Centralized end-to-end identity and access management and ERP systems: A multi-case analysis using the technology organization environment framework

International Journal of Accounting Information Systems

Volumn 15, Issue 2, 2014, Pages 149-165

  Bradford, Marianne ^a   Earp, Julia B ^a   Grabski, Severin ^b  

^a NORTH CAROLINA STATE UNIVERSITY   (United States)

^b MICHIGAN STATE UNIVERSITY   (United States)

Author keywords

Case study; Centralized end to end identity and access management; Enterprise resource planning system; Identity and access management (IAM); Technology organization environment (TOE) framework

Indexed keywords

EID: 84900552182     PISSN: 14670895     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.accinf.2014.01.003     Document Type: Article

References (61)

1. Aldhizer G. The insider threat. Intern Audit 2008, 65(2):71-73.
2. Antón A., Earp J.B., Young J. How internet users' privacy concerns have evolved since 2002. IEEE Security and Privacy 2010, 8:21-27.
3. Babey E. Costs of enterprise resource planning system implementation - and then some. New Dir High Educ 2006, 136:21-33.
4. Baldwin A., Mont M.C., Beres Y., Shiu S. Assurance for federated identity management. J Computer Sec 2010, 18(4):519-550.
5. Bowen P.L., Cheung M.D., Rohde F.H. Enhancing IT governance practices: a model and case study of an organization's efforts. Int J Account Inf Syst 2007, 8:191-221.
6. Boyle R.J., Panko R.R. Corporate computer security 2012, Pearson. 3rd ed.
7. Bradford M., Florin J. Examining the role of innovation diffusion factors on the implementation success of enterprise resource planning systems. Int J Account Inf Syst 2003, 4(3):205-225.
8. Brazel J., Dang L. The effect of ERP system implementations on the management of earnings and earnings release dates. J Inf Syst 2008, 22(2):1-21.
9. Chandra A., Calderon T.G. Toward a biometric security layer in accounting systems. J Inf Syst 2003, 17(2):51-70.
10. Cooper D.J., Morgan W. Case study research in accounting. Account Horizons 2008, 22(2):159-178.
11. D'Costa-Alphonso M., Lane M. The adoption of single sign-on and multifactor authentication in organisations - a critical evaluation using TOE framework. Issues Informing Sci Inf Technol 2010, 7:161-189.
12. Davis F.D. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q 1989, 13(3):319-339.
13. Davis F.D., Bagozzi R.P., Warshaw P.R. User acceptance of computer technology: a comparison of two theoretical models. Manag Sci 1989, 35(8):982-1003.
14. DePietro R., Wiarda E., Fleischer M. The context for change: organization, technology, and environment. The processes of technological innovation 1990, 151-175. Lexington Books, New York (NY). F. Tornatzky (Ed.).
15. Dhillon G. Guest Editorial: the challenge of managing information security. Int J of Info Mgmt 2004, 24:3-4.
16. Dilnutt R. Knowledge management in practice: three contemporary case studies. Int J Account Inf Syst 2002, 3:75-81.
17. Etges R. The impact of governance on identity management programs. ISACA J 2011, 5:1-4. [Available:http://www.isaca.org/Journal/Past-Issues/2011/Volume-5/Pages/The-Impact-of-Governance-on-Identity-Management-Programs.aspx. Accessed:29.09.2013].
18. A case for case study 1991, University of North Carolina Press, Chapel Hill (NC). J. Feagin, A. Orum, G. Sjoberg (Eds.).
19. Goel S., Shawky H.A. Estimating the market impact of security breach announcements on firm values. Inf Manag 2009, 46:404-410.
20. Grabski S.V., Leech S.A., Schmidt P.J. A review of ERP research: a future agenda for accounting information systems. J Inf Syst 2011, 25:37-78.
21. Gregory P.H. Managing identities in hybrid worlds. Info Sec. 2013, 15(3):14-19. [http://media.techtarget.com/deu/april_ism_109109.html].
22. Griffeth D. Making the case for enterprise IAM centralized access control. Technical guide on managing identities and access control 2010, 3-4. [http://viewer.media.bitpipe.com/1276198763_637/1293124694_93/1217_ISM_eB_ManagingIdentityAccess.pdf].
23. Hitchens M., Varadharajan V. Design and specification of role based access control policies. Software IEEE Proc 2000, 147(4):117-129.
24. InCommon InCommon Federation [Available: http://www.incommonfederation.org/federation/. Accessed:20.08.13].
25. Institute of Internal Auditors Global technology audit guide [Available, Accessed:22.08.2013]. http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/DownloadableDocuments/GTAG9IdentAccessMgmt.pdf.
26. Internet2 Middleware Initiative Identity and access management [Available: http://www.internet2.edu/pubs/200703-IS-MW.pdf. Accessed:21.08.13].
27. Jans M., Lybaert N., Vanhoof K. Internal fraud risk reduction: Results of a data mining case study. International Journal of Accounting Information Systems 2010, 11(1):17-41.
28. Jones L., Antón A.I., Earp J.B. Towards understanding user perceptions of digital identity technologies, sixth workshop on privacy in the electronic society (WPES'07) 2007, 91-98. [Arlington, (VA)].
29. Kaur H. Identity and access management: its role in Sarbanes-Oxley compliance. ISACA J 2011, 6:1-6.
