From the article: Abstract Since decision management is becoming an integrated part of business process management, more and more decision management implementations are realized. Therefore, organizations search for guidance to design such solutions. Principles are often applied to guide the design of information systems in general. A particular area of interest when designing decision management solutions is compliance. In an earlier published study (Zoet & Smit, 2016) we took a general perspective on principles regarding the design of decision management solutions. In this paper, we re-address our earlier work, yet from a different perspective, the compliance perspective. Thus, we analyzed how the principles can be utilized in the design of compliant decision management solutions. Therefore, the purpose of this paper is to specify, classify, and validate compliance principles. To identify relevant compliance principles, we conducted a three round focus group and three round Delphi Study which led to the identification of eleven compliance principles. These eleven principles can be clustered into four categories: 1) surface structure principles, 2) deep structure principles, 3) organizational structure principles, and 4) physical structure principles. The identified compliance principles provide a framework to take into account when designing information systems, taking into account the risk management and compliance perspective.
DOCUMENT
The participating universities and their associated partners under the Committed project have formulated the following recommendations to help the European legislators create a coherent system in educating and preparing the HEIs for proper handling of compliance risks and issues in research and education activities. To lay down the fundamentals of a uniform, European export compliance andrisk management system for higher education and scientific research, the project members scrutinized the currently existing and effective European regulations, the European Commission’s recommendation in this subject and the respective national rules, and also U.S. legislation in the field of deemed export.
DOCUMENT
SUMMARY Architecture compliance checking (ACC) is an approach to verify conformance of implemented program code to high-level models of architec tural design. Static ACC focuses on the modular software architecture and on the existence of rule violating dependencies between modules. Accurate tool support is essential for effective and efficient ACC. This paper presents a study on the accuracy of ACC tools regarding dependency analysis and violation reporting. Ten tools were tested and compare d by means of a custom-made benchmark. The Java code of the benchmark testware contains 34 different types of dependencies, which are based on an inventory of dependency types in object oriented program code. In a second test, the code of open source system FreeMind was used to compare the 10 tools on the number of reported rule violating dependencies and the exactness of the dependency and violation messages. On the average, 77% of the dependencies in our custom-made test software were reported, while 72% of the dependencies within a module of FreeMind were reported. The results show that all tools in the test could improve the accuracy of the reported dependencies and violations, though large differences between the 10 tools were observed. We have identified10 hard-to-detect types of dependencies and four challenges in dependency detection. The relevance of our findings is substantiated by means of a frequency analysis of the hard-to-detect types of dependencies in five open source systems. DOI: 10.1002/spe.2421
DOCUMENT
From the article: Business rules management is a mean by which an organization realizes controllability of business activities to fulfill goals. Currently the focus of controllability is mainly on effectiveness, efficiency and output quality. Little attention is paid to risk, stakeholder concerns and high level goals. The purpose of this work is to present a viewpoint relating business rules management with concepts of risks, stakeholder, concerns and goals. The viewpoint is presented by means of a meta-model existing out of six concepts: stakeholder, concern, goal, business rule, requirements and implementation mechanism. In a case study the proposed view is validated in terms of completeness, usability and accuracy. Results illustrate the completeness, usability and a high degree of accuracy of our defined view. Future research is suggested on the development of a modeling language to improve the communicational value and ease of use of the meta-model.
DOCUMENT
De ontwikkeling van het mondiale systeem gaat gepaard met groeistuipen. De huidige kredietcrisis is daar een voorbeeld van. In dit essay bespreken we eerst kort wat er zoal mis ging. Vervolgens gaan we in op een aantal geleerde lessen en huidige reacties op de crisis. Tot slot geven we een korte schets van een aantal interessante trends en ontwikkelingen op het gebied van (1) risicomanagement & compliance (2) assurance en (3) business IT.
DOCUMENT
IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company risk monetary loss or public embarrassment, the senior management might also risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of people perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to internet users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto et al. 2008). Employee compliance with the existing IT security policies is therefore essential. This paper presents a study on factors that influence non-compliance behavior of employees in organizations. The factors found in literature are tested in a survey study amongst employees of a big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT governance and cultural aspects are the most important factors influencing non-compliance behavior.
DOCUMENT
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
Presentatie voor de 20e Nederlandse Testdag, m.m.v. Raymond Slot, Wiebe Wiersema, (HU), Christian Köppe (HAN, Arnhem), Sjaak Brinkkemper, Jan Martijn van der Werf (UU Utrecht). The Software Architecture of the Schiphol Group is taken as an example. Compliance checking of software rulescan be done with the Hogeschool Utrecht Software Architecture Compliance Checking Tool which is available at http://husacct.github.io/HUSACCT/
DOCUMENT
The AI Act, effective from August 1, 2024, introduces EU-wide standards to ensure the ethical and safe use of artificial intelligence (AI). Dutch municipalities must be fully compliant by 2026, navigating complex legal and operational challenges. This study assesses their readiness through survey data and interviews with municipal representatives. Although awareness of the Act is high, significant gaps remain between regulatory knowledge and implementation. Municipalities face issues such as limited legal capacity, uneven digital transformation, and ethical uncertainty—resulting in fragmented AI governance. While compliance frameworks are emerging, most approaches remain reactive. This study identifies key barriers and recommends measures to strengthen AI literacy, clarify regulations, and improve ethical oversight. A coordinated national strategy is essential to align local governance with policy goals. Drawing on theories of symbolic versus substantive compliance, policy-implementation gaps, and regulatory adaptation, the study contextualises the findings and calls for further research on best practices, intergovernmental collaboration, and long-term governance strategies.
DOCUMENT
