Paul John Steinbart

The effects of alternative supplementary display formats on balanced scorecard judgments

Abstract Using the Balanced Scorecard (BSC) to evaluate performance is a complex judgment task involving a large set of performance measures. Commercially available BSC software provides capabilities for providing decision guidance to the user through the design of supplementary information displays. This study compares the judgment performance of decision makers who received BSC data for two divisions of a simulated company in one of three formats: (1) individual BSCs for each division, (2) individual divisional BSCs supplemented by a side-by-side tabular summary of each divisions performance, and (3) individual divisional BSCs supplemented by a side-by-side graphical comparison of each divisions performance. Providing supplemental tabular displays did not improve judgment consensus, relative to viewing separate displays, but did improve consistency between performance evaluation and bonus allocation decisions. Consensus for participants using supplemental graphical displays was lower than that for participants viewing separate displays for each division. Further, participants given supplemental graphical displays exhibited lower judgment consensus and lower consistency between performance evaluation and bonus allocation decisions than those using supplemental tables. Inconsistency and lack of consensus are likely to create perceptions of unfairness, thereby increasing dissatisfaction with and resistance to continued use of the BSC. Thus, our findings indicate the need for care when designing and implementing BSC decision aids.

The relationship between internal audit and information security: An exploratory investigation

The internal audit and information security functions should work together synergistically: the information security staff designs, implements, and operates various procedures and technologies to protect the organizations information resources, and internal audit provides periodic feedback concerning effectiveness of those activities along with suggestions for improvement. Anecdotal reports in the professional literature, however, suggest that the two functions do not always have a harmonious relationship. This paper presents the first stage of a research program designed to investigate the nature of the relationship between the information security and internal audit functions. It reports the results of a series of semi-structured interviews with both internal auditors and information systems professionals. We develop an exploratory model of the factors that influence the nature of the relationship between the internal audit and information security functions, describe the potential benefits organizations can derive from that relationship, and present propositions to guide future research.

A Survey of Consumer Information Privacy from the Accounting Information Systems Perspective

ABSTRACT:  The information privacy of consumers is an important public policy issue in todays society, and one that businesses, industries, and governments are continuing to struggle with as information technology (IT) innovations create ever-stronger impacts. In this article, we explore consumer information privacy issues and review the results of related prior research. We provide a survey of the literature on information privacy based on our assessment from: (1) the societal and public policy perspective, (2) the business practices perspective, and (3) the individual privacy and consumer behavior perspectives that relate to the disclosure of private information by individuals to firms. From the societal and public policy perspective, we identify a number of research directions that relate to the social welfare implications of personal information surveillance, the safeguards needed at the societal level, and the nature of privacy-enhancing regulations. From the business practices perspective, we sugge...

The Journal of Information Systems: A Review of the First 15 Years

The publication of the Spring 2001 issue marks the completion of the first 15 years of the Journal of Information Systems (JIS). This paper analyzes the content of articles published, the research methods used, the sources referenced, and impact of articles published in JIS. The analyses provide insights concerning the development of accounting information systems research that should be of interest not only to readers of and contributors to JIS, but also to current and prospective doctoral students who are interested in the field of accounting information systems. Accounting researchers specializing in other disciplines may also find this paper beneficial in understanding the research interests of their accounting information systems colleagues.

Using Information Display Characteristics to Provide Decision Guidance in a Choice Task under Conditions of Strict Uncertainty

This paper investigates the effects of two display characteristics on decisions in a preferential choice task under conditions of strict uncertainty. Participants receiving information in tabular format (n = 83) made fewer compensatory choices, more maximin choices, and selected dominated alternatives more often when outcome distributions were described in terms of a midpoint and variability rather than minimum and maximum values. In contrast, participants given data in a graphical format (n = 80) made more compensatory choices with midpoint‐variability than with min‐max graphs. Participants given information in graphical format selected fewer dominated alternatives than did participants who received the same information in tabular format. These findings have important policy implications. While it may be desirable to use display characteristics to influence employees to make decisions consistent with organizational policies, the desirability of providing such “persuasive” decision guidance is problematic...

