Olivia H. Plant , Jos van Hillegersberg , Adina Aldea
{"title":"重新思考IT治理:在DevOps环境中设计一个框架来降低风险并促进内部控制","authors":"Olivia H. Plant , Jos van Hillegersberg , Adina Aldea","doi":"10.1016/j.accinf.2022.100560","DOIUrl":null,"url":null,"abstract":"<div><p>An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as <em>“DevOps”</em>, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are <em>risk appetite</em> and the <em>DevOps maturity</em>. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"45 ","pages":"Article 100560"},"PeriodicalIF":4.1000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1467089522000124/pdfft?md5=08e01e5f20b9be8adb3d7c28a727f988&pid=1-s2.0-S1467089522000124-main.pdf","citationCount":"8","resultStr":"{\"title\":\"Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment\",\"authors\":\"Olivia H. Plant , Jos van Hillegersberg , Adina Aldea\",\"doi\":\"10.1016/j.accinf.2022.100560\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as <em>“DevOps”</em>, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are <em>risk appetite</em> and the <em>DevOps maturity</em>. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.</p></div>\",\"PeriodicalId\":47170,\"journal\":{\"name\":\"International Journal of Accounting Information Systems\",\"volume\":\"45 \",\"pages\":\"Article 100560\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2022-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S1467089522000124/pdfft?md5=08e01e5f20b9be8adb3d7c28a727f988&pid=1-s2.0-S1467089522000124-main.pdf\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Accounting Information Systems\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1467089522000124\",\"RegionNum\":3,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"BUSINESS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Accounting Information Systems","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1467089522000124","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS","Score":null,"Total":0}
Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment
An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as “DevOps”, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are risk appetite and the DevOps maturity. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.
期刊介绍:
The International Journal of Accounting Information Systems will publish thoughtful, well developed articles that examine the rapidly evolving relationship between accounting and information technology. Articles may range from empirical to analytical, from practice-based to the development of new techniques, but must be related to problems facing the integration of accounting and information technology. The journal will address (but will not limit itself to) the following specific issues: control and auditability of information systems; management of information technology; artificial intelligence research in accounting; development issues in accounting and information systems; human factors issues related to information technology; development of theories related to information technology; methodological issues in information technology research; information systems validation; human–computer interaction research in accounting information systems. The journal welcomes and encourages articles from both practitioners and academicians.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
