Movatterモバイル変換

Compliance is often achieved ‘by design’ through a coherent system of controls consisting of information systems and procedures. This system-based control requires a new approach to auditing in which companies must demonstrate to the regulator that they are ‘in control’. They must determine the relevance of a regulation for their business, justify which set of control measures they have taken to comply with it, and demonstrate that the control measures are operationally effective. In this paper we show how value-based argumentation (...) theory can be applied to the compliance domain. Corporate values motivate the selection of control measures (actions) which aim to fulfil control objectives, i.e. adopted norms (goals). In particular, we show how to formalize the audit dialogue in which companies justify their compliance decisions to regulators using value-based argumentation. The approach is illustrated by a case study of the safety and security measures adopted in the context of EU customs regulation. (shrink)

Direct download(3 more)   Export citation   Bookmark   4 citations  

In this paper, we consider the meaning, roles, and uses of trust in the economic and public domain, focusing on the task of designing systems for trust in information technology. We analyze this task by means of a survey of what trust means in the economic and public domain, using the model proposed by Lewicki and Bunker, and using the emerging paradigm of value-sensitive design. We explore the difficulties developers face when designing information technology for trust and show how our (...) analysis in conjunction with existing engineering design methods provides means to address these difficulties. Our main case concerns a concrete problem in the economic domain, namely the transfer of control from customs agencies to companies. Control of individual items is increasingly untenable and is replaced by control on the level of companies aimed at determining whether companies can be trusted to be in control of their business and to be in compliance with applicable regulations. This transfer sets the task for companies to establish this trust by means of information technology systems. We argue that this trust can be achieved by taking into account philosophical analyses of trust and by including both parties in the trust relationship as clients for whom the information technology systems are to be designed. (shrink)

Direct download(7 more)   Export citation   Bookmark   3 citations  

In this paper, we consider the meaning, roles, and uses of trust in the economic and public domain, focusing on the task of designing systems for trust in information technology. We analyze this task by means of a survey of what trust means in the economic and public domain, using the model proposed by Lewicki and Bunker, and using the emerging paradigm of value-sensitive design. We explore the difficulties developers face when designing information technology for trust and show how our (...) analysis in conjunction with existing engineering design methods provides means to address these difficulties. Our main case concerns a concrete problem in the economic domain, namely the transfer of control from customs agencies to companies. Control of individual items is increasingly untenable and is replaced by control on the level of companies aimed at determining whether companies can be trusted to be in control of their business and to be in compliance with applicable regulations. This transfer sets the task for companies to establish this trust by means of information technology systems. We argue that this trust can be achieved by taking into account philosophical analyses of trust and by including both parties in the trust relationship as clients for whom the information technology systems are to be designed. (shrink)

Direct download(3 more)   Export citation   Bookmark   3 citations  

Designing security measures often involves trade-offs between various types of objectives. Multiple stakeholders may have conflicting demands and may have different ideas on how to resolve the resulting design conflicts. This paper reports on an application of value-sensitive design. Based on argumentation theory and social values, the paper develops a structured approach for discussing design conflicts, called value-based argumentation. The application domain examined in the paper is concerned with physical safety and security issues that arise in cross-border shipments. We first (...) identify the kinds of dialogues that take place in this domain, in particular, audit dialogues to determine whether security measures comply with regulations. Based on argumentation theory we develop a formal language and a diagramming approach intended to facilitate parties in identifying, discussing and reaching agreement about security risks and corresponding mitigation measures. Trade-offs can be dealt with by making underlying values explicit. Using a stylized example, the approach was successfully taught to practitioners working with EU customs regulations. Practitioners generally found the approach helpful, in particular to bring out implicit underlying motivations. We conclude by discussing how our approach can be generalized to other kinds of dialogues involving design conflicts. (shrink)

Direct download(3 more)   Export citation   Bookmark