IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v45y2022ics1467089522000124.html
   My bibliography  Save this article

Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment

Author

Listed:
  • Plant, Olivia H.
  • van Hillegersberg, Jos
  • Aldea, Adina

Abstract

An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as “DevOps”, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are risk appetite and the DevOps maturity. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.

Suggested Citation

  • Plant, Olivia H. & van Hillegersberg, Jos & Aldea, Adina, 2022. "Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment," International Journal of Accounting Information Systems, Elsevier, vol. 45(C).
    • Handle: RePEc:eee:ijoais:v:45:y:2022:i:c:s1467089522000124
    DOI: 10.1016/j.accinf.2022.100560
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089522000124
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2022.100560?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Benaroch, Michel & Chernobai, Anna & Goldstein, James, 2012. "An internal control perspective on the market value consequences of IT operational risk events," International Journal of Accounting Information Systems, Elsevier, vol. 13(4), pages 357-381.
    2. Stoel, M. Dale & Muhanna, Waleed A., 2011. "IT internal control weaknesses and firm performance: An organizational liability lens," International Journal of Accounting Information Systems, Elsevier, vol. 12(4), pages 280-304.
    3. Geerts, Guido L., 2011. "A design science research methodology and its application to accounting information systems research," International Journal of Accounting Information Systems, Elsevier, vol. 12(2), pages 142-151.
    4. Kumar, Satish & Marrone, Mauricio & Liu, Qi & Pandey, Nitesh, 2020. "Twenty years of the International Journal of Accounting Information Systems: A bibliometric analysis," International Journal of Accounting Information Systems, Elsevier, vol. 39(C).
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Fábio Albuquerque & Paula Gomes Dos Santos, 2023. "Recent Trends in Accounting and Information System Research: A Literature Review Using Textual Analysis Tools," FinTech, MDPI, vol. 2(2), pages 1-27, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Sangjae Lee & Seongil Jeon & ByungWon Lee, 2019. "Security Controls for Employees’ Satisfaction: Perspective of Controls Framework," SAGE Open, , vol. 9(2), pages 21582440198, May.
    2. Albanese, Massimo, 2023. "Reviewing literature through multidimensional representations," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    3. Wei Yu & Huiqin Huang & Xinyan Kong & Keying Zhu, 2023. "Can Digital Inclusive Finance Improve the Financial Performance of SMEs?," Sustainability, MDPI, vol. 15(3), pages 1-16, January.
    4. Jin, Justin & Li, Na & Liu, Suyi & Khalid Nainar, S.M., 2023. "Cyber attacks, discretionary loan loss provisions, and banks’ earnings management," Finance Research Letters, Elsevier, vol. 54(C).
    5. Sovan Mitra & Andreas Karathanasopoulos, 2019. "Firm Value and the Impact of Operational Management," Asia-Pacific Financial Markets, Springer;Japanese Association of Financial Economics and Engineering, vol. 26(1), pages 61-85, March.
    6. Satish Kumar & Weng Marc Lim & Nitesh Pandey & J. Christopher Westland, 2021. "20 years of Electronic Commerce Research," Electronic Commerce Research, Springer, vol. 21(1), pages 1-40, March.
    7. Sungchang Kang & Jeongseok Bang & Doojin Ryu, 2024. "Female CEOs’ risk management and earnings performance during the financial crisis," Asian Business & Management, Palgrave Macmillan, vol. 23(1), pages 110-138, February.
    8. Loutfi, Ahmad Amine, 2022. "A framework for evaluating the business deployability of digital footprint based models for consumer credit," Journal of Business Research, Elsevier, vol. 152(C), pages 473-486.
    9. Li, He & No, Won Gyun & Wang, Tawei, 2018. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors," International Journal of Accounting Information Systems, Elsevier, vol. 30(C), pages 40-55.
    10. Lu Wei & Jianping Li & Xiaoqian Zhu, 2018. "Operational Loss Data Collection: A Literature Review," Annals of Data Science, Springer, vol. 5(3), pages 313-337, September.
    11. Desai, Vikram & Bucaro, Anthony C. & Kim, Joung W. & Srivastava, Rajendra & Desai, Renu, 2023. "Toward a better expert system for auditor going concern opinions using Bayesian network inflation factors," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    12. Shah Jahan Miah & HuyQuan Vu & John Gammack, 2019. "A big-data analytics method for capturing visitor activities and flows: the case of an island country," Information Technology and Management, Springer, vol. 20(4), pages 203-221, December.
    13. Mounia Boulhaga & Abdelfettah Bouri & Ahmed A. Elamer & Bassam A. Ibrahim, 2023. "Environmental, social and governance ratings and firm performance: The moderating role of internal control quality," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 30(1), pages 134-145, January.
    14. Choi, Dongjoon & Lee, Hansol & Lee, Ho-Young & Park, Hyun-Young, 2021. "The association between human resource investment in IT controls over financial reporting and investment efficiency," International Journal of Accounting Information Systems, Elsevier, vol. 43(C).
    15. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    16. Heidari, Farideh & Loucopoulos, Pericles, 2014. "Quality evaluation framework (QEF): Modeling and evaluating quality of business processes," International Journal of Accounting Information Systems, Elsevier, vol. 15(3), pages 193-223.
    17. Mahama, Habib & Elbashir, Mohamed Z. & Sutton, Steve G. & Arnold, Vicky, 2016. "A further interpretation of the relational agency of information systems: A research note," International Journal of Accounting Information Systems, Elsevier, vol. 20(C), pages 16-25.
    18. Søgaard, Jonas Sveistrup, 2021. "A blockchain-enabled platform for VAT settlement," International Journal of Accounting Information Systems, Elsevier, vol. 40(C).
    19. Ali, Irfan, 2016. "The impact of ERP implementation on the financial performance of the firm : An empirical study," Other publications TiSEM 876506f5-1aed-4421-aa2c-0, Tilburg University, School of Economics and Management.
    20. Heravi, Bahareh Rahmanzadeh & Lycett, Mark & de Cesare, Sergio, 2014. "Ontology-based standards development: Application of OntoStanD to ebXML business process specification schema," International Journal of Accounting Information Systems, Elsevier, vol. 15(3), pages 275-297.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:45:y:2022:i:c:s1467089522000124. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.