nach oben

Journal of Management and Governance

Erschienen in:

01.08.2013

Exploring information technology governance and control of web site content: a comparative case study

verfasst von: Sylvie Héroux, Anne Fortin

Erschienen in: Journal of Management and Governance | Ausgabe 3/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Information technology (IT) governance is a key component of corporate governance. Effective IT governance can support web-based strategic initiatives such as the dissemination of information on corporate web sites. However, the IT governance literature does not provide insights about the role of IT governance in controlling this information. There is also a lack of research in the web-based reporting literature on the important issue of control of web site content. This comparative case study aims to explore the relationships between IT governance and the control of web site content. In doing so, IT governance structures, processes and relational capabilities, as well as web site content control, are first described for each of four cases. Then, profiles of relationships between IT governance and web site content control are identified and key attributes characterizing the profiles are outlined. Findings suggest that IT governance within firms is more developed than the control of web site content. Moreover, IT governance structures, processes and relational capabilities can be related to control of web site content processes. IT governance structures can also be related to control of web site content structures and relational capabilities. This study contributes to the governance, control and web-based reporting literatures as an exploratory step before building a theory of relationships between IT governance and web site content control. Further, the study has practical implications as it enhances the understanding of the role of Boards of Directors, senior executives and internal auditors in IT governance and the control of web site content.

Vorheriger Artikel The nature of knowledge and the platform and matrix solutions in the design of knowledge management systems

Nächster Artikel Social accounting as stakeholder knowledge appropriation

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

In this literature, the information disseminated on web sites is referred to as web-based reporting, Internet reporting, corporate reporting on the Internet, Internet-based disclosure, online reporting or electronic disclosure (Héroux and Henri 2010).

“‘Investor relations information’ includes all material public documents such as: the annual report; annual and interim financial statements; the Annual Information Form; news releases; material change reports; declarations of dividends; redemption notices; management proxy circulars; and any other communications to shareholders.” (TSX 2003, p. 4).

For instance, Smith and Pierce (2005) show that managers are not proactive to ensure the integrity of financial information disclosed on web sites. The Boards of Directors of small listed firms are actively involved in determining and approving financial web site content (Gowthorpe and Flynn 2002) while the Boards of Directors of larger firms, as well as their external and internal auditors, are not very involved in the process regardless of the type of web site content (Héroux and Demers 2009). Garcia-Sanchez et al. (2011) find that Board of Directors’ meeting frequency influences the volume of non-financial strategic information disclosed on web sites.

The business BSC framework has four perspectives for performance measurement, i.e., financial evaluation of an organization (financial perspective), customer satisfaction (user perspective), internal processes (internal perspective) and the ability to innovate (innovation perspective) (Kaplan and Norton 1992).

It should be noted that firms allowing for electronic transactions include transactional sections as part of their corporate web site or they have one or more separate web sites allowing for such transactions (hereafter ‘transactional web site’).

The IT steering committee should involve at least the CEO/Chief Operating Officer (COO), CIO, CFO and the heads of major user areas of technology or the heads of the strategic business units (Rau 2004).

The selected firms do not use external web site content providers or consultants. Hence, the IT governance and web site content control issues that would have to be dealt with in this instance are not discussed in this paper.

In the letter signed by the researchers and given to each person interviewed, it was stated that the information provided would remain anonymous and confidential and would only be used for future publication of academic or educational articles. It was also indicated that the information published would not contain details allowing for the identification of the person interviewed or the organization. Therefore, generic terms are used, some characteristics are omitted and, if necessary, data are summarized.

To design the interview guide, pilot interviews were conducted with a representative of a regulatory body in charge of regulation respecting governance, a senior partner in one of the four largest accounting firms worldwide, four senior executives and one internal auditor of three units of a large financial group (7 interviews lasting 45–60 min, totalling around 7 h of recording). Further, in connection with prior research (Héroux and Demers 2009), a thorough understanding of how web site content is managed was gained through interviews with four web site managers in large organizations, one consultant in numerical relations whose major clients are large private firms and one top manager of a fund management company (six pilot interviews in five organizations [two public] from three business sectors; duration of 90–120 min each, totalling almost 11 h of recording).

The ISO27002 (2007) standard (previously ISO17799) “established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization” (http://www.27000.org/iso-27002.htm).

