[1] D. Nordberg, “News and Corporate Governance: What Dow Jones and Reuters Teach Us About Stewardship,” Journalism, vol. 8, no. 6, pp. 718–735, Dec. 2007.
[2] M. Spremić, Z. Zmirak, and K. Kraljevic, “IT and Business Process Performance Management: Case Study of ITIL Implementation in Finance Service Industry,” in Proceedings of the ITI 2008 30th Int. Conf. on Information Technology Interfaces, 2008, pp. 243–250.
[3] R. Hampel, “Committee on Corporate Governance,” London, 1998.
[4] F. J. De Graaf and H. Velthuijsen, “Network Governance for Dealing with IT-enabled Interorganizational Cooperation,” Groningen, The Netherlands, 2011.
[5] M. Spremić, “IT Governance Mechanisms in Managing IT Business Value,” Corp. Gov., vol. 6, no. 6, pp. 906–915, 2009.
[6] P. Barnes, “The Origins of Limited Liability in Great Britain, the First ‘Panic’, and their Implications for Limited Liability and Corporate Governance Today,” Comput. Inf. Sci., no. 44, pp. 1–25, 2003.
[7] T. Dimopoulos and H. F. Wagner, “Corporate Governance and CEO Turnover Decisions,” SSRN Electron. J., 2012.
[8] E. Humphreys, “Information security management standards: Compliance, governance and risk management,” Inf. Secur. Tech. Rep., vol. 13, no. 4, pp. 247–255, Nov. 2008.
[9] J. C. J. Coffee, “Understanding Enron: It’s About the Gatekeepers, Stupid,” New York, Working Paper No. 207, 2002.
[10] S. Saetang and A. Haider, “Conceptual Aspects of IT Governance in Enterprise Environment,” in Proceedings of the 49th SIGMIS annual conference on Computer personnel research - SIGMIS-CPR ’11, 2011, p. 79.
[11] L. A. Bebchuk and M. S. Weisbach, “The State of Corporate Governance Research,” Business, pp. 1–39, 2009.
[12] K. Weber, B. Otto, and H. Osterle, “One Size Does Not Fit All — A Contingency Approach to Data Governance,” ACM J. Data Inf. Qual., vol. 1, no. 1, p. 4:1-4:27, 2009.
[13] M. Simonsson, R. Lagerström, and P. Johnson, “A Bayesian Network for IT Governance Performance Prediction,” in Proceedings of the 10th international conference on Electronic commerce ICEC 08, 2008, p. 1.
[14] A. Agrawal and S. Chadha, “Corporate Governance and Accounting Scandals,” J. Law Econ., vol. 48, no. 2, pp. 371–406, Oct. 2005.
[15] G. and M. L. Weil, “Comparative Study Of Corporate Governance Codes Relevant to the European Union And Its Member States,” 2002.
[16] B. E. Hermalin and M. S. Weisbach, “Information Disclosure and Corporate Governance,” J. Finance, vol. 67, no. 217, pp. 195–233, 2008.
[17] L. A. Cunningham, “The Sarbanes-Oxley Yawn: Heavy Rhetoric, Light Reform (And It Might Just Work),” Soc. Sci. Res., vol. XLVI, no. 617, pp. 51–98, 2002.
[18] B. Duncan, Y. Zhao, and M. Whittington, “Corporate Governance, Risk Appetite and Cloud Security Risk: A Little Known Paradox. How Do We Square the Circle?,” in Cloud Computing 2017: The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, 2017, pp. 1–6.
[19] D. Miller and I. Le Breton-Miller, “Family Governance and Firm Performance: Agency, Stewardship, and Capabilities,” Fam. Bus. Rev., vol. 19, no. 1, pp. 73–87, Mar. 2006.
[20] A. Calder, “It Governance: The Way Ahead,” in Governance An International Journal Of Policy And Administration, 2009, no. May, pp. 1–16.
[21] F. R. Council, “The Combined Code on Corporate Governance,” London, Jan. 2006.
[22] D. K. Denis and J. J. McConnell, “International corporate governance,” West Lafayette, IN, Finance Working Paper N°. 05/2003, Mar. 2003.
[23] J. D. Piotroski and S. Srinivasan, “Corporate Governance,” Rock Cent. Corp. Gov., vol. 69, no. 1, pp. 1–35, 2008.
[24] R. Winter and J. Schelp, “Enterprise Architecture Governance: The Need for a Business-to-IT Approach,” Proc. 2008 ACM Symp. Appl. Comput. - SAC ’08, vol. 23, no. 1, p. 548, 2008.
[25] A. Raup-Kounovsky, D. S. Canestraro, T. A. Pardo, and J. Hrdinová, “IT Governance to Fit Your Context: Two U. S. Case Studies,” Technology, pp. 211–215, 2010.
[26] S. De Haes, W. Van Grembergen, and R. S. Debreceny, “COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities.,” J. Inf. Syst., vol. 27, no. 1, pp. 307–324, 2013.
[27] A. Gill, “Corporate Governance as Social Responsibility: A Research Agenda,” Berkeley J. Int’l L., vol. 26, no. 2, pp. 452–478, 2008.
[28] K. Raghavan, “A survey of corporate governance and overlapping regulations in banking,” Int. J. Discl. Gov., vol. 4, no. 412, pp. 181–194, Aug. 2007.
[29] M. J. Jones, “Internal control, accountability and corporate governance,” Accounting, Audit. Account. J., vol. 21, no. 7, pp. 1052–1075, 2008.
[30] A. Holzinger, “Information Security Management and Assurance: A Call to Action for Corporate Governance,” Inf. Syst. Secur., pp. 37–41, 2000.
[31] A. Baldwin, Y. Beres, and S. Shiu, “Using assurance models to aid the risk and governance life cycle,” BT Technol. J., vol. 25, no. 1, pp. 128–140, Jan. 2007.
[32] J. A. Hall and S. L. Liedtka, “The Sarbanes-Oxley Act: Implications for Large-Scale IT Outsourcing,” Commun. ACM, vol. 50, no. 3, pp. 95–100, 2007.
[33] O. Rebollo, D. Mellado, E. Fernández-Medina, and H. Mouratidis, “Empirical evaluation of a cloud computing information security governance framework,” Inf. Softw. Technol., vol. 58, pp. 44–57, 2015.
[34] S. Turnbull, “How US and UK Auditing Practices Became Muddled to Muddle Corporate Governance Principles,” 2005.
[35] S. Arjoon, “Corporate Governance: An Ethical Perspective,” J. Bus. Ethics, vol. 61, no. 4, pp. 343–352, Nov. 2012.
[36] W. “RP” Raghupathi, “Corporate Governance of IT: A Framework for Development,” Commun. ACM, vol. 50, no. 8, pp. 94–99, 2007.
[37] F. R. Council, “The Combined Code on Corporate Governance,” London, 2006.
[38] S. S. Dawes, “Governance in the Information Age: A Research Framework for an Uncertain Future,” in Europe, 2008, pp. 290–297.
[39] J. Harford, S. A. Mansi, and W. F. Maxwell, “Corporate governance and firm cash holdings in the US,” J. financ. econ., vol. 87, no. 3, pp. 535–555, 2008.
[40] M. Kahan and E. B. Rock, “Hedge funds in corporate governance and corporate control,” Med. Hist., vol. 14, no. 3, p. 319, 1970.
[41] T. G. J. Schepers, M. E. Iacob, and P. A. T. Van Eck, “A Lifecycle Approach to SOA Governance,” in Proceedings of the 2008 ACM symposium on Applied computing - SAC ’08, 2008, p. 1055.
[42] K. Cresswell, A. Worth, and A. Sheikh, “Implementing and adopting electronic health record systems: How actor-network theory can support evaluation,” Clin. Gov. An Int. J., vol. 16, no. 4, pp. 320–336, 2011.
[43] IT Governance Institute, Cobit 4.1. 2010.
[44] S. N. Foley, “Security Risk Management Using Internal Controls,” Proc. first ACM Work. Inf. Secur. Gov. - WISG ’09, p. 59, 2009.
