This artice is free to access.
Organizational control is one of the fundamental functions of management. Although controls come along with performance constraints, organizations rely on control mechanisms to direct attention, motivate, and encourage organizational members to act according to organizational goals and objectives. Managers build their decision on control design on the degree of knowledge about the value creation process and the predictability of the outcome. In this paper, we enhance a popular theoretical framework for organizational control design by enclosing IT-enabled controls. We explore the framework empirically in a multiple case study on Governance, Risk management, and Compliance information systems (GRC IS), a popular new trend in organizational control design. Our findings provide evidence that IT-enabled controls enable a new control mechanism, risk control, for situations with perfect knowledge about the transformation process and high ability to measure output. As research implication, we recommend an extension of organizational control theory to incorporate the effects of information technology on control design. As practical implication, we provide decision support for the selection of GRC controls, depending on situational factors and the expected value proposition. In sum, this research enhances the body of knowledge on organizational control design with a risk-based perspective.
Wiesche, M., Schermann, M., & Krcmar, H. (2011). Understanding the role of information technology for organizational control design: Risk control as new control Mechanism. In IFIP Advances in Information and Communication Technology (Vol. 366, pp. 135–152). Springer New York LLC. https://doi.org/10.1007/978-3-642-24148-2_9