National Instrument 52-109 (2010) deals with Certification of Disclosure in Issuers’ Annual and Interim Filings by CEOs and CFOs of public companies in Canada. (http://www.osc.gov.on.ca/documents/en/Securities-Category5/rule_20101210_52-109_unofficial-consolidated-post-ifrs.pdf).

The Payment Card Industry Data Security Standard (PCI DSS) (undated) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. It is managed by the major payment card brands (Visa, MasterCard, American Express, etc.) (http://www.pcicomplianceguide.org).

Aerts, W., Cormier, D., Gordon, I. M., & Magnan, M. (2006). Performance disclosure on the web: An exploration of the impact of managers’ perceptions of stakeholder concerns. The International Journal of Digital Accounting Research, 6(12), 159–194.

Aerts, W., Cormier, D., & Magnan, M. (2007). The association between web-based corporate performance disclosure and financial analyst behaviour under different governance regimes. Corporate Governance: An International Review, 15(6), 1301–1329.CrossRef

Ali, S., & Green, P. (2007). IT governance mechanisms in public sector organisations: An Australian context. Journal of Global Information Management, 15(4), 41–63.CrossRef

Andriole, S. J. (2009). Boards of directors and technology governance: The surprising state of the practice. Communication of the Association for Information Systems, 24, 373–394.

APB (Auditing Practices Board). (2001). Bulletin 2001/1. The electronic publication of auditors’ reports.

Ashbaugh, H., Johnstone, K. M., & Warfield, T. D. (1999). Corporate reporting on the Internet. Accounting Horizons, 13(3), 241–257.CrossRef

Bart, C., & Turel, O. (2009). The role of the board in IT governance: Current and desired oversight practices. International Journal of Business Governance and Ethics, 4(4), 316–329.CrossRef

Beattie, V., & Pratt, K. (2003). Issues concerning web-based business reporting: An analysis of the views of interested parties. The British Accounting Review, 35(2), 155–187.CrossRef

Bhattacharjya, J., & Chang, V. (2007). Evolving IT governance practices for aligning IT with business—A case study in an Australian institution of higher education. Journal of Information Science and Technology, 4(1), 24–46.

Bowen, P. L., Cheung, M.-Y. D., & Rohde, F. H. (2007). Enhancing IT governance practices: A model and case study of an organization’s efforts. International Journal of Accounting Information Systems, 8(3), 191–221.CrossRef

Brown, A. E., & Grant, G. G. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15, 696–712.

Brown, C. V., & Magill, S. L. (1994). Alignment of the IS functions with the enterprise: Toward a model of antecedents. MIS Quarterly, 18(4), 371–403.CrossRef

Brown, W., Rahman, M., & Hacker, T. (2006). Home page usability and credibility—A comparison of the fastest growing companies to the Fortune 30 and the implications to IT governance. Information Management & Computer Security, 14(3), 252–269.CrossRef

Campbell, D. J., & Beck, A. C. (2004). Answering allegations: The use of the corporate web site for restorative ethical and social disclosure. Business Ethics: A European Review, 13(2–3), 100–116.CrossRef

CEFRIO. (2009). Gouvernance et TI au Québec—À l’intention des administrateurs de sociétés. Guide des pratiques exemplaires de gouvernance et technologies de l’information

Chan, K., Kleinman, G., & Lee, P. (2009). The impact of Sarbanes-Oxley on internal control remediation. International Journal of Accounting and Information Management, 17(1), 53–65.CrossRef

CICA (Canadian Institute of Chartered Accountants), & Trites, G. (1999). The impact of technology on financial and business reporting-research study. Toronto: CICA.

CobiT (Control Objectives for Information and related Technology). (2009). Framework published by the Information Systems Audit and Control Association (ISACA). http://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx. Accessed 11 November 2009.

Cormier, D., & Magnan, M. (2004). The impact of the web on information and communication modes: The case of corporate environmental disclosure. International Journal of Technology Management, 27(4), 393–415.CrossRef

Damianides, M. (2005). Sarbanes-Oxley and IT governance: New guidance on IT control and compliance. Information Systems Management, 22(1), 77–85.CrossRef

Deloitte Consulting. (2007). You’re talking, not walking. Corporate Board Member (March/April), pp. 36–40.

De Haes, S., & Van Grembergen, W. (2009). An exploratory study into IT governance implementation and its impact on business/IT alignment. Information Systems Management, 26(2), 123–137.CrossRef

Duffy, J. (2002). IT Governance and business value Part 2: Who’s responsible for what? IDC document #27807. Cited in Van Grembergen, W., S. De Haes, & E. Guldentops (2004).

