Search results
1 – 10 of over 20000Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the…
Abstract
Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.
Details
Keywords
Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the…
Abstract
Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.
Details
Keywords
Stefan Fenz, Stefanie Plieschnegger and Heidi Hobel
The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard…
Abstract
Purpose
The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets.
Design/methodology/approach
Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high.
Findings
This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets.
Originality/value
The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.
Details
Keywords
KRISHNAN GOWRI and SEBASTIANO DEPANNI
In order to ensure the health and safety of occupants, buildings must be inspected to check their compliance to current regulatory requirements prompted by occupancy changes…
Abstract
In order to ensure the health and safety of occupants, buildings must be inspected to check their compliance to current regulatory requirements prompted by occupancy changes, renovations and building code revisions. Recent inspections conducted by Public Works Canada have identified about 1700 occurrences of code violations in 19 buildings. There is an enormous amount of information that can be extracted from the study mentioned above to implement a knowledge‐based expert system to assist in future building inspections. The philosophy of this expert system is to integrate both knowledge‐based and hypertext representation techniques to enable building inspectors to quickly identify code violations, refer to the code text and provide case study information that can assist in resolving a problem. The present paper describes the development framework and details of a prototype implementation known as the Health and Safety Expert System (HASES). The HASES currently addresses the requirements of ‘Section 3.4: Requirements for Exits’ of the 1990 National Building Code of Canada. The software architecture consists of an external database of building details, an object hierarchy and a rule‐base representing the code requirements, hypertext user‐interface for code text and case study information. The ultimate objective is to make this system available for field inspections using notepad computers.
Details
Keywords
Alcohol availability is strongly related to excessive alcohol consumption. This study aims to examine social marketing’s response to concerns about retailers’ noncompliance with…
Abstract
Purpose
Alcohol availability is strongly related to excessive alcohol consumption. This study aims to examine social marketing’s response to concerns about retailers’ noncompliance with the minimum legal drinking age (MLDA) law by proposing and evaluating a social marketing intervention directed at sellers in off-premise stores.
Design/methodology/approach
The study is based on a non-randomized quasi-experimental design, focusing on an evaluation of the implementation of the “18 rules!” intervention in four cities in Slovenia. Two waves of underage purchase attempts were conducted pre- and post-intervention in 24 off-premise businesses, following a mystery shopping protocol.
Findings
The initial rate of retailers’ noncompliance with the MLDA law in off-premise establishments was high. After the social marketing intervention, an increase with compliance with the law was observed; the proportion of cashiers selling alcohol to minors after the intervention decreased from 96 to 67 per cent. Qualitative insight suggests an existence of retailers’ dilemma in complying with the MLDA.
Research limitations/implications
A social marketing approach could contribute to a better understanding of the social working of the MLDA law.
Practical implications
A social marketing approach could complement the usual enforcement strategies and contribute to a better understanding of the social working of the MLDA law, and encourage deliberate retailers’ compliance with it while developing valuable exchanges among people and stakeholders.
Originality/value
The paper conceptualizes retailers’ dilemma in complying with the minimal legal drinking age law and offers social marketing response to it. Results of the study show that also solely non-coercive measures have the potential in increasing retailers’ compliance with regulations.
Details
Keywords
This study establishes an ontology-based framework for rework risk identification (RRI) by integrating heterogeneous data from the information flow of the prefabricated…
Abstract
Purpose
This study establishes an ontology-based framework for rework risk identification (RRI) by integrating heterogeneous data from the information flow of the prefabricated construction (PC) process. The main objective is to enhance the automation level of rework management and reduce the degree of reliance on human factors and manual operations.
Design/methodology/approach
The proposed framework comprises four levels aimed at managing dispersed rework risk knowledge and integrating heterogeneous data. The functionalities were realised through an integrated ontology that aligned the rework risk ontology with the PC ontology. The ontologies were developed and edited with Protégé. Ultimately, the potential benefit of the framework was validated through a case study and an expert questionnaire survey.
Findings
The framework is proven to effectively manage rework risk knowledge and can identify risk objects, clarify risk factors, determine risk events, and retrieve risk measures, thereby enabling the pre-identification of prefabricated rework risk (PRR) and improving the automation level. This study is meaningful and lays the foundation for the application of other computer methods in rework management research and practice in the future.
Originality/value
This research provides insights into the application of ontology to solve rework risk issues in the PC process and introduces a novel risk management method for future prefabricated project research and practice. The findings have significant theoretical value in terms of enriching the methods of risk assessment and control and the information management system of prefabricated projects.
Details
Keywords
Majed Alshammari and Andrew Simpson
Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers…
Abstract
Purpose
Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers are increasingly expected to develop and maintain privacy-aware systems that both comply with such frameworks and standards and meet reasonable expectations of privacy. This paper aims to facilitate reasoning about privacy compliance, from legal frameworks and standards, with a view to providing necessary technical assurances.
Design/methodology/approach
The authors show how the standard extension mechanisms of the UML meta-model might be used to specify and represent data-processing activities in a way that is amenable to privacy compliance checking and assurance.
