{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T21:16:15Z","timestamp":1777065375750,"version":"3.51.4"},"reference-count":52,"publisher":"Informa UK Limited","issue":"4","funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"crossref","award":["EP\/ K039504\/1"],"award-info":[{"award-number":["EP\/ K039504\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["Information Systems Management"],"published-print":{"date-parts":[[2016,10]]},"DOI":"10.1080\/10580530.2016.1220214","type":"journal-article","created":{"date-parts":[[2016,8,9]],"date-time":"2016-08-09T23:41:33Z","timestamp":1470786093000},"page":"302-315","update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":7,"title":["The Implementation of Governance, Risk, and Compliance IS: Adoption Lifecycle and Enterprise Value"],"prefix":"10.1080","volume":"33","author":[{"given":"Konstantina","family":"Spanaki","sequence":"first","affiliation":[{"name":",","place":["UK"]}]},{"given":"Anastasia","family":"Papazafeiropoulou","sequence":"additional","affiliation":[{"name":",","place":["UK"]}]}],"member":"301","published-online":{"date-parts":[[2016,8,9]]},"reference":[{"key":"e_1_3_3_2_1","first-page":"377","article-title":"Observational techniques","volume":"40","author":"Adler P. A.","year":"1994","unstructured":"Adler, P. A., & Adler, P. (1994). Observational techniques. Handbook of Qualitative Research, 40, 377\u2013392.","journal-title":"Handbook of Qualitative Research"},{"key":"e_1_3_3_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9183-y"},{"key":"e_1_3_3_4_1","doi-asserted-by":"crossref","unstructured":"Asprion P. M. & Knolmayer G. F. (2013 January). Assimilation of compliance software in highly regulated industries: An empirical multitheoretical investigation . 2013 46th Hawaii International Conference on System Sciences (HICSS; pp. 4405\u20134414) Wailea Maui HI.","DOI":"10.1109\/HICSS.2013.107"},{"key":"e_1_3_3_5_1","volume-title":"Implementing SAP R\/3: How to introduce a large system into a large organization","author":"Bancroft N.","year":"1998","unstructured":"Bancroft, N., Seip, H., & Sprengel, A. (1998). Implementing SAP R\/3: How to introduce a large system into a large organization. Greenwich, CT: Manning Publication Co."},{"key":"e_1_3_3_6_1","article-title":"Going beyond operations with enterprise systems","author":"Bhattacharya P. J.","year":"2011","unstructured":"Bhattacharya, P. J., & Seddon, P. B. (2011, December). Going beyond operations with enterprise systems. ACIS 2011 Proceedings, Sydney Australia. Retrieved from http:\/\/aisel.aisnet.org\/acis2011\/51.","journal-title":"ACIS 2011 Proceedings"},{"key":"e_1_3_3_7_1","unstructured":"Bhattacharya P. J. Seddon P. B. & Scheepers R. (2012 December). Enterprise systems for innovation in products and processes: Beyond operational efficiency . Location Location Location: Proceedings of the 23rd Australasian Conference on Information Systems 2012 (ACIS 2012; pp. 1\u201311) Geelong Australia."},{"key":"e_1_3_3_8_1","volume-title":"Transforming qualitative information: Thematic analysis and code development","author":"Boyatzis R. E.","year":"1998","unstructured":"Boyatzis, R. E. (1998). Transforming qualitative information: Thematic analysis and code development. Thousand Oaks, CA: Sage Publications, Inc."},{"key":"e_1_3_3_9_1","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_3_3_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9197-5"},{"issue":"5","key":"e_1_3_3_11_1","first-page":"43","article-title":"The controls challenge","volume":"21","author":"Cangemi M. P.","year":"2008","unstructured":"Cangemi, M. P. (2008). The controls challenge. Bank Accounting & Finance, 21(5), 43\u201352.","journal-title":"Bank Accounting & Finance"},{"key":"e_1_3_3_12_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.36.2.123"},{"key":"e_1_3_3_13_1","doi-asserted-by":"publisher","DOI":"10.1046\/j.1365-2648.1997.t01-25-00999.x"},{"key":"e_1_3_3_14_1","doi-asserted-by":"publisher","DOI":"10.1108\/14637150410518301\u201d"},{"issue":"8","key":"e_1_3_3_15_1","first-page":"20","article-title":"A strategic framework for governance, risk, and compliance","volume":"90","author":"Frigo, M. L., & Anderson, R. J.","year":"2009","unstructured":"Frigo, M. L., & Anderson, R. J. (2009). A strategic framework for governance, risk, and compliance. Strategic Finance, 90(8), 20.","journal-title":"Strategic Finance"},{"key":"e_1_3_3_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9180-1"},{"key":"e_1_3_3_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1555619.1555651"},{"key":"e_1_3_3_18_1","doi-asserted-by":"crossref","unstructured":"Gozman D. & Currie W. (2015 January). Managing governance risk and compliance for post-crisis regulatory change: A model of IS capabilities for financial organizations . 