Situational method engineering for governance, risk and compliance information systems

Against the background of the current financial crisis and an aftermath of increasing regulation, companies enhance and integrate information systems in the areas of risk management, governance and compliance. Based on experience with isolated and often immature partial solution in these fields, major challenges are the evolution of a suitable risk management solution component as well as the conceptual design of an integrated "Governance, Risk and Compliance" (GRC) approach. Another challenge is the rollout of such an integrated GRC solution. In this paper, we develop and evaluate a situational method that supports the implementation of an integrated GRC solution. The proposed situational method is comprised of 21 method fragments that support conceptual, strategic, organizational, technical, and cultural rollout aspects. Furthermore, method configurations are specified that identify only those method fragments that are relevant for certain roles, e.g. project manager or GRC expert.

[1]  Robert Winter,et al.  Modellierung für Integrated Enterprise Balancing , 2007, Wirtschaftsinf..

[2]  Teade Punter,et al.  The MEMA-model: towards a new approach for Method Engineering , 1996, Inf. Softw. Technol..

[3]  Salvatore T. March,et al.  Design and natural science research on information technology , 1995, Decis. Support Syst..

[4]  Isabelle Mirbel,et al.  Situational method engineering: combining assembly-based and roadmap-driven approaches , 2005, Requirements Engineering.

[5]  Rajkumar Roy,et al.  Operational risk analysis in business processes , 2007 .

[6]  A. F. Harmsen,et al.  Situational Method Engineering , 1997 .

[7]  Pär J. Ågerfalk,et al.  Method configuration: adapting to situational characteristics while creating reusable assets , 2004, Inf. Softw. Technol..

[8]  Wullianallur Raghupathi,et al.  Corporate governance of IT: a framework for development , 2007, CACM.

[9]  Cesar Gonzalez-Perez,et al.  Supporting Situational Method Engineering with ISO/IEC 24744 and the Work Product Pool Approach , 2007, Situational Method Engineering.

[10]  Alexander Teubner,et al.  Informationstechnologie, Governance und Compliance , 2008, Wirtschaftsinf..

[11]  John Mylopoulos,et al.  Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[12]  Robert Winter,et al.  Business Engineering : der St. Galler Ansatz zum Veränderungsmanagement , 2008 .

[13]  S. Young,et al.  EVA and Value-Based Management: A Practical Guide to Implementation , 2000 .

[14]  F. Fiedler A Contingency Model of Leadership Effectiveness1 , 1964 .

[15]  James Lam Enterprise Risk Management: From Incentives to Controls , 2003 .

[16]  Fredrik Karlsson,et al.  Combining method engineering with activity theory: theoretical grounding of the method component concept , 2006, Eur. J. Inf. Syst..

[17]  Colette Rolland,et al.  An Approach for Method Reengineering , 2001, ER.

[18]  Thomas A. Gutzwiller,et al.  Das CC RIM-Referenzmodell für den Entwurf von betrieblichen, transaktionsorientierten Informationssystemen , 1994 .

[19]  Eberhard Parisini,et al.  Organisations-Handbuch für die Einführung von ADV-Systemen : Systemplanung, Systemanalyse, Systemeinführung , 1971 .

[20]  Sven Eckert,et al.  Konzept und Umsetzung eines Risikomanagementsystems bei der Dürr AG , 2004 .

[21]  Robert Winter,et al.  Dissemination and Importance of the "Method" Artifact in the Context of Design Research for Information Systems , 2008 .

[22]  Robert Winter,et al.  Method Engineering for Integrated Enterprise Balancing , 2009 .

[23]  Thomas Riegler,et al.  Wertorientierte Unternehmensführung — Umsetzungserfahrung im Daimlerchrysler Konzern , 2001 .

[24]  M. van Roosmalen,et al.  Supporting Corporate Governance with Enterprise Architecture and Business Rule Management : A Synthesis of Stability and Agility , 2008 .

[25]  John Duyck,et al.  Value Based Management: Developing a Systematic Approach to Creating Shareholder Value , 1998 .

[26]  Louis Velthuis,et al.  Value Based Management. Bewertung, Performancemessung und Managemententlohnung mit ERIC , 2007 .

[27]  Tobias Bucher,et al.  Situational Method Engineering - On the Differentiation of "Context" and "Project Type" , 2007 .

[28]  Ruth Breu,et al.  Using an Enterprise Architecture for IT Risk Management , 2006, ISSA.

[29]  Christopher J. Alberts,et al.  Continuous Risk Management Guidebook. , 1996 .

[30]  Hans Ulrich Buhl,et al.  Integrated Enterprise Balancing mit integrierten Ertrags- und Risikodatenbanken , 2005, Wirtschaftsinf..

[31]  Jay F. Nunamaker,et al.  Interactions Between System Evaluation and Theory Testing: A Demonstration of the Power of a Multifaceted Approach to Information Systems Research , 2006, J. Manag. Inf. Syst..

[32]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[33]  Björn Niehaves,et al.  Evaluation of Conceptual Models - A Structuralist Approach , 2005, ECIS.

[34]  Glen Arnold,et al.  Value-based management : context and application , 2000 .

[35]  Tim Frech,et al.  Observations on Risk Management Practices during the Recent Market Turbulence , 2008 .

[36]  Christof Menzies,et al.  Sarbanes-Oxley und corporate compliance : Nachhaltigkeit, Optimierung, Integration , 2006 .

[37]  C. Strenger,et al.  The Corporate Governance Scorecard: A Tool for the Implementation of Corporate Governance , 2004 .

[38]  Claus Lang-Koetz,et al.  Ein Vorgehensmodell zur Einführung eines integrativen Umweltcontrollings auf Basis eines ERP-Systems , 2006 .

[39]  A Compliance Governance, Risk Management, and Compliance: An Operational Approach , 2005 .

[40]  JINWEI CAO,et al.  Interactions Between System Evaluation And Theory Testing: A Demonstration of the Power of a Mulitfaceted Approach to Systems Research , 2006 .

[41]  John R. Venable,et al.  A framework for Design Science research activities , 2006 .

[42]  Sjaak Brinkkemper,et al.  Modularization Constructs in Method Engineering: Towards Common Ground? , 2007, Situational Method Engineering.

[43]  Jolita Ralyté,et al.  Reusing scenario based approaches in requirement engineering methods: CREWS method base , 1999, Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99.

[44]  Sjaak Brinkkemper,et al.  Method engineering: engineering of information systems development methods and tools , 1996, Inf. Softw. Technol..