University Alliances (UA) Research spotlights researcher, Manuel Wiesche from Technische Universität München (TUM).

The goal of this series is consistent with the goal of the UA Spotlight Series, to exchange insights with UA professors, students, researchers and others linked to universities from around the world. Here we focus on researchers and their experiences.

---

Tell us a bit about yourself.
I am currently located in Munich and attend Technische Universität München, Garching. We are trying to introduce the complex idea of GRC ("Governance, Risk and Compliance") within an undergrad course in the first semester. Therefore, we are planning to have 200 students work with one GRC system.

Share a bit about your SAP and UA Research background. How long have you been studying SAP-related topics?
I have been studying SAP related topics since 2007 when I did an internship in SAP Consulting. During this time I participated in a project called business process excellence.

In 2008 I did a diploma thesis called “SAP Consulting: Die BPM-Methodology der SAP – Bewertung und Weiterentwicklung der Methode anhand einer Fallstudie.”

Starting in 2009 I have been part of the SAP Center for Very Large Business Applications which relates to the University Alliances Research. More specifically I am working on IT Risk Management and IT-enabled Management Control Systems.

Tell us about your current research projects. What projects are you working on? What do you hope or expect to find out through your research projects?
The project I am currently working on is Proof of Concept (“PoC”)  Integration SAP BusinessObjects Process Control and Risk Management using five exemplary controls.

After customizing the newest version on our University Competence Center systems, we implemented five semi-automated controls within SAP GRC Process Control. These controls use data from our exemplary IDES AG and report on inconclusive incidents within the purchasing department.

We are now fully capable of simulating the integrated economic perspective within the business processes of the SAP GRC Process Control. We are working on combining these controls with dedicated risks within SAP GRC Risk Management (RM). Our goal is to demonstrate automatic control assurance within SAP GRC RM.

In addition to the GRC PoC, we are researching the tension between "exploitative" and "exploratory" management activities as a central issue in management research.

Though management controls are a prime example for exploitative management activities, researchers have recently suggested an exploratory role for management controls; little is known about the means to reconcile this tension in management control systems.

We investigate information systems for governance, risk management, and compliance (GRC IS) as a recent initiative by practitioners to provide the means to balance exploitative and exploratory management control activities.

Since the role of information systems in supporting management control activities is a topic studied in multiple literatures drawing from different theoretical backgrounds, we adopt a grounded theory approach for our study. Our analysis shows that GRC IS serves as a catalyst for establishing integrated management control systems that enables managers to simultaneously "exploit" and "explore" richer data about performance deviations and emergent chances or risks.

We suggest a model for management control activities that structures the catalyzing effects and discuss the theoretical implications of simultaneously exploratory and exploitative management control activities. We provide a unifying lens on previously separate literature on the role of information systems in supporting management control activities. We expect to find theoretical motivation for implementing IT-enabled management control systems and reveal the catalyzing function of IT in the context of management controls.

Hence, we provide reasoning for implementing GRC IS beyond compliance. We hope to provide additional motivation for implementing IT-enabled management control systems such as GRC IS and provide a framework for introducing GRC IS within organizations.

What do you like most about the University Alliances Community on the new Jive platform? How does this help/improve your SAP knowledge?
I particularly like the networking opportunities offered by the SAP University Alliances Community. New contacts with topic experts, various forms of feedback, and ongoing discussion of our topics guarantee relevance and practical implications.