jaaffar, 2020). Their success is related to innovative processes and consequently to the risks that might occur after their application in a hotel’s day-to-day operation. In the context of hospitality, employees have a vital role in the daily efficient operation of a hotel and the concept of teamwork impacts their performance (Phuong & Huy, 2022). The highly engaged employees, increase job satisfaction, provide effective customer service and produce better hotel outcomes (Rabiul et.al, 2023). Essential element for a pleasant working environment that is attractive and enhances a hotel’s competitive advantage is the management team and specifically the person whose role is the leader of that team – the hotel manager. A hotel manager is the motivator of creativity and team spirit, and it is the main decision maker that is based not only on technical but also effective social skills and knowledge (Ushakov et.al, 2020) (Kainthola, 2021). As the indicators of new processes in a hotel’s operation, the most valuable point is their effort for personal growth and up-to-date information. Their self-improvement will enhance the “out of the box” way of thinking and it will point out the importance of continuous staff training regarding not only the daily hotel procedures but also the need for potential risks’ evaluation and assessments procedures (Olimovich et.al, 2020). Nowadays and through the use of technology, the continuous self- update regarding the new trends in the market, is considered as an easily achievable target. The development of several means of technology allow hotel managers to follow the movements in the tourism market, apply changes in their hotels and explore the beauty of innovative procedures that can bring higher profit in their businesses. The several hotel review platforms and the opportunity that tourists have to expressfreely their opinions and the advantage they have to choose their future holiday based on a range of available prices, creates a new perspective for the hotel competition as well as, it draws a new era for the hospitality industry in general (Pappas, 2015). What it should be taken into consideration is that continuous technological achievements mean more innovative ideas and consequently more potential risks. The aim of this study is to investigate hotel managers’ knowledge regarding risk management and to highlight the importance of creation of risk management action plans, related to the implementation of new services. As the touristic activity of the island of Crete, contributes to a high percentage to the national GDP of the country, this research was conducted among the four regions of the island, and it is based on qualitative data collection through individual interviews with 35 hotel managers. All participants had to respond to 22 open questions regarding teamwork, competency, competition, personal development and risk management. The interview were conducted in person and the duration of each one was about 25 – 30 minutes. The findings positively indicates a strong connection between teamwork and efficient hotel operation. Additionally, it is highlighted the necessity of innovation for the hotels’ improvement, and it points out the impact of technology on the market competition. From the other point of view, the results show limited awareness of risk management and the necessity for the creation of a risk management plan that could be applied when an innovative idea takes plac

Access control and quality attributes of open data: Applications and techniques

Open Datasets provide one of the most popular ways to acquire insight and information about individuals, organizations and multiple streams of knowledge. Exploring Open Datasets by applying comprehensive and rigorous techniques for data processing can provide the ground for innovation and value for everyone if the data are handled in a legal and controlled way. In our study, we propose an argumentation and abductive reasoning approach for data processing which is based on the data quality background. Explicitly, we draw on the literature of data management and quality for the attributes of the data, and we extend this background through the development of our techniques. Our aim is to provide herein a brief overview of the data quality aspects, as well as indicative applications and examples of our approach. Our overall objective is to bring serious intent and propose a structured way for access control and processing of open data with a focus on the data quality aspects

Data Supply Chain (DSC): development and validation of a measurement instrument

The volume and availability of data produced and affordably stored has become an important new resource for building organizational competitive advantage. Reflecting this, and expanding the concept of the supply chain, we propose the Data Supply Chain (DSC) as a novel concept to aid investigations into how the interconnected data characteristics relate to and impact organizational performance. Initially, we define the concept and develop a research agenda on DSC coupling theoretical background of strategy and operations literature. Along with the conceptualization, we develop a set of propositions and make suggestions for future research including testing and validating the model fit