IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v45y2022ics1467089522000124.html
   My bibliography  Save this article

Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment

Author

Listed:
  • Plant, Olivia H.
  • van Hillegersberg, Jos
  • Aldea, Adina

Abstract

An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as “DevOps”, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are risk appetite and the DevOps maturity. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.

Suggested Citation

  • Plant, Olivia H. & van Hillegersberg, Jos & Aldea, Adina, 2022. "Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment," International Journal of Accounting Information Systems, Elsevier, vol. 45(C).
    • Handle: RePEc:eee:ijoais:v:45:y:2022:i:c:s1467089522000124
    DOI: 10.1016/j.accinf.2022.100560
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089522000124
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2022.100560?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Benaroch, Michel & Chernobai, Anna & Goldstein, James, 2012. "An internal control perspective on the market value consequences of IT operational risk events," International Journal of Accounting Information Systems, Elsevier, vol. 13(4), pages 357-381.
    2. Stoel, M. Dale & Muhanna, Waleed A., 2011. "IT internal control weaknesses and firm performance: An organizational liability lens," International Journal of Accounting Information Systems, Elsevier, vol. 12(4), pages 280-304.
    3. Geerts, Guido L., 2011. "A design science research methodology and its application to accounting information systems research," International Journal of Accounting Information Systems, Elsevier, vol. 12(2), pages 142-151.
    4. Kumar, Satish & Marrone, Mauricio & Liu, Qi & Pandey, Nitesh, 2020. "Twenty years of the International Journal of Accounting Information Systems: A bibliometric analysis," International Journal of Accounting Information Systems, Elsevier, vol. 39(C).
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Fábio Albuquerque & Paula Gomes Dos Santos, 2023. "Recent Trends in Accounting and Information System Research: A Literature Review Using Textual Analysis Tools," FinTech, MDPI, vol. 2(2), pages 1-27, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Albanese, Massimo, 2023. "Reviewing literature through multidimensional representations," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    2. Sangjae Lee & Seongil Jeon & ByungWon Lee, 2019. "Security Controls for Employees’ Satisfaction: Perspective of Controls Framework," SAGE Open, , vol. 9(2), pages 21582440198, May.
    3. Du Jianguo & Rauf Ibrahim & Peter Lartey Yao & Rupa Jaladi Santosh & Amponsah Clinton Kwabena, 2019. "The Effectiveness of Internal Controls in Rural Community Banks: Evidence from Ghana," Business Management and Strategy, Macrothink Institute, vol. 10(1), pages 202-218, December.
    4. Carlos Alberto Peláez & Andrés Solano, 2023. "A Practice for the Design of Interactive Multimedia Experiences Based on Gamification: A Case Study in Elementary Education," Sustainability, MDPI, vol. 15(3), pages 1-26, January.
    5. Wei Yu & Huiqin Huang & Xinyan Kong & Keying Zhu, 2023. "Can Digital Inclusive Finance Improve the Financial Performance of SMEs?," Sustainability, MDPI, vol. 15(3), pages 1-16, January.
    6. Yinhong Yao & Jianping Li, 2022. "Operational risk assessment of third-party payment platforms: a case study of China," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 8(1), pages 1-20, December.
    7. vom Brocke, Jan & Braccini, Alessio Maria & Sonnenberg, Christian & Spagnoletti, Paolo, 2014. "Living IT infrastructures — An ontology-based approach to aligning IT infrastructure capacity and business needs," International Journal of Accounting Information Systems, Elsevier, vol. 15(3), pages 246-274.
    8. Heise, David & Strecker, Stefan & Frank, Ulrich, 2014. "ControlML: A domain-specific modeling language in support of assessing internal controls and the internal control system," International Journal of Accounting Information Systems, Elsevier, vol. 15(3), pages 224-245.
    9. Jin, Justin & Li, Na & Liu, Suyi & Khalid Nainar, S.M., 2023. "Cyber attacks, discretionary loan loss provisions, and banks’ earnings management," Finance Research Letters, Elsevier, vol. 54(C).
    10. Sovan Mitra & Andreas Karathanasopoulos, 2019. "Firm Value and the Impact of Operational Management," Asia-Pacific Financial Markets, Springer;Japanese Association of Financial Economics and Engineering, vol. 26(1), pages 61-85, March.
    11. Satish Kumar & Weng Marc Lim & Nitesh Pandey & J. Christopher Westland, 2021. "20 years of Electronic Commerce Research," Electronic Commerce Research, Springer, vol. 21(1), pages 1-40, March.
    12. Sungchang Kang & Jeongseok Bang & Doojin Ryu, 2024. "Female CEOs’ risk management and earnings performance during the financial crisis," Asian Business & Management, Palgrave Macmillan, vol. 23(1), pages 110-138, February.
    13. Loutfi, Ahmad Amine, 2022. "A framework for evaluating the business deployability of digital footprint based models for consumer credit," Journal of Business Research, Elsevier, vol. 152(C), pages 473-486.
    14. Oliver Henk, 2020. "Internal control through the lens of institutional work: a systematic literature review," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 31(3), pages 239-273, September.
    15. Anum Khan & Muhammad Shujaat Mubarik & Navaz Naghavi, 2023. "What matters for financial inclusions? Evidence from emerging economy," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 28(1), pages 821-838, January.
    16. Li, He & No, Won Gyun & Wang, Tawei, 2018. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors," International Journal of Accounting Information Systems, Elsevier, vol. 30(C), pages 40-55.
    17. Lu Wei & Jianping Li & Xiaoqian Zhu, 2018. "Operational Loss Data Collection: A Literature Review," Annals of Data Science, Springer, vol. 5(3), pages 313-337, September.
    18. Desai, Vikram & Bucaro, Anthony C. & Kim, Joung W. & Srivastava, Rajendra & Desai, Renu, 2023. "Toward a better expert system for auditor going concern opinions using Bayesian network inflation factors," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    19. Shah Jahan Miah & HuyQuan Vu & John Gammack, 2019. "A big-data analytics method for capturing visitor activities and flows: the case of an island country," Information Technology and Management, Springer, vol. 20(4), pages 203-221, December.
    20. Al Quhtani Masoud, 2017. "Data Mining Usage in Corporate Information Security: Intrusion Detection Applications," Business Systems Research, Sciendo, vol. 8(1), pages 51-59, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:45:y:2022:i:c:s1467089522000124. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.