[45] R. R. Dolphin, “Corporate reputation – a value creating strategy,” Corp. Gov., vol. 4, no. 3, pp. 77–92, 2004.
[46] J. R. Cohen, C. Hayes, G. Krishnamoorthy, G. S. Monroe, and A. M. Wright, “The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors,” Behav. Res. Account., vol. 25, no. 1, pp. 61–87, 2013.
[47] F. Griffiths, “Stewardship as Concept and Practice in an Arctic Context,” in Cyberdialogue2012, 2012, pp. 1–13.
[48] Isaca, “An Introduction to the Business Model for Information Security,” 2009.
[49] R. Ball, “Market and Political/Regulatory Perspectives on the Recent Accounting Scandals,” J. Account. Res., vol. 47, no. 2, pp. 277–323, 2009.
[50] A. Joha and M. Janssen, “Types of Shared Services Business Models in Public Administration,” in The Proceedings of the 12th Annual International Conference on Digital Government Research, 2011, pp. 26–35.
[51] C. Stanforth, “Using Actor-Network Theory to Implementation in Developing Countries,” Inf. Technol. Int. Dev., vol. 3, no. 3, pp. 35–60, 2006.
[52] L. Loh and N. Venkatraman, “Determinants of Information Technology Outsourcing:  A Cross-Sectional Analysis.,” J. Manag. Inf. Syst., vol. 9, no. 1, pp. 7–24, 1992.
[53] G. J. Staubus, “Ethics Failures in Corporate Financial Reporting,” J. Bus. Ethics, vol. 57, no. 1, pp. 5–15, Mar. 2005.
[54] M. Mueller, “Stewardship and the Management of Internet Protocol Addresses,” in Cyberdialogue2012, 2012, pp. 1–8.
[55] R. Gomes and J. Ribeiro, “The Main Benefits of COBIT in a High Public Educational Institution - A Case Study,” in Pacific Asia Conference on Information Systems (PACIS) PACIS 2009 Proceedings, 2009, pp. 1–12.
[56] S. Sunder, “Regulatory competition among accounting standards within and across international boundaries,” J. Account. Public Policy, vol. 21, no. 3, pp. 219–234, 2002.
[57] M. C. Jensen, K. J. Murphy, and E. G. Wruck, “Remuneration: Where We’ve Been, How We Got to Here, What are the Problems, and How to Fix Them,” Harvard Bus. Sch. NOM Res. Pap. Work. Pap. Ser. Financ., vol. 4, no. 28, pp. 1–105, 2004.
[58] M. Low, H. Davey, and K. Hooper, “Accounting scandals, ethical dilemmas and educational challenges,” Crit. Perspect. Account., vol. 19, no. 2, pp. 222–254, Feb. 2008.
[59] F. R. Council, “2007 Review of the Combined Code: Consultation on Proposed Changes to the Code,” London, 2007.
[60] L. Zingales, “The Costs and Benefits of Financial Market Regulation,” Chicago, 21/2004, 2004.
[61] A. Ojo, T. Janowski, and E. Estevez, “Semantic Interoperability Architecture for Electronic Government,” Electron. Gov., no. Section 2, pp. 63–72, 2009.
[62] A. Cox, “How Can Internal Audit Report Effectively to Its Stakeholders?,” Q Finance Newsletter, 2011. [Online]. Available: http://www.financepractitioner.com/auditing-best-practice/how-can-internal-audit-report-effectively-to-its-stakeholders?page=1.
[63] F. R. Council, “2007 Review of the Combined Code: Report on the Main Findings of the Review,” London, 2007.
[64] B. Ascher and Albert A. Foer, “Financial Reform and the Big 4 Audit Firms,” Exch. Organ. Behav. Teach. J., no. 10, pp. 1–11, 2010.
[65] D. Higgs, “Review of the Role and Effectiveness of Non-Executive Directors,” London, 2003.
[66] F. S. Chapin, G. P. Kofinas, and C. Folke, Principles of ecosystem stewardship: Resilience-based natural resource management in a changing world. New York: Springer, 2009.
[67] J. Hulstijn, R. van Wijk, N. de Winne, N. Bharosa, M. Janssen, and Y.-H. Tan, “Public Process Management: a method for introducing Standard Business Reporting,” Proc. 12th Annu. Int. Digit. Gov. Res. Conf. Digit. Gov. Innov. Challenging Times - dg.o ’11, p. 141, 2011.
[68] F. R. Council, “Guidance on Audit Committees,” London, 2008.
[69] J. A. Lewis, “Cyber Dialogue 2012: What is Stewardship in Cyberspace?,” in Cyberdialogue2012, 2012, pp. 1–6.
[70] S. M. O. Connor, “Be Careful What You Wish for: How Accountants and Congress Created the Problem of Auditor Independence,” Bost. Coll. Law Rev., vol. 45, pp. 1–64, 2004.
[71] S. Li, “Corporate Fraud and Costly Monitoring: An Empirical Analysis of a Simultaneous System with Partial Observability,” Exch. Organ. Behav. Teach. J., pp. 1–58, 2005.
[72] L. M. Kaufman, “Data security in the world of cloud computing,” IEEE Secur. Priv., vol. 7, no. 4, pp. 61–64, Jul. 2009.
[73] Trustwave, “Executive summary,” pp. 1–4, 2013.
[74] F. R. Council, “Amendments to Guidance on Audit Committees: Regulatory Impact Assessment,” London, 2008.
[75] Itgi, CoBIT 4.1 Excerpt. 2007.
[76] G. Whiteman, B. Walker, and P. Perego, “Planetary Boundaries: Ecological Foundations for Corporate Sustainability,” J. Manag. Stud., vol. 50, no. 2, pp. 307–336, 2013.
[77] F. R. Council, “The Turnbull Guidance as an evaluation framework for the purposes of Section 404(a) of the Sarbanes-Oxley Act,” London, 2004.
[78] P. Johnson, “Achieving business resilience through integrated systems management,” Ibm, no. September, pp. 1–20, 2009.
[79] D. S. Canestraro, T. A. Pardo, A. N. Raup-Kounovsky, and D. Taratus, “Regional Telecommunication Incident Response: Delivering Public Value Through Increased Trust,” in The Proceedings of the 9th Annual International Digital Government Research Conference - Computers and Society, 2007, pp. 197–206.
[80] H. Susanto, M. N. Almunawar, and Y. C. Tuan, “Information Security Challenge and Breaches: Novelty Approach on Measuring ISO 27001 Readiness Level,” Int. J. Eng. Technol., vol. 2, no. 1, pp. 67–75, 2012.
[81] L. Badger, D. Bernstein, R. Bohn, F. de Vaulx, M. Hogan, M. Iorga, J. Mao, J. Messina, K. Mills, E. Simmon, A. Sokol, J. Tong, F. Whiteside, and D. Leaf, “US Government Cloud Computing Technology Roadmap,” 2014.
[82] W. E. Shafer, “Ethical Climate, Social Responsibility, and Earnings Management,” J. Bus. Ethics, vol. 126, no. 1, pp. 43–60, 2015.
[83] S. Pearson and A. Charlesworth, “Accountability as a way forward for privacy protection in the cloud,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 5931 LNCS, no. December, pp. 131–144, 2009.
[84] D. B. Farber, “Restoring Trust after Fraud: Does Corporate Governance Matter?,” Account. Rev., vol. 80, no. 2, pp. 539–561, 2005.
[85] P. Myners, “Myners Principles for Institutional Investment Decision-Making: Review of Progress,” London, 2004.
[86] M. Dlamini, J. Eloff, and M. Eloff, “Information security: The moving target,” Comput. Secur., vol. 28, no. 3–4, pp. 189–198, May 2009.
[87] S. Ramamoorti, “Internal Auditing: History, Evolution, and Prospects,” Res. Oppor. Intern. Audit., pp. 1–23, 2003.
[88] O.-K. Hope, “Disclosure Practices, Enforcement of Accounting Standards, and Analysts’ Forecast Accuracy: An International Study.,” J. Account. Res., vol. 41, no. 2, pp. 235–272, May 2003.