Ettredge, M., & Gerdes, J. (2005). Timeliness of investor relations data at corporate web sites. Communications of the Association for the Computing Machinery (CACM), 48(1), 95–100.CrossRef

Ettredge, M., Richardson, V. J., & Scholz, S. (2002). Timely financial reporting at corporate web sites? Communications of the Association for the Computing Machinery (CACM), 45(6), 67–71.CrossRef

Fernandez, Z., & Nieto, M. J. (2006). The Internet: Competitive strategy and boundaries of the firm. International Journal of Technology Management, 35(1/2/3/4), 182–195.CrossRef

Financial Post 500 2010 Ranking. (2010). Financial post magazine. http://www.financialpost.com/news/fp500/list.html. Accessed on September 28, 2010.

Fisher, R., Oyelere, P., & Laswad, F. (2004). Corporate reporting on the Internet: Audit issues and content analysis of practices. Managerial Auditing Journal, 19(3), 412–439.CrossRef

Garcia-Sanchez, I.-M., Rodriguez Dominguez, L., & Gallego Alvarez, I. (2011). Corporate governance on the Internet. Accounting, Auditing & Accountability Journal, 24(4), 471–501.CrossRef

Gowthorpe, C., & Flynn, G. (2002). Smaller listed companies’ financial reporting on the Internet 2000/2001. London: Institute of Chartered Accountants in England and Wales (ICAEW).

Gramling, A. A., Maletta, M. J., Schneider, A., & Church, B. K. (2004). The role of the internal audit function in corporate governance: A synthesis of the extant auditing literature and directions for future research. Journal of Accounting Literature, 23, 194–244.

Héroux, S., & Demers, C. (2009). Gestion des informations sur un site web: quel profil privilégier? Gestion, Revue Internationale de Gestion, 34(2), 37–45.

Héroux, S., & Henri, J.-F. (2010). Management control and web-based corporate reporting: An empirical exploratory study. Advances in Management Accounting, 18, 203–246.CrossRef

Huff, S. L., Maher, P. M., & Munro, M. C. (2004). What boards don’t do—But must do—About information technology. Ivey Business Journal Online (Sept/Oct), pp. 1–4.

Huff, S. L., Maher, P. M., & Munro, M. C. (2006). Information technology and the board of directors: Is there an IT attention deficit? MIS Quarterly Executive, 5(2), 55–68.

ISO27002. (2007). (previously ISO17799). Information technology. Security techniques. Code of practice for information security management. Standard published by the International Organization for Standardization (ISO). http://www.27000.org/iso-27002.htm. Accessed 18 May 2011.

ISO/IEC 38500. (2008). Corporate governance of information technology. Standard published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), 15 p.

ITGI (IT Governance Institute) (2003). Board briefing on IT Governance (2nd ed.), 63 p.

ITGI (IT Governance Institute). (2011). Global Status Report on the Governance of Enterprise IT (GEIT), 70 p.

Jokipii, A. (2010). Determinants and consequences of internal control in firms: A contingency theory based analysis. Journal of Management and Governance, 14(2), 115–144.CrossRef

Kaplan, R. S., & Norton, D. P. (1992). The balanced scorecard—Measures that drive performance. Harvard Business Review, 70(1), 71–79.

Karakaya, F., & Khalil, O. (2004). Determinants of Internet adoption in small and medium-sized enterprises. International Journal of Internet and Enterprises Management, 2(4), 341–365.CrossRef

Krumwiede, K. K., Swain, M. R., & Stocks, K. D. (2003). 10 Ways e-business can reduce costs. Strategic Finance, 85(1), 24.

Lybaert, N. (2002). On-line financial reporting-an analysis of the Dutch listed firms. The International Journal of Digital Accounting Research, 1(1), 197–236.

Malmi, T., & Brown, D. A. (2008). Management control system as a package—Opportunities, challenges and research directions. Management Accounting Research, 19, 287–300.CrossRef

Merchant, K. A., & Otley, D. T. (2007). A review of the literature on control and accountability. In C. S. Chapman, A. G. Hopwood, & M. D. Shields (Eds.), Handbook of management accounting research. Oxford: Elsevier.

Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis. Thousand Oaks, CA: Sage Publications.

