From Manual Controls to Autonomous Governance in Enterprise Platforms
DOI:
https://doi.org/10.15662/IJRAI.2023.0604008Keywords:
Autonomous Governance, Governance Automation, Enterprise Platforms, Compliance as Code, Policy Enforcement, Continuous ComplianceAbstract
Enterprise platforms are developing at a rapid rate and they are currently supporting business critical functions. Conventional governance packages are based on manual audit, fixed checklists and periodic checks. These means are not fast and are not able to compete with the speed of modern delivery. In this paper, we investigate a change of manual controls to autonomous governance, or automated and constant controls, evidence collection and policy enforcement. In a quantitative study, the researcher quantifies the maturity of governance via a Governance Automation Index (GAI) and assesses such results as the reduction of manual efforts, readiness to audit, and operational stability. Findings indicate that high governance automation platforms had a high degree of reduction in repetitive manual work (87%), decreased audit set up time (18 days to 2 days), and enhanced evidence rates (98%). The findings of the audits were also reduced to below one problem per audit on average. The results show that the integration of governance in the workflow of the platform enhances efficiency, reliability, and audit suitability without introducing latency in deliveries. Self-governance facilitates sustained compliance as well as scale innovation.
References
[1] Papazafeiropoulou, A., & Spanaki, K. (2015). Understanding governance, risk and compliance information systems (GRC IS): The experts view. Information Systems Frontiers, 18(6), 1251–1263. https://doi.org/10.1007/s10796-015-9572-3
[2] Plant, O. H., Van Hillegersberg, J., & Aldea, A. (2022). Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment. International Journal of Accounting Information Systems, 45, 100560. https://doi.org/10.1016/j.accinf.2022.100560
[3] Brandis, K., Dzombeta, S., Colomo-Palacios, R., & Stantchev, V. (2019). Governance, risk, and compliance in cloud scenarios. Applied Sciences, 9(2), 320. https://doi.org/10.3390/app9020320
[4] Rahmouni, H. B., Munir, K., Odeh, M., & McClatchey, R. (2012). Risk-Driven compliant access controls for clouds. arXiv (Cornell University). https://doi.org/10.48550/arxiv.1202.5482
[5] Chiu, V., Liu, Q., & Vasarhelyi, M. A. (2014). The development and intellectual structure of continuous auditing research✩. Journal of Accounting Literature, 33(1–2), 37–57. https://doi.org/10.1016/j.acclit.2014.08.001
[6] Minkkinen, M., Laine, J., & Mäntymäki, M. (2022). Continuous Auditing of Artificial Intelligence: a Conceptualization and Assessment of Tools and Frameworks. Digital Society, 1(3). https://doi.org/10.1007/s44206-022-00022-2
[7] Amor, R., & Dimyadi, J. (2020). The promise of automated compliance checking. Developments in the Built Environment, 5, 100039. https://doi.org/10.1016/j.dibe.2020.100039
[8] Henriques, J., Caldeira, F., Cruz, T., & Simões, P. (2022). An automated closed-loop framework to enforce security policies from anomaly detection. Computers & Security, 123, 102949. https://doi.org/10.1016/j.cose.2022.102949
[9] Reddy, M. & Osmania University. (2018). The influence of automated compliance tools on cloud governance efficiency. In International Journal of Scientific Research & Engineering Trends (Vol. 4, Issue 3, pp. 1–2) [Journal-article]. https://ijsret.com/wp-content/uploads/IJSRET_V4_issue3_274.pdf
[10] Holderer, J. (2022). Why the Automation of Regulation Can Obstruct Business Processes. In Why the Automation of Regulation Can Obstruct Business Processes (pp. 1–30). https://doi.org/10.1007/978-3-658-38154-7_1
[11] Schneider, J., Abraham, R., Meske, C., & Brocke, J. V. (2022). Artificial Intelligence governance for businesses. Information Systems Management, 40(3), 229–249. https://doi.org/10.1080/10580530.2022.2085825
[12] Schneider, J., Abraham, R., Meske, C., & Brocke, J. V. (2020). Artificial Intelligence governance for businesses. arXiv (Cornell University). https://doi.org/10.48550/arxiv.2011.10672
[13] Kampik, T., Mansour, A., Boissier, O., Kirrane, S., Padget, J., Payne, T. R., Singh, M. P., Tamma, V., & Zimmermann, A. (2022). Governance of Autonomous agents on the Web: Challenges and opportunities. ACM Transactions on Internet Technology, 22(4), 1–31. https://doi.org/10.1145/3507910
[14] Chan, R. (2022, January 30). A novel framework for ethical AI governance in autonomous systems. https://meridianjournal.in/index.php/IMJ/article/view/102
[15] Kurshan, E., Shen, H., & Chen, J. (2020). Towards Self-Regulating AI: Challenges and Opportunities of AI model governance in Financial Services. RePEc: Research Papers in Economics. https://doi.org/10.48550/arxiv.2010.04827
[16] OLuna, A. J., Kruchten, P., EPedrosa, M. L. D., Neto, H. R. A., & Moura, H. P. M. (2014). State of the Art of Agile Governance: A Systematic review. International Journal of Computer Science and Information Technology, 6(5), 121–141. https://doi.org/10.5121/ijcsit.2014.6510