[89] G. Whittington, “Fair Value and the IASB/FASB Conceptual Framework Project: An Alternative View,” Abacus, vol. 44, no. 2, pp. 139–168, Jun. 2008.
[90] PWC, “UK Information Security Breaches Survey - Technical Report 2012,” London, 2012.
[91] B. Duncan, “FAST-CCS: Finding a Solution to Cloud Cyber Security,” in The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, 2017, pp. 1–3.
[92] B. Duncan and M. Whittington, “Compliance with Standards, Assurance and Audit: Does this Equal Security?,” in Proceedings of the 7th International Conference on Security of Information and Networks, 2014, pp. 77–84.
[93] V. Cuñat, M. Gine, and M. Guadalupe, “The vote is cast: The effect of corporate governance on shareholder value,” J. Finance, vol. 67, no. 5, pp. 1943–1977, 2012.
[94] R. Hibbert, “SMBs and the struggle for compliance,” Computer Fraud & Security, vol. 2012, no. 11, Elsevier Ltd, pp. 5–7, Nov-2012.
[95] ASB, “Stewardship/Accountability as an Objective of Financial Reporting - comment on the IASB/FASB Conceptual Framework Project,” J. financ. econ., no. June, pp. 1–19, 2007.
[96] W. Cellary and S. Strykowski, “E-Government Based on Cloud Computing and Service-Oriented Architecture,” Proc. 3rd Int. Conf. Theory Pract. Electron. Gov. - ICEGOV ’09, vol. 6, no. 3, p. 5, 2009.
[97] S. Ang and D. Straub, “Production and Transaction Economies and IS Outsourcing: A Study of the US Banking Industry.,” MIS Q., vol. 22, no. December, pp. 535–552, 1998.
[98] I. Linkov, D. A. Eisenberg, M. E. Bates, D. Chang, M. Convertino, J. H. Allen, S. E. Flynn, and T. P. Seager, “Measurable resilience for actionable policy,” Environ. Sci. Technol., vol. 47, no. 18, pp. 10108–10110, 2013.
[99] Y. Beres, A. Baldwin, and S. Shiu, “Model-Based Assurance of Security Controls,” HP Labs, pp. 1–7, 2008.
[100] T. Robinson, “Data Security in the Age of Compliance,” Networker, vol. 9, pp. 25–30, 2005.
[101] R. Thomas, “Freedom of Information and Privacy - The Regulatory Role of the Information Commissioner,” Occas. Lect. 21 CRI, pp. 1–30, 2008.
[102] C. Kavanagh and M. Carrieri, “Cyber Dialogue 2012 Briefs: Whither ‘Rules of the Road’ for Cyberspace?,” in Cyberdialogue2012, 2012, pp. 1–18.
[103] F. R. Council, “Amendments to Guidance on Audit Committees: Summary of Consultation Responses,” London, 2008.
[104] P. Iliev, K. V. Lins, D. P. Miller, and L. Roth, “Shareholder Voting and Corporate Governance Around the World,” Rev. Financ. Stud., vol. 28, no. 8, pp. 2167–2202, 2015.
[105] A. Rosenthal, P. Mork, M. H. Li, J. Stanford, D. Koester, and P. Reynolds, “Cloud computing: A new business paradigm for biomedical information sharing,” J. Biomed. Inform., vol. 43, no. 2, pp. 342–353, Apr. 2010.
[106] S. A. Morris and B. R. Bartkus, “Look Who’s Talking: Corporate Philanthropy and Firm Disclosure,” Int. J. Bus. Soc. Res., vol. 5, no. 1, pp. 1–14, 2015.
[107] S. Littlechild, “Regulation, Over-Regulation and Deregulation,” Occas. Lect. 22 CRI, pp. 1–59, 2008.
[108] H. Aldous, C. Castles, R. Clark, P. Dudley, P. Fletcher, S. C. Foster, P. Geroski, J. Gray, D. Hough, C. Howes, T. Jackson, M. Minogue, T. Prosser, C. Radaelli, T. Rayner, G. Shuttleworth, D. Starkie, P. Strickland, R. Turvey, and P. Vass, “Regulatory review 2004/2005,” Regul. Rev. CRI, pp. 1–369, 2005.
[109] R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina, “Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control,” in Proceedings of the 2009 ACM workshop on Cloud computing security, 2009, pp. 85–90.
[110] T. Prior and J. Hagmann, “Measuring resilience: methodological and political challenges of a trend security concept,” J. Risk Res., vol. 17, no. June, pp. 37–41, 2013.
[111] HMG, “Technical Risk Assessment,” 2009.
[112] Verizon, “Verizon2013,” 2013.
[113] R. Starr, J. Newfrock, and M. Delurey, “Enterprise Resilience: Managing Risk in the Networked Economy,” Strateg. Bus., no. 30, pp. 70–79, 2003.
[114] M. Van Rinsum, V. S. Maas, and D. Stolker, “Disclosure Checklists and Bias in Audit Judgments,” Available SSRN 2218408, pp. 1–43, 2013.
[115] K. Elsayed, “Does CEO Duality Really Affect Corporate Performance?,” Corp. Gov., vol. 15, no. 6, pp. 1203–1214, 2007.
[116] M. Meints, “The Relationship between Data Protection Legislation and Information Security Related Standards,” Futur. Identity Inf. Soc., pp. 254–267, 2009.
[117] W. W. Bratton, “Enron, Sarbanes-Oxley and accounting: Rules versus Principles versus Rents,” Soc. Sci. Res., vol. 48, no. 4, pp. 1023–1056, 2003.
[118] L. Donaldson and J. H. Davis, “Stewardship Theory or Agency Theory: CEO Governance and Shareholder Returns,” Aust. J. Manag., vol. 16, no. 1, pp. 49–64, 1991.
[119] D. Andrew, P. Flanagan, and J. Marchant, “The UK Airports Industry Airport Statistics 2007-2008,” Bath, 2008.
[120] O. D. C. Alliance, “Open Data Center Alliance Usage: Regulatory Framework,” pp. 1–25, 2011.
[121] B. Duncan, A. Bratterud, and A. Happe, “Enhancing Cloud Security and Privacy: Time for a New Approach?,” in Intech 2016, 2016, pp. 1–6.
[122] H. Tohidi, “Modelling of business services in service oriented enterprises,” Procedia Comput. Sci., vol. 3, pp. 1147–1156, 2011.
[123] A. Hudic, T. Hecht, M. Tauber, A. Mauthe, and S. C. Elvira, “Towards continuous cloud service assurance for critical infrastructure IT,” in Proceedings - 2014 International Conference on Future Internet of Things and Cloud, FiCloud 2014, 2014, pp. 175–182.
[124] Cabinet Office, “The UK cyber security strategy,” 2016.
[125] G. M. Grossman and E. Helpman, “Integration Versus Outsourcing in Industry Eequilibrium,” Q. J. Econ., no. February, pp. 85–120, 2002.
[126] B. Grobauer, T. Walloschek, and E. Stocker, “Understanding Cloud Computing Vulnerabilities,” IEEE Secur. Priv., vol. 9, no. 2, pp. 50–57, 2011.
[127] V. Chang and M. Ramachandran, “Towards Achieving Data Security with the Cloud Computing Adoption Framework,” vol. 9, no. 1, pp. 138–151, 2016.
[128] Ch. Brearey, “A Study of the Impact of Informational Complexity, Transparency and Stewardship on Decision Usefulness: The Users Perspective,” Int. J. Account. Financ. …, vol. 3, no. 1, pp. 227–258, 2013.
[129] G. M. Brown, “Renewable Natural Resource Management and Use without Markets,” J. Econ. Lit., vol. 38, no. 4, pp. 875–914, 2000.
[130] G. R. Dowling, “The Curious Case of Corporate Tax Avoidance: Is it Socially Irresponsible?,” J. Bus. Ethics, vol. 124, no. 124, pp. 173–184, 2014.
[131] N. Annett, J. Ashcroft, T. Azad, A. Bell, C. Bolt, C. Danner, T. Davis, S. Glaister, L. Golob, R. Green, L. Hancher, C. Jones, J. Liesner, R. Louth, T. McDaniel, D. Newbery, J. Smith, S. Trotter, R. Turvey, P. Vass, T. Walker, and R. Weeden, “Regulatory Review 2002/2003,” Bath, 2003.