Examining the Continuance of Secure Behavior: A Longitudinal Field Study of Mobile Device Authentication

It is not enough to get information technology (IT) users to adopt a secure behavior. They must also continue to behave securely. Positive outcomes of secure behavior may encourage the continuance of that behavior, whereas negative outcomes may lead users to adopt less-secure behaviors. For example, in the context of authentication, login success rates may determine whether users continue to use a strong credential or switch to less secure behaviors (e.g., storing a credential or changing to a weaker, albeit easier to successfully enter, credential). Authentication is a particularly interesting security behavior for information systems researchers to study because it is affected by an IT artifact (the design of the user interface). Laptops and desktop computers use full-size physical keyboards. However, users are increasingly adopting mobile devices, which provide either miniature physical keypads or touchscreens for entering authentication credentials. The difference in interface design affects the ease of correctly entering authentication credentials. Thus, the move to use of mobile devices to access systems provides an opportunity to study the effects of the user interface on authentication behaviors. We extend existing process models of secure behaviors to explain what influences their (dis)continuance. We conduct a longitudinal field experiment to test our predictions and find that the user interface does affect login success rates. In turn, poor performance (login failures) leads to discontinuance of a secure behavior and the adoption of less-secure behaviors. In summary, we find that a process model reveals important insights about how the IT artifact leads people to (dis)continue secure behaviors.

SECURQUAL: An Instrument for Evaluating the Effectiveness of Enterprise Information Security Programs

ABSTRACT: The ever-increasing number of security incidents underscores the need to understand the key determinants of an effective information security program. Research that addresses this topic requires objective measures, such as number of incidents, vulnerabilities, and non-compliance issues, as indicators of the effectiveness of an organizations information security activities. However, these measures are not readily available to researchers. While some research has used subjective assessments as a surrogate for objective security measures, such an approach raises questions about scope and reliability. To remedy these deficiencies, this study uses the COBIT Version 4.1 Maturity Model Rubrics to develop an instrument (SECURQUAL) that obtains an objective measure of the effectiveness of enterprise information security programs. We show that SECURQUAL scores reliably predict objective measures of information security program effectiveness. Future research might use the instrument as a surrogate effecti...

Measuring Privacy Concern and the Right to Be Forgotten

The ‘right to be forgotten’ (RTBF) is an emerging concept that refers to an individual’s ability to have data collected about themselves permanently deleted or “destroyed”—the final stage of the information life cycle. However, we do not yet understand where RTBF fits into existing theory and models of privacy concerns. This is due, at least in part, to the lack of validated instruments to assess RTBF. Therefore, following the methodology detailed by MacKenzie et al. [1], this paper develops scales to measure individuals’ concerns about the RTBF. We validate the scale and show that the RTBF represents a separate dimension of privacy concerns that is not reflected in existing privacy concerns instruments.

The Need for AIS Research on Information Security

在會計資訊系統研究領域來說，資訊安全是一個重要的議題，因為它影響著會計資訊的可靠性。然而，現今有許多關於技術方面的研究是在探討新的安全工具、技術等，但卻很少有研究是在探討企業導向的資訊安全議題，因此會計資訊的研究者可以增補其對電腦科學技術之資訊安全方面的知識，且藉由探討及研究資訊安全的議題而能對企業的資訊安全管理有所影響並具管理意涵。由此可知，資訊安全的議題不只是在資訊技術的探討上，而是在於人們如何來決定組織整體的資訊安全水準？所以本文乃提出二個特別重要的主題，亦即須增進高階管理者對資訊安全投資的支持及促進員工固守最佳資訊安全政策的實行。此外，會計資訊系統的研究者亦可以使用不同的研究方法而檢視安全議題。因此，會計資訊系統在資訊安全的研究上不但提出一個重要的會計資訊系統議題，而且也提供一個會計資訊系統研究聯結其他學科的機會。

Discussion of “The effects of multimedia-induced affective states on recall and decision making by individual investors”

Abstract Rose (this issue) presents the results of two experiments designed to examine the effects of information presentation characteristics, specifically the use of multimedia, on decision making. Recent advances in information technology make this is an important and timely topic. Roses study provides useful insights and should stimulate additional research. As with any experiment, however, there are important limitations that should be addressed and corrected in future studies.