2015 48th Hawaii International Conference on System Sciences (HICSS; pp. 4661\u20134670) Grand Hyatt HI.","DOI":"10.1109\/HICSS.2015.555"},{"key":"e_1_3_3_19_1","doi-asserted-by":"publisher","DOI":"10.1080\/19393550903324936"},{"key":"e_1_3_3_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9179-7"},{"key":"e_1_3_3_21_1","doi-asserted-by":"publisher","DOI":"10.2307\/249410"},{"key":"e_1_3_3_22_1","doi-asserted-by":"publisher","DOI":"10.1201\/1078\/43186.15.4.19980901\/31145.2"},{"key":"e_1_3_3_23_1","volume-title":"Continuous auditing\/continuous Monitoring\u2013Using technology to drive value by managing risk and improving performance","author":"Leishman M.","year":"2009","unstructured":"Leishman, M., Brouwers, P., & Farineau, D. (2009). Continuous auditing\/continuous Monitoring\u2013Using technology to drive value by managing risk and improving performance. KPMG International Report."},{"key":"e_1_3_3_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9185-9"},{"key":"e_1_3_3_25_1","volume-title":"Framing the domains of IT management: Projecting the future through the past","author":"Markus M. L.","year":"2000","unstructured":"Markus, M. L., & Tanis, C. (2000). The enterprise systems experience - from adoption to success. In R. W. Zmud (Ed.), Framing the domains of IT management: Projecting the future through the past (1st ed., pp. 173\u2013207). Cincinnati, OH: Pinnaflex Educational Resources.","edition":"1"},{"key":"e_1_3_3_26_1","volume-title":"Designing qualitative research","author":"Marshall C.","year":"1999","unstructured":"Marshall, C., & Rossman, G. B. (1999). Designing qualitative research. Thousand Oaks, CA: Sage Publications."},{"key":"e_1_3_3_27_1","doi-asserted-by":"publisher","DOI":"10.1108\/17410390710717110"},{"key":"e_1_3_3_28_1","volume-title":"Qualitative data analysis: An expanded sourcebook","author":"Miles M. B.","year":"1994","unstructured":"Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook (2nd ed.). Thousand Oaks, CA: Sage.","edition":"2"},{"key":"e_1_3_3_29_1","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.jdg.2050066"},{"key":"e_1_3_3_30_1","doi-asserted-by":"publisher","DOI":"10.1080\/10580530.2013.794601"},{"key":"e_1_3_3_31_1","doi-asserted-by":"crossref","unstructured":"Nissen V. & Marekfia W. (2013 July). Towards a research agenda for strategic governance risk and compliance (GRC) management . 2013 IEEE 15th Conference on Business Informatics (CBI; pp. 1\u20136) Geneva Switzerland.","DOI":"10.1109\/CBI.2013.9"},{"key":"e_1_3_3_32_1","doi-asserted-by":"publisher","DOI":"10.4236\/jssm.2014.72007"},{"key":"e_1_3_3_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-015-9572-3"},{"key":"e_1_3_3_34_1","doi-asserted-by":"publisher","DOI":"10.3102\/00346543061003287"},{"key":"e_1_3_3_35_1","first-page":"230","article-title":"Designing qualitative studies","volume":"3","author":"Patton M. Q.","year":"2002","unstructured":"Patton, M. Q. (2002). Designing qualitative studies. Qualitative Research and Evaluation Methods, 3, 230\u2013246.","journal-title":"Qualitative Research and Evaluation Methods"},{"key":"e_1_3_3_36_1","doi-asserted-by":"crossref","unstructured":"Racz N. Seufert A. & Weippl E. (2010a June). A frame of reference for research of integrated governance risk & compliance (GRC) . Proceedings of IFIP CMS 2010 Linz Austria.","DOI":"10.1007\/978-3-642-13241-4_11"},{"key":"e_1_3_3_37_1","article-title":"A process model for integrated IT governance, risk, and compliance management","author":"Racz N.","year":"2010","unstructured":"Racz, N., Seufert, A., & Weippl, E. (2010b, July). A process model for integrated IT governance, risk, and compliance management. Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010; pp. 155\u2013170), Riga, Latvia.","journal-title":"Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010;"},{"key":"e_1_3_3_38_1","volume-title":"Foundations of GRC: Establishing an enterprise view of risk & compliance","author":"Rasmussen M.","year":"2009","unstructured":"Rasmussen, M. (2009). Foundations of GRC: Establishing an enterprise view of risk & compliance. Corporate Integrity, Governance, Risk Manager and Compliance Research. Retrieved from http:\/\/fm.sap.com\/data\/UPLOAD\/files\/Establishing_an_Enterprise_View_of_Risk_Compliance.pdf"},{"key":"e_1_3_3_39_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2002.11045713"},{"key":"e_1_3_3_40_1","volume-title":"Enterprise architecture as strategy: Creating a foundation for business execution","author":"Ross J. W.","year":"2006","unstructured":"Ross, J. W., Weill, P., & Robertson, D. C. (2006). Enterprise architecture as strategy: Creating a foundation for business execution. Boston, MA: Harvard Business School Press."},{"key":"e_1_3_3_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-009-9223-7"},{"key":"e_1_3_3_42_1","doi-asserted-by":"publisher","DOI":"10.1108\/17410390610678331"},{"key":"e_1_3_3_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.344"},{"key":"e_1_3_3_44_1","unstructured":"Spanaki K. & Papazafeiropoulou A. (2013 June). Analysing the governance risk and compliance (Grc) implementation process: Primary insights . European Conference on Information Systems (ECIS) Utrecht The Netherlands."},{"key":"e_1_3_3_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-010-9235-3"},{"key":"e_1_3_3_46_1","doi-asserted-by":"publisher","DOI":"10.3316\/QRJ1102063"},{"key":"e_1_3_3_47_1","doi-asserted-by":"publisher","DOI":"10.3102\/0034654308326349"},{"key":"e_1_3_3_48_1","unstructured":"Teoh S. Tng Q. & Pan S. (2008 June). The emergence of dynamic capabilities from a SME-enterprise system upgrade . 16th European Conference on Information Systems Galway Ireland."},{"key":"e_1_3_3_49_1","doi-asserted-by":"publisher","DOI":"10.1080\/10580530.2011.585585"},{"key":"e_1_3_3_50_1","volume-title":"Wertorientierte unternehmenssteuerung: Konzepte\u2013 implementierung\u2013praxisstatements [Value-based management: Concepts\u2013implementation\u2013practical experiences]","author":"Weber J.","year":"2004","unstructured":"Weber, J., Bramsemann, U., & Heineke, C. (2004). Wertorientierte unternehmenssteuerung: Konzepte\u2013 implementierung\u2013praxisstatements [Value-based management: Concepts\u2013implementation\u2013practical experiences]. Wiesbaden, Germany: Gabler Verlang."},{"key":"e_1_3_3_51_1","first-page":"208","article-title":"Patterns for understanding control requirements for information systems for governance, risk management, and compliance (GRC IS)","author":"Wiesche M.","year":"2011","unstructured":"Wiesche, M., Berwing, C., Schermann, M., & Krcmar, H. (2011, June). Patterns for understanding control requirements for information systems for governance, risk management, and compliance (GRC IS). In Proceedings of CAiSE 2011 International Workshops, Advanced Information Systems Engineering Workshops (pp. 208\u2013217), London, UK.","journal-title":"In Proceedings of CAiSE 2011 International Workshops, Advanced Information Systems Engineering Workshops"},{"key":"e_1_3_3_52_1","doi-asserted-by":"crossref","unstructured":"Wiesche M. Schermann M. & Krcmar H. (2011). Understanding the role of information technology for organizational control design: Risk control as new control mechanism. In Governance and sustainability in information systems. Managing the transfer and diffusion of IT (pp. 135\u2013152). Berlin Germany: Springer.","DOI":"10.1007\/978-3-642-24148-2_9"},{"key":"e_1_3_3_53_1","unstructured":"Yu Y. R. Seo S. C. & Kim B. K. (2013 January). IT GRC-based IT internal control framework . 2013 15th International Conference on Advanced Communication Technology (ICACT; pp. 382\u2013385) PyeongChang Korea."}],"container-title":["Information Systems Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/10580530.2016.1220214","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,10]],"date-time":"2025-04-10T11:04:14Z","timestamp":1744283054000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/10580530.2016.1220214"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,8,9]]},"references-count":52,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,10]]}},"alternative-id":["10.1080\/10580530.2016.1220214"],"URL":"https:\/\/doi.org\/10.1080\/10580530.2016.1220214","relation":{},"ISSN":["1058-0530","1934-8703"],"issn-type":[{"value":"1058-0530","type":"print"},{"value":"1934-8703","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,8,9]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uism20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uism20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2016-08-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}