[132] H. Gospel and M. Sako, “The unbundling of corporate functions: the evolution of shared services and outsourcing in human resource management,” Ind. Corp. Chang., vol. 19, no. 5, pp. 1367–1396, Mar. 2010.
[133] R. K. L. Ko, B. S. Lee, and S. Pearson, “Towards achieving accountability, auditability and trust in cloud computing,” Commun. Comput. Inf. Sci., vol. 193 CCIS, no. PART 4, pp. 432–444, 2011.
[134] O. Brown, A. Hammill, and R. McLeman, “Climate change as the ‘new’ security threat: Implications for Africa,” Int. Aff., vol. 83, no. 6, pp. 1141–1154, 2007.
[135] N. Papanikolaou, S. Pearson, M. C. Mont, and R. Ko, “A Toolkit for Automating Compliance in Cloud Computing Services,” Int. J. Cloud Comput., vol. x, no. x, pp. 45–68, 2014.
[136] S. Baiman, “Agency Research in Managerial Accounting: A Second Look,” Accounting, Organ. Soc., vol. 15, no. 4, pp. 341–371, 1990.
[137] HP, “Five Myths of Cloud Computing,” Nov. 2011.
[138] J. Rothschild, “Protecting the Digital Consumer : The Limits of Cyberspace Utopianism,” Control, pp. 1–106, 1997.
[139] I. Alexander, I. Bartle, C. Bolt, M. Cave, D. Currie, A. Estache, S. Goodwin, J.-L. Guasch, S. Littlechild, H.-M. Niemeier, P. Ranci, J. Smith, J. Stern, L. Trujillo, and M. Vagliasindi, “The UK Model of Utility Regulation - A 20th Anniversary Collection to mark the ‘Littlechild Report’ Retrospect and Prospect,” Regul. Ind. Br. CRI, pp. 1–246, 2003.
[140] IsecT, “Information Security Frameworks from ‘Audit’ to ‘Zachman,’” 2011.
[141] J. C. . J. . Coffee and A. A. . Berle, “The Future as History: The Prospects for Global Convergence in Corporate Governance and its Implications,” Corp. Gov., vol. 7201, no. 212, pp. 1–141, 1998.
[142] A. Azapagic, “Systems Approach to Corporate Sustainability: A General Management Framework,” Process Saf. Environ. Prot., vol. 81, no. 5, pp. 303–316, 2003.
[143] I. Boulouta, “Hidden Connections: The Link Between Board Gender Diversity and Corporate Social Performance,” J. Bus. Ethics, vol. 113, no. 2, pp. 185–197, 2013.
[144] PWC, “Managing cyber risks in an interconnected world Key findings from The Global State of Information Security® Survey 2015,” 2014.
[145] A. Beltratti and R. M. Stulz, “Why Did Some Banks Perform Better during the Credit Crisis? A Cross-Country Study of the Impact of Governance and Regulation,” Money, vol. Finace Wo, pp. 1–38, 2009.
[146] PWC, “Information Security Breaches Survey 2015,” London, 2015.
[147] O. D. C. Alliance, “Open Data Center Alliance Usage: Provider Security Assurance,” pp. 1–14, 2011.
[148] O. Tene, “Privacy: The New Generations,” Int. Data Priv. Law, vol. 1, no. 1, pp. 15–27, 2011.
[149] K. Bernsmed, W. K. Hon, and C. Millard, “Deploying Medical Sensor Networks in the Cloud – Accountability Obligations from a European Perspective,” in Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, 2014, pp. 898–905.
[150] K. A. Saeed, V. Grover, W. J. Kettinger, and S. Guha, “Organizational Interventions and the Successful Implementation of Customer Relationship Management (CRM) System Projects,” ACM SIGMIS Database, vol. 42, no. 2, p. 9, 2011.
[151] R. Gray, “Thirty years of social accounting, reporting and auditing: what (if anything) have we learnt?,” Bus. Ethics A Eur. Rev., vol. 10, no. 1, pp. 9–15, 1992.
[152] F. R. Council, “Review of the Turnbull Guidance on Internal Control: Evidence Paper,” London, 2005.
[153] A. Baldwin, D. Pym, and S. Shiu, “Enterprise Information Risk Management: Dealing with Cloud Computing,” Abdn.Ac.Uk, pp. 257--291, 2013.
[154] K. Bondy, J. Moon, and D. Matten, “An Institution of Corporate Social Responsibility ( CSR ) in Multi-National Corporations ( MNCs ): Form and Implications,” J. Bus. Ethics, vol. 111, pp. 281–299, 2012.
[155] F. R. Council, “Review of the Implementation of the 2006 Combined Code: Regulatory Impact Assessment,” London, 2008.
[156] K. Lee, “Security Threats in Cloud Computing Environments,” Int. J. Secur. its Appl., vol. 6, no. 4, pp. 25–32, 2012.
[157] S. Pearson, “Privacy and Security for Cloud Computing,” in Privacy and Security for Cloud Computing, e: Springer, 2013, pp. 3–42.
[158] S. Dimitrov and R. Sami, “Composition of Markets with Conflicting Incentives,” Proc. 11th ACM Conf. Electron. Commer. - EC ’10, pp. 53–62, 2010.
[159] S. I. Byatt, “Regulating Publicly Owned Utilities,” Occas. Lect. 20 CRI, pp. 1–21, 2007.
[160] I. J. Dyck, A. Morse, and L. Zingales, “How Pervasive is Corporate Fraud?,” 2013.
[161] R. K. L. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q. Liang, and B. S. Lee, “TrustCloud: A framework for accountability and trust in cloud computing,” Proc. - 2011 IEEE World Congr. Serv. Serv. 2011, pp. 584–588, 2011.
[162] I. Ion, N. Sachdeva, P. Kumaraguru, and S. Čapkun, “Home is Safer than the Cloud! Privacy Concerns for Consumer Cloud Storage,” in Proceedings of the Seventh Symposium on Usable Privacy and Security - SOUPS ’11, 2011, p. 1.
[163] N. Anderson and K. Edwards, “Building a Chain of Trust: Using Policy and Practice to Enhance Trustworthy Clinical Data Discovery and Sharing,” Proc. 2010 Work. Gov. Technol. Inf. Policies - GTIP ’10, pp. 15–20, 2010.
[164] H. Labs, “Building the Foundation for the Virtualized Infrastructure,” 2011.
[165] J. Misra and I. Saha, “A reinforcement model for collaborative security and Its formal analysis,” Proc. 2009 Work. New Secur. Paradig. Work. - NSPW ’09, p. 101, 2009.
[166] S. Hoyer, H. Zakhariya, T. Sandner, and M. H. Breitner, “Fraud Prediction and the Human Factor: An Approach to Include Human Behavior in an Automated Fraud Audit Stefan,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., pp. 2382–2391, 2011.
[167] M. J. Roe, “The Institutions of Governance,” Cambridge MA, Discussion Paper No. 488, 1998.
[168] S. A. Johnson, H. E. Ryan, and Y. S. Tian, “Managerial Incentives and Corporate Fraud: The Sources of Incentives Matter,” Rev. Financ., vol. 13, no. 1, pp. 115–145, 2009.
[169] I. Fraser and J. Pierpoint, “Can we meet the needs? Auditor views on external assurance and management commentary,” Edinburgh, 2011.
[170] E. Ostrom, “Collective action and the evolution of social norms,” J. Nat. Resour. Policy Res., vol. 6, no. 4, pp. 235–252, 2014.
[171] K. Brancik and G. Ghinita, “The Optimization of Situational Awareness for Insider Threat Detection,” in Proceedings of the first ACM conference on Data and application security and privacy - CODASPY ’11, 2011, p. 231.
[172] B. Duncan, M. Whittington, and V. Chang, “Enterprise Security: Why Do We Make It So Difficult?,” in 33rd Euro-Asia Management Studies Association (EAMSA) Annual Conference, 2016, no. October, pp. 1–6.
