UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Controls in business and IT : formalization and application Limonad, Lior


Controls in business are the means used to ensure business operations comply with a set of given rules, such as legal requirements, standards, and policies. Business compliance with regulations has gained particular importance due to the introduction of legislation to prevent business misconduct, such as the Sarbanes-Oxley Act of 2002 in the U.S. One outcome is that controls are more widely used and are often related to Information Technology (IT), because IT systems are used to implement business controls, and because the introduction of IT entails additional control concerns. Thus, control aspects should be an integral part of the analysis and design of information systems. Furthermore, information systems need to be examined for the completeness and correctness of their controls. Despite the importance of controls, no general, well-formalized, framework is available to guide the analysis of control requirements, or the design of controls in systems. This work introduces a conceptual framework for controls, based on an ontological foundation. The framework is built upon the key notion of the control system, from which two complementary views were derived: the Enterprise View (EV) which conceptualizes control as a `thing', and the Process View (PV) which conceptualizes control as an `action'. Based on these views, two concrete applications were developed to evaluate the correctness and usefulness of the underlying conceptual framework. A classification scheme, or a typology, was derived from the EV and can be used to manage control assets. The second application is a process modeling grammar enrichment, which was derived from the PV and is designed to explicitly incorporate control activities in two alternative styles. Both proposed applications were empirically evaluated, concluding their effectiveness in promoting better organizational compliance.

Item Media

Item Citations and Data


Attribution-NonCommercial-NoDerivs 2.5 Canada