Anthony Vance

My research interests center in IT assurance and security. These interests were strongly informed by my work experience as an IT security auditor for Deloitte, and have developed into three research streams. Below are summaries for each stream and articles published or in progress.

Trust in IS is one form of information assurance, in which a person willingly becomes vulnerable to a risk because of certain safeguards. IT has great potential to act as a safeguard for trust; however, this potential has only begun to be explored in IS research.

My dissertation, entitled New Applications for Trust in Information Systems, is comprised of three studies (denoted with ‡ below) that examine new ways in which IS can foster trust in business transactions.

Published Research:

1. ‡"Examining Trust in Information Technology Artifacts: The Effects of System Quality and Culture", Anthony Vance, Christophe Elie-dit-Cosaque, and Detmar Straub in Journal of Management Information Systems, Vol. 24(4), 2008, pp. 73-100.
2. "Explaining and Predicting the Impact of Branding Alliances and Web Site Quality on Initial Consumer Trust of E-Commerce Web Sites", Paul Lowry, Anthony Vance, Greg Moody, Bryan Beckman, and Aaron Read in Journal of Management Information Systems, Vol. 24(4), 2008, pp. 201-227.

Papers Under Review:

1. ‡"Is your Website Credible? How Source Credibility Affects Consumer Trust in E-Commerce Websites", Anthony Vance, Paul Lowry, Greg Moody, Taylor Wells, and Bryan Beckman. Submitted to MIS Quarterly, April 2008.

Working Papers:

1. ‡"Verifiable Trust: Using IT-based Accountability to Manage the Boundaries Between Trust and Formal Controls", Anthony Vance and Arun Rai. Targeted to MISQ special issue "Novel Perspectives on Trust in Information Systems".
2. "How Deception and Anonymity Affect Trust in Information Sharing Systems", Robert Sainsbury and Anthony Vance. Targeted to MISQ special issue "Novel Perspectives on Trust in Information Systems".
3. "The Comparative Effects of Privacy Seals, Privacy Assurance Statements, and Brand Alliances on Consumer Trust in E-Commmerce Sites", Greg Moody, Paul Lowry, and Anthony Vance.

IT security consists of a technical component and a managerial component. The technical component (including for example encryption algorithms and network firewalls) has received much research attention. However, the managerial component (including for example the implementation and oversight of IT security practices) remains largely unexamined.

The papers below examine what factors affect employees’ willingness to comply with IT security policies.

Papers Under Review:

1. "Overcoming IS Security Policy Violations: Shifting the Focus from Deterrence to Neutralization", Mikko Siponen and Anthony Vance. Submitted to MISQ special issue "Information Systems Security in a Digital Economy", July 2008.

Working Papers:

1. "A Model of Corporate Software Piracy", Mikko Siponen, Anthony Vance, and Robert Willison.

Internal control is ensuring that management objectives are achieved. In the case of IT, internal control means that IT is designed, tested, and monitored to ensure that its use meets management objectives. Effective IT security requires internal control.

Published Research:

1. "Extending and Using Graphical Representations of Business Processes in Evaluating Internal Control," Faye Borthick and Anthony Vance in American Accounting Association Annual Meeting, 2008.
2. "Preparing Graphical Representations of Business Processes and Making Inferences from Them," Faye Borthick and Anthony Vance in American Accounting Association Annual Meeting, 2007.
3. "Modeling Sarbanes-Oxley Compliance as a Knowledge-intensive Process," Anthony Vance in 40th Annual Hawai'i International Conference on System Sciences, 2007.

Working Papers:

1. "Verifiable Trust: Using IT-based Accountability to Manage the Boundaries Between Trust and Formal Controls"‡, Anthony Vance and Arun Rai. Targeted to MISQ special issue "Novel Perspectives on Trust in Information Systems".