[173] H. J. Gregory, “US Comparison of Corporate Governance Best Practices,” New York, no. January, pp. 1–124, 2009.
[174] P. Wheldon and S. Webley, “Corporate Ethics Policies and Programmes: 2013 UK and Continental European Survey,” Inst. Bus. Ethics, pp. 1–51, 2013.
[175] S. Creese, P. Hopkins, S. Pearson, and Y. Shen, “Data protection-aware design for cloud services,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 5931 LNCS, no. December, pp. 119–130, 2009.
[176] C. W. L. Hill and T. M. Jones, “Stakeholder-Agency Theory,” J. Manag. Stud., vol. 29, no. 2, pp. 131–154, 1992.
[177] K. Sadgrove, “Risk Management: A Powerful Tool,” in The Complete Guide to Business Risk Management, Gower Publishing Company, 2005, pp. 1–16.
[178] Y. Beres, A. Baldwin, and S. Shiu, “Model-Based Assurance of Security Controls,” Proc. 2007 ACM Work. Qual. Prot. - QoP ’07, p. 55, 2007.
[179] J. A. Bellamy, D. H. Walker, G. T. McDonald, and G. J. Syme, “A systems approach to the evaluation of natural resource management initiatives,” J. Environ. Manage., vol. 63, no. 4, pp. 407–423, Dec. 2001.
[180] T. August, M. F. Niculescu, and H. Shin, “Cloud Computing: Implications on Software Network Structure and Security Risks,” Inf. Syst. Res., vol. 25, no. 3, p. 489, 2014.
[181] M. Leach, R. Mearns, and I. Scoones, “Environmental Entitlements: Dynamics and Institutions in Community-Based Natural Resource Management,” World Dev., vol. 27, no. 2, pp. 225–247, Feb. 1999.
[182] Verizon, “2010 Data Breach Investigation Report: A study conducted by the Verizon RISK Team in cooperation with the United States Secret Service,” 2010.
[183] J. P. Kesan and A. A. Gallo, “Optimizing Regulation of Electronic Commerce,” Illinois Law Econ. Work. Pap. Ser., no. LE02-001, pp. 1–129, 2003.
[184] P. Morrow and A. Johnston, “Commentary on the OECD Principles of Corporate Governance,” Univ. Oslo Fac. Law Res. Pap., no. 2015–9, pp. 1–13, 2015.
[185] R. D. Austin, “Digital Forensics on the Cheap: Teaching Forensics Using Open Source Tools,” Inf. Secur., no. 2006, pp. 1–5, 2007.
[186] C. I. Agency, S. E. Brynjolfsson, B. Kahin, H. Varian, and C. Shapiro, “Which Ip ? Technology Outpacing Governance Cyber , Politics , and Sovereignty,” in Political Science, 2012, pp. 1–10.
[187] L. E. Ribstein, “Market v Regulatory Responses to Corporate Fraud: A Critique of the Sarbanes-Oxley Act of 2002,” J. Corp. Law, vol. 28, p. 1, 2002.
[188] J. Holmström and D. Robey, “Inscribing Organizational Change with Information Technology,” Actor-network theory and organising, no. April, 2005.
[189] D. Miller, I. Le Breton-Miller, and R. H. Lester, “Stewardship or Agency? A Social Embeddedness Reconciliation of Conduct and Performance in Public Family Business,” Organ. Sci., vol. 22, no. 3, pp. 1–41, 2009.
[190] Cabinet Office, “The UK cyber security strategy,” 2016.
[191] K.-H. Lee and R. F. Saen, “Measuring corporate sustainability management: A data envelopment analysis approach,” Int. J. Prod. Econ., vol. 140, no. 1, pp. 219–226, 2012.
[192] A. Ahmad, S. B. Maynard, and S. Park, “Information security strategies: Towards an organizational multi-stage perspective,” J. Intell. Manuf., vol. 25, no. 2, pp. 357–370, 2014.
[193] M. C. Jensen and W. H. Meckling, “Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure,” Int. Libr. Crit. Writings Econ., vol. 3, no. 214, pp. 191–246, 2008.
[194] V. Khatri and C. V. Brown, “Designing Data Governance,” Commun. ACM, vol. 53, no. 1, p. 148, 2010.
[195] S. Sengupta, V. Kaulgud, and V. S. Sharma, “Cloud Computing Security - Trends and Research Directions,” 2011 IEEE World Congr. Serv., no. October, pp. 524–531, 2011.
[196] J. Opara-Martins, R. Sahandi, and F. Tian, “Critical review of vendor lock-in and its impact on adoption of cloud computing,” Int. Conf. Inf. Soc. i-Society 2014, pp. 92–97, 2015.
[197] A. Alusi, R. G. Eccles, A. C. Edmondson, and T. Zuzul, “Sustainable Cities: Oxymoron or the Shape of the Future?,” 2011.
[198] F. Castellacci, “Business groups, innovation and institutional voids in Latin America,” World Dev., vol. 70, pp. 43–58, 2015.
[199] A. Arsanjani, S. Ghosh, A. Allam, T. Abdollah, S. Ganapathy, and K. Holley, “SOMA: A method for developing service-oriented solutions,” IBM Syst. J., vol. 47, no. 3, pp. 377–396, 2008.
[200] J. Morales, Y. Gendron, and H. Guénin-Paracini, “The construction of the risky individual and vigilant organization: A genealogy of the fraud triangle,” Accounting, Organ. Soc., vol. 39, no. 3, pp. 170–194, 2014.
[201] J. Black, R. Brooke, M. Cave, S. Colman, M. Corkery, B. Doern, M. Frerk, S. Glaister, C. Graham, A. Greig, L. Hancher, T. Hobman, E. Humpherson, D. D. Hutton, K. Mason, R. Moriarty, I. Nisbet, L. N. of Louth, P. Plummer, P. Rowlatt, J. Smith, M. Toms, P. Vass, R. Whish, S. Wilks, and N. Witney, “Regulatory Review 2006/2007 10th Anniversary Edition,” Bath, 2007.
[202] T. Hahn, F. Figge, J. Pinkse, and L. Preuss, “Editorial Trade-Offs in Corporate Sustainability: You Can’t Have Your Cake and Eat It,” Bus. Strateg. Environ., vol. 19, no. 4, pp. 217–229, 2010.
[203] D. L. Owen, T. Swift, and K. Hunt, “Questioning the role of stakeholder engagement in social and ethical accounting, auditing and reporting,” Account. Forum, vol. 25, no. No 3, pp. 264–282, 2001.
[204] H. Katzan Jr, “On The Privacy Of Cloud Computing,” Int. J. Manag. Inf. Syst., vol. 14, no. 2, pp. 1–12, 2011.
[205] L. Enriques and P. Volpin, “Corporate Governance Reforms in Continental Europe,” Hist. Polit. Econ., vol. 40, no. 5, pp. 23–25, 2008.
[206] G. Goble, H. Fields, and R. Cocciara, “Resilient infrastructure: Improving your business resilience,” Ibm, no. September, pp. 1–20, 2002.
[207] A. Elgharbawy and M. Abdel-Kader, “The Effect of Compliance with the Combined Code on Corporate Governance on the Market-based Performance: A Contingency Approach,” Bafa 2014, pp. 1–27, 2014.
[208] M. Theoharidou, N. Papanikolaou, S. Pearson, and D. Gritzalis, “Privacy risk, security, accountability in the cloud,” in Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom, 2013, vol. 1, pp. 177–184.
[209] P. Dunleavy and H. Margetts, “The Second Wave of Digital Era Governance,” Am. Polit. Sci. Assoc. Conf., pp. 1–32, 2010.
[210] D. Beare, R. Buslovich, and C. Searcy, “Linkages between Corporate Sustainability Reporting and Public Policy,” Corp. Soc. Responsib. Environ. Manag., vol. 350, no. April 2013, pp. 336–350, 2013.
[211] N. Rahman and C. Post, “Measurement Issues in Environmental Corporate Social Responsibility (ECSR): Toward a Transparent, Reliable, and Construct Valid Instrument,” J. Bus. Ethics, vol. 105, no. 3, pp. 307–319, 2012.
[212] A. V Lee, J. Vargo, and E. Seville, “Developing a Tool to Measure and Compare Organizations ’ Resilience,” Nat. Hazards Rev., vol. 14, no. February, pp. 29–41, 2013.
[213] W. K. Hon, E. Kosta, C. Millard, and D. Stefanatou, “Cloud Accountability: The Likely Impact of the Proposed EU Data Protection Regulation,” Queen Mary Sch. Law Leg. Stud. Res. Pap., no. 172, pp. 1–54, 2014.
[214] P. S. Licker, “Application Stewardship: A User Responsibility Approach to Post-Implementation Application Performance,” Proc. 2010 Spec. Interes. Gr. Manag. Inf. Syst. 48th Annu. Conf. Comput. Pers. Res. Comput. Pers. Res. - SIGMIS-CPR ’10, p. 151, 2010.
[215] E. Katz, “Social Capital and Natural Capital: A Comparative Analysis of Land Tenure and Natural Resource Management in Guatemala,” Land Econ., vol. 76, no. 1, pp. 114–132, 2000.
[216] Cabinet Office, “The UK cyber security strategy,” London, 2016.
[217] FRC, “The UK corporate governance code,” London, 2010.
[218] C. P. Skinner, “An International Law Response to Economic Cyber Espionage,” Conn. Law Rev., vol. 46, no. 4, pp. 1165–1207, 2013.
[219] R. G. Eccles, I. Ioannou, and G. Serafeim, “The Impact of Corporate Sustainability on Organizational Processes and Performance,” Manage. Sci., vol. 60, no. 11, pp. 2835–2857, 2014.
[220] M. Magnan, D. Cormier, and P. Lapointe-Antunes, “Like Moths Attracted to Flames: Managerial Hubris and Financial Reporting Fraud,” in CAAA Annual Conference, 2011, vol. 2011, no. March, pp. 0–16.
[221] L. Corriss, “Information Security Governance: Integrating Security Into the Organizational Culture Position,” Proc. 2010 Work. Gov. Technol. Inf. Policies - GTIP ’10, pp. 35–41, 2010.
[222] I. Walden, “Law Enforcement Access in a Cloud Environment,” Leg. Stud., no. 74, pp. 1–19, 2011.
[223] H. J. Smith, “Ethics and Information Systems: Resolving the Quandaries,” ACM SIGMIS Database, vol. 33, no. 3, pp. 8–22, 2002.
[224] V. Tountopoulos, M. Felici, A. Pannetrat, D. Catteddu, and S. Pearson, “Interoperability Analysis of Accountable Data Governance in the Cloud,” in Cyber Security and Privacy, Springer International Publishing, 2014, pp. 77–88.
[225] E. W. T. Ngai, D. C. K. Chau, C. W. H. Lo, and C. F. Lei, “Design and development of a corporate sustainability index platform for corporate sustainability performance analysis,” J. Eng. Technol. Manag. - JET-M, vol. 34, pp. 63–77, 2014.
[226] M. Pokharel and J. S. Park, “Cloud Computing: Future solution for e-Governance,” 3rd Int. Conf., p. 409, 2009.
[227] M. H. Baer, “Confronting the Two Faces of Corporate Fraud,” Fla. Law Rev., vol. 66, pp. 87–155, 2014.
[228] R. Tiscini and F. di Donato, “The Relation Between Accounting Frauds and Corporate Governance Systems: An Analysis of Recent Scandals,” Perspective, vol. 1, no. march, pp. 1–16, 2004.
[229] K. Hon, C. Millard, and I. Walden, “The Problem of `Personal Data’ in Cloud Computing - What Information is Regulated ?,” London, Legal Studies Research Paper No. 75/2011, 2011.
[230] J. F. Brazel, K. L. Jones, and M. F. Zimbelman, “Using Nonfinancial Measures to Assess Fraud Risk,” J. Account. Res., vol. 47, no. 5, pp. 1135–1166, Dec. 2009.
[231] J. Cohen, Y. Ding, C. Lesage, and H. Stolowy, “Corporate Fraud and Managers’ Behavior: Evidence from the Press,” J. Bus. Ethics, vol. 95, no. SUPPL. 2, pp. 271–315, 2010.
[232] R. Ameer and R. Othman, “Sustainability Practices and Corporate Financial Performance: A Study Based on the Top Global Corporations,” J. Bus. Ethics, vol. 108, no. 1, pp. 61–79, 2012.
[233] Z. Chen and J. Yoon, “IT Auditing to Assure a Secure Cloud Computing,” in Proceedings - 2010 6th World Congress on Services, Services-1 2010, 2010, pp. 253–259.
[234] T. Li, “Outsourcing Corporate Governance: Conflicts of Interest and Competition in the Proxy Advisory Industry,” Available SSRN 2287196, pp. 1–60, 2013.
[235] P. Mvelase, N. Dlodlo, Q. Williams, and M. Adigun, “Virtual Enterprise Model for Enabling Cloud Computing for SMMEs,” ISWSA ’11 Proc. 2011 Int. Conf. Intell. Semant. Web-Services Appl., pp. 1–6, 2011.
[236] J. Atanassov, “Do Hostile Takeovers Stifle Innovation? Evidence from Antitakeover Legislation and Corporate Patenting,” J. Finance, vol. 68, no. 3, pp. 1097–1131, 2013.
[237] B. Grobauer and T. Schreck, “Towards Incident Handling in the Cloud: Challenges and Approaches,” ACM Work. Cloud Comput. Secur. Work., pp. 77–85, 2010.
[238] J. Singh, J. Bacon, J. Crowcroft, A. Madhavapeddy, T. Pasquier, W. K. Hon, and C. Millard, “Regional Clouds: Technical Considerations,” no. UCAM-CL-TR-863, 2014.
[239] G. R. Weaver, L. K. Treviño, and P. L. Cochran, “Corporate Ethics Programs as Control Systems: Influences of Executive Commitment and Environmental Factors,” J. Bus. Ethics, vol. 18, pp. 283–294, 1999.
[240] P. T. Lee, “Business and ethics,” Int. Forum J., vol. 14, no. 2, pp. 39–54, 2014.
[241] J. C. Coffee, “A Theory of Corporate Scandals: Why the USA and Europe Differ,” New York, Working Paper No. 274, 2005.
[242] F. Albersmeier, H. Schulze, G. Jahn, and A. Spiller, “The reliability of third-party certification in the food chain: From checklists to risk-oriented auditing,” Food Control, vol. 20, no. 10, pp. 927–935, 2009.
[243] S. Nabi and M. N. A. Khan, “An Analysis of Application Level Security in Service Oriented Architecture,” Int. J. Mod. Educ. Comput. Sci., vol. 6, no. February, pp. 27–32, 2014.
[244] C. Hancock, “Information Security Compliance Checklist,” no. March, pp. 1–10, 2013.
[245] P. Schoo, V. Fusenig, V. Souza, M. Melo, P. Murray, H. Debar, H. Medhioub, and D. Zeghlache, “Challenges for Cloud Networking Security,” Lect. Notes Inst. Comput. Sci. Soc. Telecommun. Eng., vol. 68 LNICST, pp. 298–313, 2011.
[246] A. Mierau, “Strategic Importance of Knowledge Process Outsourcing,” Strategies, pp. 1–17, 2007.
[247] A. C. Johnston and R. Hale, “Improved Security through Information Security Governance,” Commun. ACM, vol. 52, no. 1, p. 126, Jan. 2009.
[248] C. Searcy, “Corporate Sustainability Performance Measurement Systems: A Review and Research Agenda,” J. Bus. Ethics, vol. 107, no. 3, pp. 239–253, 2012.
[249] K. M. Eisenhardt, “Agency Theory: An Assessment and Review,” Acad. Manag. Rev., vol. 14, no. 1, pp. 57–74, 1989.
[250] A. Melis, “Corporate Governance Failures. To What Extent is Parmalat a Particularly Italian Case?,” Corp. Gov., vol. 13, no. 4, pp. 478–488, 2005.
[251] B. W. Macklin, “E-Commerce at What Price? Privacy Protection in the Information Economy,” SSRN Electron. J., no. 9552699, pp. 1–51, 1999.
