Emerging Challenges in Information Systems Research for Regulatory Compliance Management

Managing regulatory compliance is increasingly challenging and costly for organizations world-wide. While such efforts are often supported by information technology (IT) and information systems (IS) tools, there is evidence that the current solutions are inadequate and do not fully address the needs of organizations. Often such discrepancy stems from a lack of alignment between the needs of the industry and the focus of academic research efforts. In this paper, we present the results of an empirical study that investigates challenges in managing regulatory compliance, derived from expert professionals in the Australian compliance industry. The results provide insights into problematic areas within the compliance management domain, as related to regulatees, regulations and IT compliance management solutions. By relating the identified challenges to existing activity in IS research, this exploratory paper highlights the inadequacy of current research and presents the first industry-relevant compliance management research agenda for IS researchers.

[1]  J. Anon,et al.  Integrating Sarbanes‐Oxley controls into an investment firm governance framework , 2007 .

[2]  Maria E. Orlowska,et al.  On compliance of business processes with business contracts , 2007 .

[3]  May Kay Kramp Kramp, May Kay, "Exploring Life and Experience through Narrative Inquiry," pp. 103-122 in Kathleen de Marrais and Stephen D. Lapan, eds., Foundations for Research: Methods of Inquiry in Education and the Social Sciences. Mahwah, NJ: Lawrence Erlbaum, 2004. , 2004 .

[4]  Jeffrey C. Morton The development of a compliance culture , 2005 .

[5]  John Mylopoulos,et al.  Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[6]  Birgit Pfitzmann,et al.  Optimized enterprise risk management , 2007, IBM Syst. J..

[7]  Rakesh Agrawal,et al.  Enabling the 21st century health care information technology revolution , 2007, CACM.

[8]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[9]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[10]  Keith T. Robinson,et al.  Investment company and investment adviser compliance programs ‐ New requirements in a changed regulatory environment , 2003 .

[11]  Marwane El Kharbili,et al.  Towards a Framework for Semantic Business Process Compliance Management , 2008 .

[12]  Ahmed Elfatatry,et al.  Dealing with change: components versus services , 2007, CACM.

[13]  Marta Indulska,et al.  A study of compliance management in information systems research , 2009, ECIS.

[14]  Christopher J. Davis,et al.  Training as regulation and development: An exploration of the needs of enterprise systems users , 2008, Inf. Manag..

[15]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[16]  J. Wheeler Magic Quadrant for Enterprise Governance , Risk and Compliance Platforms , 2011 .

[17]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[18]  Roger Turner,et al.  Investment management compliance: The dawn of a new era? , 2003 .

[19]  Mark S. Fox,et al.  How To Build Enterprise Data Models To Achieve Compliance To Standards Or Regulatory Requirements (and share data) , 2007, J. Assoc. Inf. Syst..

[20]  Barry I. Pershkow Sarbanes‐Oxley: investment company compliance , 2002 .