National Instrument 52-109. (2010). Certification of disclosure in issuers’ annual and interim filings. http://www.osc.gov.on.ca/documents/en/Securities-Category5/rule_20101210_52-109_unofficial-consolidated-post-ifrs.pdf. Accessed 2 June 2011.

Nolan, R., & McFarlan, F. W. (2005). Information technology and the Boards of Directors. Harvard Business Review, 83(10), 96–106.

Orens, R., Aerts, W. & Cormier, D. (2010). Web-based non-financial disclosure and cost of finance. Journal of Business Finance & Accounting, 37(9 & 10), 1057–1093.

Parent, M., & Reich, B. H. (2009). Governing information technology risk. California Management Review, 51(3), 134–152.CrossRef

Patel, N. V. (2002). Emergent forms of IT governance to support global e-business models. Journal of Information Technology Theory and Application, 4(2), 33–48.

Peterson, R. (2004). Crafting information technology governance. Information Systems Management, 21(4), 7–22.CrossRef

Peterson, R. R., O’Callaghan, R., & Ribbers, P. M. A. (2000). Information technology governance by design. In Proceedings of the International Conference on Information Systems (ICIS), Brisbane, Australia, December. Cited in Peterson (2004).

PCI DSS (Payment Card Industry Data Security Standard). (undated). http://www.pcicomplianceguide.org. Accessed 18 November 2009.

PwC (PricewaterhouseCoopers) & ITGI. (2006). IT Governance in Practice—Insights from leading CIOs, 30 p, http://www.pwc.com/en_MT/mt/publications/assets/it-governance-in-practice-jan-2007.pdf. Accessed 19 March 2010.

Rau, K. G. (2004). Effective governance of IT: Design objectives, roles, and relationships. Information Systems Management, 21(4), 35–42.CrossRef

Rumelt, R. (1974). Strategy, structure and economic performance. Boston, MA: Harvard University Press.

Smith, B., & Pierce, A. (2005). An investigation of the integrity of Internet financial reporting. The International Journal of Digital Accounting Research, 5(9), 46–78.

SOX (Sarbanes-Oxley). (2002). Public Company Accounting Reform and Investor Protection Act. US Federal Law.

Thong, J., & Yap, C. (1995). CEO characteristics, organizational characteristics and information technology adoption in small businesses. Omega, The International Journal of Management Science, 23(4), 429–442.CrossRef

TSX (Toronto Stock Exchange). (2003). Electronic communications disclosure guidelines.

Unerman, J., & Bennett, M. (2004). Increased stakeholder dialogue and the Internet: Towards greater corporate accountability or reinforcing capitalist hegemony. Accounting, Organizations and Society, 29(7), 685–707.CrossRef

Van Grembergen, W., & De Haes, S. (2009). Enterprise governance of information technology. New York, NY: Springer.CrossRef

Van Grembergen, W., De Haes, S., & Guldentops, E. (2004). Structures, processes and relational mechanisms for IT governance. In W. Van Grembergen (Ed.), Strategies for Information Technology Governance (pp. 1–36). Hersey, PA: Idea Group Publishing.

Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston, MA: Harvard Business School Press.

Xue, Y., Liang, H., & Boulton, W. R. (2008). Information technology governance in information technology investment decision processes: The impact of investment characteristics, external environment, and internal context. MIS Quarterly, 32(1), 67–96.

Yin, R. K. (2003). Case study research. Design and Methods. Applied Social Research Methods Series, Vol. 5.

Zhuang, Y., & Lederer, A. L. (2004). The impact of top management commitment, business process redesign, and IT planning on the business-to-consumer E-commerce site. Electronic Commerce Research, 4, 315–333.CrossRef

Titel: Exploring information technology governance and control of web site content: a comparative case study
verfasst von: Sylvie Héroux
Anne Fortin
Publikationsdatum: 01.08.2013
Verlag: Springer US
Erschienen in: Journal of Management and Governance / Ausgabe 3/2013
Print ISSN: 1385-3457
Elektronische ISSN: 1572-963X
DOI: https://doi.org/10.1007/s10997-011-9200-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2013

The Strategy and Management Control Systems relationship as emerging dynamic process

Effective strategizing practices in pluralistic settings: the case of Academic Medical Centers

Knowledge integration in family SMEs: an extension of the 4I model

Social accounting as stakeholder knowledge appropriation

Remote control: measuring performance for value creation and governance of globally distributed knowledge work

The nature of knowledge and the platform and matrix solutions in the design of knowledge management systems

Premium Partner