[252] F. R. Council, “Guidance on Audit Committees (The Smith Guidance),” London, 2005.
[253] C. Kuner, “Regulation of Transborder Data Flows under Data Protection and Privacy Law: Past, Present, and Future,” Leg. Stud., no. 16, pp. 1–90, 2010.
[254] M. C. Jensen and D. Chew, “US Corporate Governance: Lessons from the 1980’s,” Harvard Univ. Press, no. December 2000, pp. 1–47, 1995.
[255] B. Duncan, D. J. Pym, and M. Whittington, “Developing a Conceptual Framework for Cloud Security Assurance,” in Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on (Volume 2), 2013, pp. 120–125.
[256] M. Nwogugu, “Efficiency of Sarbanes-Oxley Act; Willingness-to-Comply and Agency Problems,” Director, pp. 1–20, 2005.
[257] F. R. Council, “Review of the Turnbull Guidance: Proposals for updating the guidance,” London, 2005.
[258] A. Dyck, A. Morse, L. Zingales, J. Donohue, J. Hartzell, J. Karpoff, A. Metrick, and S. Rajgopal, “Who Blows the Whistle on Corporate Fraud?,” 2009.
[259] T. Kremic, O. I. Tukel, and W. O. Rom, “Outsourcing Decision Support: A Survey of Benefits, Risks, and Decision Factors,” Supply Chain Manag. An Int. J., vol. 11, no. 6, pp. 467–482, 2006.
[260] D. F. Larcker, S. A. Richardson, and İ. Tuna, “How Important is Corporate Governance?,” How Important is Corp. Gov., pp. 1–77, 2005.
[261] Verizon, N. High, T. Crime, I. Reporting, and I. S. Service, “2012 Data Breach Investigations Report,” 2012.
[262] L. G. Price, “The Concept of Fiduciary Duty As a Basis for Corporate Ethics,” J. Business, Soc. Gov., vol. 3, pp. 21–30, 2011.
[263] G. Karokola, S. Kowalski, and L. Yngstrom, “Secure e-government services: Towards a framework for integrating it security services into e-government maturity models,” in 2011 Information Security for South Africa, 2011, no. C, pp. 1–9.
[264] S. Pearson and A. Benameur, “Privacy, Security and Trust Issues Arising from Cloud Computing,” in 2010 IEEE Second International Conference on Cloud Computing Technology and Science, 2010, no. December, pp. 693–702.
[265] R. V Aguilera, M. Goyer, and L. R. K. De Castro, “Regulation and Comparative Corporate Governance,” in Handbook of Corporate Governance, Oxford: Oxford University Press, Forthcoming, Oxford: Oxford University Press, 2012, pp. 1–44.
[266] H. Susanto, M. N. Almunawar, and Y. C. Tuan, “Information Security Management System Standards: A Comparative Study of the Big Five,” Int. J. Electr. Comput. Sci. IJECSIJENS, vol. 11/5, no. October, pp. 23–29, 2011.
[267] N. Gao, “The Short and Long-Run Financial Impact of Corporate Outsourcing Transactions,” University of Pittsburgh, 2006.
[268] T. Y. Wang, A. Winton, and X. Yu, “Corporate Fraud and Business Conditions: Evidence from IPOs,” J. Finance, vol. 65, no. 6, pp. 2255–2292, 2010.
[269] A. N. Toosi, R. N. Calheiros, and R. Buyya, “Interconnected Cloud Computing Environments: Challenges, Taxonomy and Survey,” ACM Comput. Surv., vol. 47, no. 212, pp. 1–47, 2014.
[270] W. Jansen and T. Grance, “Guidelines on Security and Privacy in Public Cloud Computing,” 2011.
[271] C. G. Curtin, “Resilience design: Toward a synthesis of cognition, learning, and collaboration for adaptive problem solving in conservation and natural resource stewardship,” Ecol. Soc., vol. 19, no. 2, pp. 1–8, 2014.
[272] G. Whittington, “Harmonisation or discord? The critical role of the IASB conceptual framework review,” J. Account. Public Policy, vol. 27, no. 6, pp. 495–502, 2008.
[273] N. P. Tracey, “Corporate reputation and financial performance: Underlying dimensions of corporate reputation and their relation to sustained financial performance,” 2014.
[274] K. J. Cremers Martijn and V. B. Nair, “Governance Mechanisms and Equity Prices,” 03–15, Dec. 2005.
[275] M. L. Hale and R. Gamble, “SecAgreement: Advancing Security Risk Calculations in Cloud Services,” in Proceedings - 2012 IEEE 8th World Congress on Services, SERVICES 2012, 2012, pp. 133–140.
[276] J. E. Boritz and L. M. Timoshenko, “On the Use of Checklists in Auditing: A Commentary,” Curr. Issues Audit., vol. 8, no. 1, pp. 1–25, Feb. 2014.
[277] B. Densham, “Three cyber-security strategies to mitigate the impact of a data breach,” Netw. Secur., vol. 2015, no. 1, pp. 5–8, 2015.
[278] P. Năstase, F. Năstase, and C. Ionescu, “Challenges Generated by the Implementation of the IT Standards COBIT 4.1, ITIL V3 and ISO/IEC 297002 in Enterprises,” Econ. Comput. Econ. Cybern. Stud. Res., vol. 43, no. 3, pp. 1–16, 2009.
[279] A. Butala and Z. U. Khan, “Accounting Fraud at Xerox Corporation,” Michigan, 2008.
[280] P. Neumann and Contributors, “Risks to the public,” ACM SIGSOFT Softw. Eng. Notes, vol. 13, no. 4, pp. 3–20, Mar. 1988.
[281] L. Purda and D. Skillicorn, “Identifiying Fraud from the Language of Financial Reports,” Kingston Ontario, 2011.
[282] C. Bichta and J. Marchant, “The UK Telecommunications Industry 2001,” Regul. Ind. Br. 2001, pp. 1–100, 2001.
[283] S. Graupner, S. Basu, and S. Singhal, “Business Operating Environment for Service Clouds,” in Business, 2011, pp. 1–11.
[284] ISO, SC27 Platinum Book - 29 Years of ISO/IEC JTC 1/SC27 - Information Security Standardisation. 2010.
[285] A. Arsanjani, “Service-oriented modeling and architecture,” IBM Dev. Work., vol. 2009, no. January, pp. 1–15, 2004.
[286] B. Cheng, I. Ioannou, and G. Serafeim, “Corporate Social Responsibility and Access to Finance,” Strateg. Manag. J., vol. 35, no. 1, pp. 1–23, 2014.
[287] Fujitsu, “Fujitsu Information Security Report: 2011,” 2011.
[288] J. D. Arthurs and L. W. Busenitz, “The Boundaries and Limitations of Agency Theory and Stewardship Theory in the Venture Capitalist / Entrepreneur Relationship,” Entrep. Theory Pract., vol. 28, no. 2, pp. 145–162, 2003.
[289] S. Singleton, “Co‐operation or capture? The paradox of co‐management and community participation in natural resource management and environmental policy‐making,” Env. Polit., vol. 9, no. 2, pp. 1–21, 2000.
[290] V. O’Connell, “Reflections on Stewardship Reporting,” Account. Horizons, vol. 21, no. 2, pp. 215–227, Jun. 2007.
[291] J. R. F. Filho and M. Balassiano, “The Problem of Incentives in Building Corporate Governance Models,” Corp. Ownersh. Control, vol. 5, no. 2D Cont 3, pp. 352–359, 1997.
[292] H. Jo and M. A. Harjoto, “Corporate Governance and Firm Value: The Impact of Corporate Social Responsibility,” J. Bus. Ethics, vol. 103, no. 3, pp. 351–383, 2011.
[293] A. Christofi, P. Christofi, and S. Sisaye, “Corporate sustainability: historical development and reporting practices,” Manag. Res. Rev., vol. 35, no. 2, pp. 157–172, 2012.