Findings
The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements.
Originality/value
First, the authors show how key aspects of abstract privacy principles can be modelled using stereotypes and tagged values as privacy assumptions and requirements. Second, the authors show how compliance with these principles can be assured via constraints that establish rules for the evaluation of these requirements.
Details
Keywords
Frank Hadasch, Alexander Maedche and Shirley Gregor
In organizations, individual user’s compliance with business processes is important from a regulatory and efficiency point of view. The restriction of users’ choices by…
Abstract
Purpose
In organizations, individual user’s compliance with business processes is important from a regulatory and efficiency point of view. The restriction of users’ choices by implementing a restrictive information system is a typical approach in many organizations. However, restrictions and mandated compliance may affect employees’ performance negatively. Especially when users need a certain degree of flexibility in completing their work activity. The purpose of this paper is to introduce the concept of directive explanations (DEs). DEs provide context-dependent feedback to users, but do not force users to comply.
Design/methodology/approach
The experimental study used in this paper aims at investigating how DEs influence users’ process compliance. The authors used a laboratory experiment to test the proposed hypotheses. Every participant underwent four trials for which business process compliance was measured. Two trial blocks were used to cluster the four trials. Diagrammatic DEs were provided in one of the trial blocks, while textual DEs were provided in the other. Trial blocks were counterbalanced.
Findings
The results of the experiment show that DEs influence a user’s compliance, but the effect varies for different types of DEs. The authors believe this study is significant as it empirically examines design characteristics of explanations from knowledge-based systems in the context of business processes.
Research limitations/implications
This study is certainly not without limitations. The sample used for this study was drawn from undergraduate information systems management students. The sample is thus not representative of the general population of organizations’ IT users. However, a student sample adequately represents novice IT users, who are not very familiar with a business process. They are particularly suitable to study how users react to first-time contact with a DE.
Practical implications
The findings of this study are important to designers and implementers of systems that guide users to follow business processes. As the authors have illustrated with a real-world scenario, an ERP system’s explanation can lack details on how a user can resolve a blocked activity. In situations in which users bypass restricted systems, DEs can guide them to comply with a business process. Particularly diagrammatic explanations, which depict actors, activities, and constraints for a business process, have been found to increase the probability that users’ behavior is business process compliant. Less time may be needed to resolve a situation, which can result in very efficient user-system cooperation.
Originality/value
This study makes several important contributions to research on explanations, which are provided by knowledge-based systems. First, the authors conceptualized, designed, and investigated a novel type of explanations, namely, DEs. The results of this study show how dramatic the difference in process compliance performance is when exposed to certain types of DEs (in one group from 57 percent on the initial trial to 82 percent on the fourth trial). This insight is important to derive design guidelines for DE, particularly when multimedia material is used.
Details
Keywords
Constantin Bratianu, Alexeis Garcia-Perez, Francesca Dal Mas and Denise Bedford
Fuad Abujarad, Allissa Desloge, Kristina Carlson and Sarah J. Swierenga
As child abuse and neglect in childcare settings continue to occur, a quality childcare workforce is imperative. This paper aims to describe how an efficient and effective…
Abstract
Purpose
As child abuse and neglect in childcare settings continue to occur, a quality childcare workforce is imperative. This paper aims to describe how an efficient and effective childcare Workforce Background Check system was developed and implemented to protect both children and childcare staff in the state of Michigan.
Design/methodology/approach
The user-centered design (UCD) approach was used in the creation and statewide implementation of a new acceptable and usable system, the Michigan childcare background check (CCBC) system. The authors conducted focus groups to obtain user feedback and performed several usability evaluations. This approach was used as guidance for the development process and to evaluate the concept designs for the web application that was created.
Findings
This paper discusses the overall process of implementing the CCBC program, focusing on successes, barriers and lessons learned in the planning, designing and execution phases. By May 2019, more than 92,069 background checks were conducted on personnel in 8,740 licensed childcare facilities across Michigan. Collaboration across stakeholders in different sectors facilitated the implementation of the new system, while structural barriers and stigma provided barriers to implementation.
Practical implications
Having individuals with various roles, abilities and technical expertise assist with the development and implementation of the system ensured the usability and acceptability of the new system by all types of users.
Social implications
The general public expects childcare providers to ensure that their employees meet the highest professional standards. Developing effective, easy-to-use fingerprint-based criminal history background check systems to identify ineligible applicants and monitor current employees is one component of an overall strategy to promote child safety and minimize child abuse and neglect in the childcare environments.
Originality/value
This paper provides a practical example of how a CCBC system can be developed, implemented and scaled to be used statewide. This approach can be used by other states or other disciplines with a similar context.
Plain language summary
As child abuse and neglect in childcare settings continue to occur, a quality childcare workforce is imperative. This paper shows how this study uses the UCD approach to create an acceptable and usable system and complete statewide implementation of a new Michigan CCBC program. This resulted in an efficient and effective Workforce Background Check system that is essential to protect both children and childcare staff.
Details