Yves Pigneur

Bonazzi, R., Hussami, L., Pigneur, Y. (2010) Compliance management is becoming a major issue in IS design. inD’Atri, A., Saccà, D. Information systems: people, organizations, institutions, and technologies, Physica Verlag, Springer:391-398

initially presented at the 5th Conference of the Italian Chapter of AIS (2008)

This article aims at improving the information systems management support to Risk and Compliance Management process, i.e. the management of all compliance imperatives that impact an organization, including both legal and strategically self-imposed imperatives. We propose a process to achieve such regulatory compliance by aligning the Governance activities with the Risk Management ones, and we suggest Compliance should be considered as a requirement for the Risk Management platform. We will propose a framework to align law and IT compliance requirements and we will use it to underline possible directions of investigation resumed in our discussion section. This work is based on an extensive review of the existing literature and on the results of a four-month internship done within the IT compliance team of a major financial institution in Switzerland, which has legal entities situated in different countries.

(pdf)

Bonazzi, R., Pigneur, Y. (2008) Compliance Management in Multi-actors Contexts. Proc. Intl Workshop on Governance, Risk and Compliance (GRCIS), An ancillary meeting of CAISE 2009

The main contribution of this paper lays in the idea of considering regulatory compliance management as a specific situation, where risks to mitigate are sometimes opportunities and where ambiguous and constantly changing requirements come from different stakeholders. We designed a solution and developed an artifact, which supports different users (namely business managers, compliance officers, and responsible of the Enterprise information system) achieving a shared agreement concerning the alignment between regulations and their information system. We will present how we are planning the test our solution in an enterprise by means of three scenarios.

(pdf)

(2008 – 2011)

Information Technology (IT) departments are under pressure to deliver business value to their organization. There is a need for RE methods that enable engineers to align IT system requirements with the business value expected by the organization. This is becoming ever more complicated with the emergence of complicated business models where the barriers between competitors, suppliers and customers are torn down through the use of IT systems and globalization. Ever more stringent regulations in all types markets are also changing the value proposition expected by companies and public sector organizations. Business-oriented RE methods have only emerged in recent years and much work remains to be done. This proposal seeks to research methods for modeling and simulating these new business models, analyze the value that IT systems can provide and define requirements for these IT systems. The modeling and analysis are based on the inclusion of game theory and system dynamics models within existing business oriented RE methods.

Doctoral thesis
Riccardo Bonnazi, Designing a compliance support system

Research grants
Funded by the Swiss National Science Foundation (NSF) under grant number xxx.
Prime contractor is EPFL – LAMS lab (Prof. Alain Wegmann)

(2008 – 2010)

This research aims at improving the information systems management support to Risk and Compliance Management process and/or value chain for ’nancial industry, speci’cally in an networked context. Compliance Management is the management of all compliance imperatives that impact an organization, including both legal (SOX, Basel II, MiFID …) and strategically self-imposed imperatives (mission statements, codes, standards, guidelines, etc.). Currently there is no application framework and open ontology on the market integrating multiple external service providers in the compliance management context.

Doctoral thesis
Lot’ Hussami, title to be de’ned.

Research grants
University of Lausanne