Why do information system controls fail to prevent unethical behavior?

Date09 May 2016
Publication Date09 May 2016
AuthorKarma Sherif,Richard Pitre,Mariatu Kamara
SubjectInformation & knowledge management,Knowledge management,Knowledge management systems
Why do information system
controls fail to prevent
unethical behavior?
Karma Sherif
Department of Business Administration, Texas Southern University,
Houston, Texas, USA, and
Richard Pitre and Mariatu Kamara
Department of Accounting and Finance, Texas Southern University,
Houston, Texas, USA
Purpose – The purpose of this paper is to examine the ability of enterprise systems and embedded
controls to prevent unethical behavior within organizations.
Design/methodology/approach – The authors use a case study to explore how the conguration of
information technology (IT) controls within enterprise systems and their effectiveness in preventing
unethical behavior is compromised by the tone at the top.
Findings – The study highlights the decisive role of cultural values and leadership in moderating the
relationship between IT controls and unethical behavior and the realization that ethical environments
are socially constructed not enforced.
Research limitations/implications – The limitation of this research is that the authors conducted
one case study in an institution of higher education to refute the theory that IT controls embedded
within enterprise systems can prevent unethical, and thus, the results may not be generalizable to other
Practical implications An important implication of the research is that the conguration of
information system controls is affected by the organizational culture and the ethical values embraced
by top management. When the tone at the top does not emphasize the ethical code of conduct, the
conguration of IT controls will be compromised leaving organizations vulnerable at all levels.
Originality/value – Although the authors have a wealth of knowledge on ethics and theories that
explain why unethical decision-making continue to surface to the headlines, they have little explanation
as to why enterprise systems fail to stop unethical behavior in organizations. This study explores
technical, organizational and individual factors that contribute to unethical decision-making.
Keywords Ethics, Enterprise resource planning, Case study methods,
Conguration of the ERP system, IT controls, Tone at the top
Paper type Research paper
Given the recent corporate scandals that erupted in the past decade, there has been
considerable interest in tools, processes and policies that prevent unethical behavior in
organizations. Despite the wide adoption of information systems (IS) and the
conguration of tight controls, it remains unclear why IS controls have not been
successful in preventing unethical behavior. This research explores the impact of
various detective and preventative IS controls on preventing unethical behavior. The
The current issue and full text archive of this journal is available on Emerald Insight at:
Received 28 April 2015
Revised 20 December 2015
Accepted 25 February 2016
VINEJournal of Information and
KnowledgeManagement Systems
Vol.46 No. 2, 2016
©Emerald Group Publishing Limited
DOI 10.1108/VJIKMS-04-2015-0028
research also studies the effect of tone at the top in shaping ethical values and
conguring IS controls. A case study approach is adopted, showing how an educational
institution that adopted an expensive enterprise resource planning (ERP) system with a
myriad of IS controls fails to stop unethical behavior at all levels until leadership is
replaced and extensive training and dialogue begin to develop a new social identity.
While qualitative evidence supports the ability of IS controls to limit unethical behavior,
the study highlights the decisive role of cultural values and leadership in moderating the
relationship. Findings also underscore the realization that ethical environments are
socially constructed not enforced.
The avalanche of recent corporate scandals triggered strong criticism of the exorbitant
cost of unethical behavior to the public and to the business community as a whole (Dyck
et al., 2010). The public loss has sparked federal regulations, like the Sarbanes–Oxley
Act of 2002 (SOX) and XBRL mandate (Dhole et al., 2015), to enforce executive nancial
accountability and allow for comparison of nancial statements across companies and
industries. SOX and the XBRL force organizations to establish internal controls and
proper documentation to ensure the integrity and accuracy of nancial data (Li et al.,
2012). Major vendors of enterprise systems, like SAP and Oracle, have incorporated
guidelines for internal controls into their design, attesting that built-in controls fully
comply with federal requirements regarding data accessibility, validation of data entry
and processing and storage of nancial records (Morris, 2011).
IS controls are believed to equip organizations with the rst line of defense to restrict
unethical behavior (Morris, 2011), increasing the level of transparency and setting
gatekeepers on the information and processes (Burns and Vaivo, 2001) to maintain the
integrity of data and ensure the accuracy of nancial reporting (Hsu et al., 2006). Despite
the attested rigor of IS controls (Morris, 2011), reported unethical behavior continues on
the rise (PWC Report on Global Economic Crime, 2014), raising concerns on the viability
of IS controls in restricting unethical behavior. It is not apparent if organizations are
failing to properly congure IS controls or that technology by itself is insufcient to
prevent unethical behavior. Studies assert that the long-term effect of conguration
choices on accounting management control are unpredictable (Grabski et al., 2011), and
that leadership and ethical values are more important in dening the ethical
environment of an organization than a set of controls embedded within systems (Ali
et al., 2009).
The success of IS controls in preventing unethical behavior is affected by an
interplay of organizational context (Kallinikos, 2002;Granlund and Malmi, 2002), the
human actors (Beaubien, 2013) and the technology design (Li et al., 2012). Organizational
culture, dened in the explicit code of conduct that leaders pass down to employees
(Daft, 1992;Laczniak et al., 1995), have a higher explanatory power as to why fraudulent
activities continue to rise within organizations (Wood, 1995) than the adoption of IS
controls and how they are congured. Leadership denes the cultural values for the
whole organization (Nwachukwu and Vitell, 1997,Treviño et al., 2003). They set the tone
at the top that guides the daily behavior of individual members. Top management also
appoints the information technology (IT) governance that denes and oversees the
implementation of the IT strategy and ensures that the adopted technology is
congured to support the ethical values upheld by top management (Zarvic et al., 2012).

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT