IT-Compliance in SME - a method for the adapted use of frameworks
- The digital transformation of business processes and the integration of IT systems leads to opportunities and risks for small and medium-sized enterprises (SMEs). Risks that can result in a lack of IT Governance, Risk and Compliance (GRC). The purpose of this paper is to present the Design and Evaluation phase of creating an artefact, to reduce these risks. With this, the Design Science Research approach based on Hevner is using. The artefact will be developed by selecting relevant existing frameworks and the identification of SME-specific competencies. The method enables IT-GRC managers to transfer or adapt the frameworks to an SME organizational structure. The results from ten interviews and further three feedback loops showed that the method can be applied in practice and that a tailoring of established frameworks can take place. Contrary to the previous basic orientation of the research, this paper focuses on the concretization of approaches.
Author: | Nico DeistlerORCiD |
---|---|
URL: | https://www.is-conf.org/is-2023-file/ |
ISBN: | 978-989-8704-48-1 |
Parent Title (English): | Proceedings of the 16th IADIS International Conference Information Systems 2023, 11-13 March, Lisbon, Portugal |
Publisher: | International Association for the Development of the Information Society (IADIS) |
Document Type: | Conference Proceeding |
Language: | English |
Year of Publication: | 2023 |
Release Date: | 2024/01/23 |
Tag: | IT-Compliance; GRC; SME; Design-Science Research |
First Page: | 212 |
Last Page: | 220 |
Open Access?: | Ja |
Licence (German): | Urheberrechtlich geschützt |