Volltext-Downloads (blau) und Frontdoor-Views (grau)

IT-Compliance in SME - a method for the adapted use of frameworks

  • The digital transformation of business processes and the integration of IT systems leads to opportunities and risks for small and medium-sized enterprises (SMEs). Risks that can result in a lack of IT Governance, Risk and Compliance (GRC). The purpose of this paper is to present the Design and Evaluation phase of creating an artefact, to reduce these risks. With this, the Design Science Research approach based on Hevner is using. The artefact will be developed by selecting relevant existing frameworks and the identification of SME-specific competencies. The method enables IT-GRC managers to transfer or adapt the frameworks to an SME organizational structure. The results from ten interviews and further three feedback loops showed that the method can be applied in practice and that a tailoring of established frameworks can take place. Contrary to the previous basic orientation of the research, this paper focuses on the concretization of approaches.

Export metadata

Additional Services

Search Google Scholar


Author:Nico DeistlerORCiD
Parent Title (English):Proceedings of the 16th IADIS International Conference Information Systems 2023, 11-13 March, Lisbon, Portugal
Publisher:International Association for the Development of the Information Society (IADIS)
Document Type:Conference Proceeding
Year of Publication:2023
Release Date:2024/01/23
Tag:IT-Compliance; GRC; SME; Design-Science Research
First Page:212
Last Page:220
Open Access?:Ja
Relevance:Keine peer reviewed Publikation (Wissenschaftlicher Artikel und Aufsatz, Proceeding, Artikel in Tagungsband)
Licence (German):License LogoUrheberrechtlich gesch├╝tzt