The effect of compliance knowledge and compliance support systems on information security compliance behavior
Journal of Knowledge Management
Published online on August 02, 2017
Abstract
Journal of Knowledge Management, Volume 21, Issue 4, Page 986-1010, July 2017.
Purpose The purpose of this paper is to understand from the knowledge management perspective how the mechanism of different voluntary compliance behaviors works and how information technology is used for compliance management in corporate settings where privacy and security issues are getting critical due to the advancement of big data and artificial intelligence. Design/methodology/approach In this study, the authors propose a structural model based on the theory of planned behavior and the IT relatedness theory that behavioral belief about compliance and social pressure affect compliance knowledge and compliance intention, and compliance knowledge partially mediates the impact of both independent variables on compliance intention. The authors surveyed with a structured questionnaire 975 employees of a major Korean energy company, S-OIL, which deploys a compliance support system. The respondents are classified into two groups: an Active IT Utilization Group and a Passive IT Utilization Group. Findings The results of our empirical examination show that compliance intention belief and social pressure influence compliance intention, and further, that compliance behavior is mediated by compliance knowledge – in both the active IT utilization group and the passive IT utilization group. However, the significance of each path coefficient, R square and the mediation effect in Model 1 (passive IT utilization group) are obviously a poor contrast to Model 2 (active IT utilization group). Also, the path from behavioral belief to compliance knowledge and social pressure to compliance knowledge show a significant moderating effect of IT utilization level. Originality/value This paper aims to promote more effective voluntary compliance behavior by increasing the understanding of the impact differences of the preceding factors, and the ways in which those are related to the knowledge management practice in terms of both knowledge itself and its support systems, i.e. compliance support system.
Purpose The purpose of this paper is to understand from the knowledge management perspective how the mechanism of different voluntary compliance behaviors works and how information technology is used for compliance management in corporate settings where privacy and security issues are getting critical due to the advancement of big data and artificial intelligence. Design/methodology/approach In this study, the authors propose a structural model based on the theory of planned behavior and the IT relatedness theory that behavioral belief about compliance and social pressure affect compliance knowledge and compliance intention, and compliance knowledge partially mediates the impact of both independent variables on compliance intention. The authors surveyed with a structured questionnaire 975 employees of a major Korean energy company, S-OIL, which deploys a compliance support system. The respondents are classified into two groups: an Active IT Utilization Group and a Passive IT Utilization Group. Findings The results of our empirical examination show that compliance intention belief and social pressure influence compliance intention, and further, that compliance behavior is mediated by compliance knowledge – in both the active IT utilization group and the passive IT utilization group. However, the significance of each path coefficient, R square and the mediation effect in Model 1 (passive IT utilization group) are obviously a poor contrast to Model 2 (active IT utilization group). Also, the path from behavioral belief to compliance knowledge and social pressure to compliance knowledge show a significant moderating effect of IT utilization level. Originality/value This paper aims to promote more effective voluntary compliance behavior by increasing the understanding of the impact differences of the preceding factors, and the ways in which those are related to the knowledge management practice in terms of both knowledge itself and its support systems, i.e. compliance support system.