The Role of Information Systems in Supporting Exploitative;剥削的？利用的？开发资源的；
and Exploratory Management Control Activities
Michael Schermann , Manuel Wiesche , Helmut Krcmar
Technical University Munich
The goal of this research was to investigate the role of information systems (IS) in helping organizations to address the challenge of achieving a trade-off between exploitative and exploratory management control activities. The relationship between IS and management control activities is complex;复杂
的； and stems from different theoretical
backgrounds. We adopted a grounded theory
approach to offer an integrative综合的 lens;镜
头 ；on this multi-faceted issue. Through the study of information systems for governance, risk management, and compliance(顺从) (GRC IS) as a
recent practice-driven initiative to establish the means for balancing exploitative and exploratory management control activities, we developed a grounded model of the relationship between IS and management control activities. Our model highlights the ways in which GRC IS serve as a catalyzer for establishing balanced management control systems that enable managers to simultaneously exploit and explore richer management control information.
Keywords: governance, risk management, compliance, GRC, information technology, management control, exploitation and exploration, grounded theory
Published Online: July 2012
The authors thank the anonymous reviewers at the Journal of Management Accounting Research Conference in Houston, Texas and Christopher S. Chapman for providing helpful comments on earlier drafts of this article. The authors acknowledge the invaluable support of Lydia Engler and Melina Elbert during data collection and data analysis. We acknowledge editorial revision of this manuscript provided by Carol Krcmar. We thank SAP AG for funding this project as part of the collaborative research center, Center for Very Large Business Applications (CVLBA). Support for this research was also provided by the Technische Universität München (TUM) Graduate School and the TUM Center for Doctoral Studies in Informatics and its Applications (CeDoSiA).
A central issue in management research is finding and maintaining a balance between exploitative and exploratory activities (March 1991). Exploitative activities focus on efficiency and reducing deviations in performance and include
standardization, refinement, and establishment of routines. Exploratory activities focus on innovation and include experimentation, risk taking, and search. While organizations that solely focus on
exploitation may have difficulty developing new competitive advantages, organizations that solely focus on exploration may have difficulty
transforming their innovative ideas into competitive advantages. Hence, the challenge to management is to achieve maintainable trade-offs to resolve the
tension between exploitative and exploratory activities as they “are essential for organizations, but ... compete for scarce resources. As a result, organizations make explicit and implicit choices between the two” (March 1991, 71).
In management control research, this tension has been explored in relation to Simons' (1995) levers of control framework. Adopting quantitative and qualitative approaches, a number of studies have explicitly investigated how management controls entail balancing and trade-offs (e.g., Henri 2006; Mundy 2010; Widener 2007). An important aspect of management control activities is the nature of the information systems that support them, and so the goal of this research was to investigate the role of information systems (IS) in helping organizations address the challenge of achieving a trade-off between exploitative and exploratory management control activities (Simons 2010).
A complex relationship between IS and
management control has been presented in the literature. Information systems help to reduce the effort required for acquiring, analyzing, integrating, and reporting information on organizational behavior and outcomes (Chapman and Kihn 2009; Dittmar 2007; Fisher 2007). In doing so, IS establish an integrated control overview (Chan 2002), enable organizations to measure control effectiveness (Ashbaugh-Skaife et al. 2008), and help to support decision-making (Beneish et al. 2008). Further, IS provide new capabilities for management control as “data become accurate, shareable, and available to different parties without creating the panoptic dream of visibility and action at a distance” (Dechow and Mouritsen 2005, 729).
Because the literature around this important topic is found in multiple disciplines with different
theoretical backgrounds and concepts, we seek to offer an integrative perspective that draws together these diffuse insights. To help us develop such a perspective, we investigated the recent
practitioner-driven phenomenon of information systems for governance, risk management, and compliance (GRC IS). Originally, GRC IS were developed as IT-enabled management control systems to respond to tightened regulatory requirements (e.g., the Sarbanes-Oxley Act). Thus, GRC IS support exploitative management control activities through the “automation of the management, measurement, remediation, and reporting of controls and risks against objectives in accordance with rules, regulations, standards, policies, and business decisions” (Caldwell et al. 2011, 3). More recently, however, organizations introduce GRC IS, without actual regulatory need, to support exploratory management control activities through establishing transparency and traceability
in decision-making and new business analytics capabilities (Caldwell et al. 2011).
We adopted a grounded theory approach to
investigate the role of IS in supporting exploitative and exploratory management control activities (Glaser and Strauss 2001; Suddaby 2006). In particular, we were interested in the rationale for introducing and using GRC IS by stakeholders such as executives, compliance officers, and
administrative staff. The grounded theory approach seemed appropriate to integrate the diverse theories and concepts on the role of IS in supporting management control activities “as a stimulus [and] initial direction in developing relevant categories and properties and in choosing possible modes of” integrating extant literature
(Glaser and Strauss 2001, 79). Thus, in terms of our research, grounded theory provides the
methodological guidelines to study GRC IS as a
practice-driven initiative. Using the principle of constant comparison (Glaser and Strauss 2001), we analyzed the responses from semi-structured interviews with 21 practitioners on the rationale and benefits of GRC IS. We did rounds of open coding using theoretical sampling for diversity. The resulting preliminary model was reviewed and discussed (Wiesche et al. 2011) which yielded further dimensions for coding. Based on the principles of theoretical sampling, we then conducted a second round of interviews, which led to theoretical saturation.
Our grounded model indicates that GRC IS serve as a catalyst for establishing balanced management control systems that enable managers to use controls to engage simultaneously in exploitative and exploratory activities. IT-enabled management control systems such as GRC IS facilitate an overview of the current state of an organization's
management controls and offer opportunities for refinement and automatic execution of
management controls. For exploitative purposes, GRC IS assist in assessing the effectiveness and efficiency of management controls. Simultaneously, GRC IS provide an information platform that offers richer and timelier data about performance deviations and emergent chances and risks. Managers can interact with GRC IS to develop and explore scenarios and experiment with exploratory and exploitative control information. Our model structures the catalyzing effects and relates these to different theoretical backgrounds of exploitative and exploratory management control activities. Thus we have integrated disparate views from the literature on the role of information systems in supporting management control activities.
The remainder of this paper is structured as follows. First, we describe the theoretical foundation for