30. Kho N. The changing face of identity management. Econtent 2009, 32(3):20-25.
31. Lee C.P., Shim J.P. An exploratory study of radio frequency identification (RFID) adoption in the healthcare industry. Euro J Inf Syst 2007, 16(6):712-724.
32. Lightle S.S., Vallario C.W. Segregation of duties in ERP. Intern Audit 2003, 60(5):27.
33. Loshin D. Knowledge integrity: data ownership [Available: http://www.datawarehouse.com/article/?articleid=3052. Accessed: 21.08.13].
34. McQuaide B. Identity and access management: transforming e-security into a catalyst for competitive advantage. Inf Syst Control J 2003, 4.
35. Mishra A.N., Konana P., Barua A. Antecedents and consequences of internet use in procurement: an empirical investigation of U.S. manufacturing firms. Inf Syst Res 2007, 18:103-120.
36. O'Leary D. Enterprise resource planning (ERP) systems: an empirical analysis of benefits. J Emerg Technol Account 2004, 1:63-72.
37. Oliver D., Romm E. Issues in university administrative systems: a regional Australian case. Proceedings of the 15th annual conference of the International Academy for Information Management 2000, [Brisbane, Australia].
38. Oracle Identity Management Information secured: manage the end to end user identity lifecycle. Oracle identity management [Available: http://www.oracle.com/ru/products/middleware/identity-management/026095.pdf. Accessed: 20.08.13].
39. Patton M.Q. Qualitative evaluation and research methods 1990, Sage Publications, Newbury Park (CA).
40. Pereira J. Breaking the code: how credit-card data went out the wireless door. Wall Str J 2007, p. A1 [Available: http://online.wsj.com/article/SB117824446226991797.html. Accessed:21.08.13].
41. Rai S., Chukwuma P. Top 10 security and privacy topics for IT auditors. ISACA J 2011, 6:1-5. [Available:http://www.isaca.org/Journal/Past-Issues/2010/Volume-2?pages?Top-10Security-and-Privacy-Topics-for-IT-Auditors1.aspx. Accessed:20.08.13].
42. Raywood D. As the insider threat has increased over 2010, warnings made that more efficient technology is needed [Available: http://www.scmagazineuk.com/as-the-insider-threat-has-increased-over-2010-warnings-made-that-more-efficient-technology-is-needed/printarticle/192889/. Accessed: 21.08.13].
43. Romer H. Security inside out [Available:http://www.oracle.com/us/products/059502.pdf. Accessed: 20.08.13].
44. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. Role-based access control models. Computer 1996, 29(2):38-47.
45. Scapens R.W., Jazayeri M. ERP systems and management accounting change: opportunities or impact. Eur Account Rev 2003, 12(1):201-233.
46. She W., Thuraisingham B. Security for enterprise resource planning systems. Inf Syst Security 2007, 16:152-163.
47. Stake R.E. Handbook of qualitative research 2000, Sage Publications, Thousand Oaks (CA). 2nd ed. N. Denzin, Y. Lincoln (Eds.).
48. Sullivan D. The definitive guide to security management. Channel partner real time publications [Available:http://www2.tech.purdue.edu/cit/courses/cpt443/resources/assignments/ca_security_mgmt.pdf 2007. Accessed: 23.08.13].
49. Tornatzky L.G., Fleischer M. The processes of technological innovation 1990, Lexington Books, Lexington (MA).
50. Torres J., Thomas B. Best practices for technology enablement of internal controls. Presentation at the American Accounting Association Information Systems Section Midyear Conference January 2009.
51. Van de Riet R., Janssen W., de Gruijter P. Security moving from database systems to ERP systems. Database and expert systems applications. Proceedings. Ninth International Workshop on 9th Intl Workshop on DB and Expert Systems Applications 1998, 273-280.
52. Van Grembergen W., De Haes S. Enterprise governance of information technology: achieving strategic alignment and value 2009, Springer.
53. Venkatesh V., Morris M.G., Davis G.B., Davis F.D. User acceptance of information technology: toward a unified view. MIS Q 2003, 27(3):425-478.
54. Wagner W., Antonucci Y.L. The imaginePA project: the first large-scale public sector ERP implementation. Inf Syst Manage 2009, 275-284.
55. Wang H., Cao J., Zhang Y. A flexible payment scheme and its role-based access control. IEEE Trans Knowl Data Eng 2005, 17(3):425-436.
56. Wayman J.L. Biometrics in identity management systems. Security Privacy IEEE 2008, 6(2):30-37.
57. Weill P., Ross J. IT governance: how top performers manage IT decision rights for superior results 2004, Harvard Business Review Press, Boston (MA).
58. Wright A., Wright S. Information systems assurance for enterprise resource planning systems: unique risk considerations. J Inf Syst 2002, 16:99-113.
59. Yin R.K. Case study research: design and methods 2003, Sage Publications, Thousand Oaks (CA).
60. Zhu K., Kraemer K. Post-adoption variation in usage and value of e-business by organizations: cross-country evidence from the retail industry. Inf Syst Res 2005, 16(1):61-84.
61. Zhu K., Kraemer K., Sean Xu K. Electronic business adoption by European firms: a cross-country assessment of the facilitators and inhibitors. Euro J Inf Syst 2003, 12(4):251-268.