IT Governance, Risk & Compliance Management
The current discussion on operational application architecture is characterized by a paradigm shift in science and practice. Modern concepts should allow the flexible composition of independent software features (services) to create application systems. The applications should not be available in companies as a complete system, as it was before. Instead, the necessary services should be bought on- demand online and configurated individually. The aim is to build an IT-infrastructure aligned with the business processes adapting to modified requirements in the business environment. The decomposition of systems into business-orientated and re-usable service with standardized interfaces should enable a loose connection of software resources along business processes. The developers are looking for a previously unreachable interaction of the IT-supported main competencies among the involved companies.
Despite our excitement, we should keep in mind that also in the context of new management and system architecture concepts, the individual software product isn’t the key, but a long-term strategic realignment of the company-wide IT. This should be critically evaluated in the context of use and risk assessment. Therefore, research in the field of “IT Governance, Risk & Compliance Management” is focusing on the interactions between business- and IT-strategies, structures for the description of company architectures, and methods for the description of information system architectures. Moreover, we are evaluating the quality, security, and risk of innovative products, services and information technologies. This is covering applications in the fields of digitalization, Industry 4.0, and Smart Services. A main focus is the relation between the involved corporations and thus on the cross-company integration and synchronization of business processes for global value-added networks.