[294] B. Duncan, M. Whittington, M. G. Jaatun, A. Ramiro, and Z. Reyes, “Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?,” in Enterprise Security Springer Book 2016, V. Chang, M. Ramachandran, R. Walters, and G. Wills, Eds. Springer, 2016, pp. 1–22.
[295] M. Kendrick, “Internal Control: Guidance for Directors on the Combined Code (The Turnbull Report),” London, 2000.
[296] A. Heshmati and K. Pietola, “The Relationship Between Corporate Competitiveness Strategy, Innovation, Increased Efficiency, Productivity Growth and Outsourcing,” in Global outsourcing strategies: an international reference on effective outsourcing relationships/Peter Barre \& Roxane Gervais, Gower Publishing Limited, 2006, pp. 1–45.
[297] CAMM, “Common Assurance Maturity Model,” 2010.
[298] R. Industries, “Publications and Information List March 2010,” Regul. Ind. CRI, no. March, pp. 1–29, 2010.
[299] M. Becht, P. Bolton, and A. A. Röell, “Corporate Governance and Control,” SSRN Electron. J., no. August, pp. 1–128, 2002.
[300] IBM, “IBM X-Force 2012 Mid-year Trend and Risk Report,” 2012.
[301] D. Andrew, R. Brooke, S. I. Byatt, M. Courtney, L. Fitzgerald, M. Fox, E. Goodwyn, C. Graham, S. Hawkins, S. Littlechild, D. McIldoon, G. Owen, R. Palmer, P. Plummer, I. Reay, A. Sutherland, R. Turvey, P. Vass, C. W. Price, T. Weyman-Jones, S. Wilks, and B. Williamson, “Regulatory Review 2000/2001 Millennium edition,” Bath, 2001.
[302] S. Ramgovind, M. M. Eloff, and E. Smith, “The management of security in cloud computing,” in Proceedings of the 2010 Information Security for South Africa Conference, ISSA 2010, 2010, pp. 1–7.
[303] L. A. Gordon, M. P. Loeb, W. Lucyshyn, and T. Sohail, “The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities,” J. Account. Public Policy, vol. 25, no. 5, pp. 503–530, Sep. 2006.
[304] BIS, “Revised Government Buying Standards for Furniture Impact Assessment (IA) Summary: Intervention and Options Summary: Analysis and Evidence Policy Option 1,” London, 2013.
[305] G. Cuevas-Rodríguez, L. R. Gomez-Mejia, and R. M. Wiseman, “Has Agency Theory Run its Course?: Making the Theory more Flexible to Inform the Management of Reward Systems,” Corp. Gov., vol. 20, no. 6, pp. 526–546, Nov. 2012.
[306] M. Ramachandran and V. Chang, “Recommendations and Best Practices for Cloud Enterprise Security,” 2014 IEEE 6th Int. Conf. Cloud Comput. Technol. Sci., pp. 983–988, 2014.
[307] S. Turnbull, “Corporate Governance: Theories, Challenges and Paradigms,” SSRN Electron. J., pp. 1–97, 2000.
[308] I. Standards, P. W. Item, N. Proposal, W. Draft, C. Draft, F. C. Draft, D. I. Standard, F. Draft, D. I. Standard, I. Standard, I. E. C. Jtc, and R. Iso, “ISO 27000 Series of Standards :,” 2009.
[309] G. Martin and P. J. Gollan, “Corporate governance and strategic human resources management in the UK financial services sector: the case of the RBS,” Int. J. Hum. Resour. Manag., vol. 23, no. 16, pp. 3295–3314, 2012.
[310] J. Kwon and M. E. Johnson, “Security practices and regulatory compliance in the healthcare industry,” J. Am. Med. Informatics Assoc., vol. 20, no. 1, pp. 44–51, 2012.
[311] S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi, “Cloud Computing – The Business Perspective,” Decis. Support Syst., vol. 51, no. 1, pp. 176–189, 2011.
[312] L. Giustiniano and G. Clarioni, “The Impact of Outsourcing on Business Performance: An Empirical Analysis,” J. Mod. Account. Audit., vol. 9, no. 2, pp. 153–168, 2013.
[313] R. B. Adams, B. E. Hermalin, and M. S. Weisbach, “The Role of Boards of Directors in Corporate Governance: A Conceptual Framework and Survey,” J. Econ. Lit., vol. 48, no. 1, pp. 58–107, Mar. 2010.
[314] G. Clinch, B. Sidhu, and S. Sin, “OECD Principles of Corporate Governance,” OECD Publishing, May 1999.
[315] B. H. Reich and K. M. Nelson, “In Their Own Words: CIO Visions About the Future of In-House IT Organizations,” ACM SIGMIS Database, vol. 34, no. November, pp. 28–44, 2010.
[316] M. J. Stein, “Beyond the Boardroom: Governmental Perspectives on Corporate Governance,” Accounting, Audit. Account. J., vol. 21, no. 7, pp. 1001–1025, 2008.
[317] I. Ioannou and G. Serafeim, “The Consequences of Mandatory Corporate Sustainability Reporting Ioannis Ioannou,” Harvard Bus. Sch. Work. Pap., pp. 1–44, 2012.
[318] R. Babin and B. Nicholson, “Corporate Social Responsibility in Global IT Outsourcing: A Case Study of Inter- firm Collaboration,” in Information Systems Outsourcing, Springer, 2014, pp. 431–449.
[319] B. Holmstrom and S. N. Kaplan, “the State of U.S. Corporate Governance: What’s Right and What’s Wrong?,” J. Appl. Corp. Financ., vol. 15, no. 3, pp. 8–20, Mar. 2003.
[320] W. W. Bratton, “Enron and the Dark Side of Shareholder Value,” Power, no. May, pp. 1–79, 2002.
[321] T. Greenhalgh and R. Stones, “Theorising big IT programmes in healthcare: Strong structuration theory meets actor-network theory,” Soc. Sci. Med., vol. 70, no. 9, pp. 1285–1294, 2010.
[322] V. Chang and M. Ramachandran, “Towards achieving Data Security with the Cloud Computing Adoption Framework,” IEEE Trans. Serv. Comput., vol. 1374, no. c, pp. 1–1, 2015.
[323] B. M. Mitnick, “Origin of the Theory of Agency: An Account by One of the Theory’s Originators,” SSRN 1020378, no. July, p. 15, 2012.
[324] M. Litoiu and M. Litoiu, “Optimizing Resources in Cloud , a SOA Governance View,” in GTIP 2010 - Optimization, 2010, pp. 71–75.
[325] F. R. Council, “Review of the 2003 Combined Code: Consultation on Possible Amendments to the Combined Code,” London, 2006.
[326] L. Marchegiani, L. Giustiniano, E. Peruffo, and L. Pirolo, “Revitalising the Outsourcing Discourse within the Boundaries of Firms Debate,” Bus. Syst. Rev., vol. 1, no. 1, pp. 1–21, 2012.
[327] J. A. Chaula, “A Socio-Technical Analysis of Information Systems Security Assurance: A Case Study for Effective Assurance,” 2006.
[328] B. C. Stahl, N. F. Doherty, and M. Shaw, “Information security policies in the UK healthcare sector: a critical evaluation,” Inf. Syst. J., vol. 22, no. 1, pp. 77–94, 2012.
[329] Deloitte, “Looking beyond the numbers Review of banks ’ annual reports Contents,” 2010.
[330] T. Choudhry and R. Jayasekera, “Comparison of efficiency characteristics between the banking sectors of US and UK during the global financial crisis of 2007–2011,” Int. Rev. Financ. Anal., vol. 25, pp. 106–116, Dec. 2012.
[331] A. Dyck, A. Morse, and L. Zingales, “Who Blows the Whistle on Corporate Fraud?,” J. Finance, vol. LXV, no. 6, pp. 2213–2253, 2010.
[332] I. C. Lourenco, M. C. Branco, J. D. Curto, and T. Eugenio, “How Does the Market Value Corporate Sustainability Performance?,” J. Bus. Ethics, vol. 108, no. 4, pp. 417–428, 2012.
[333] P. M. Healy and K. Palepu, “Negotiation, Organizations and Markets Research Papers - The Fall of Enron,” J. Econ. Perspect., vol. 17, no. 2, pp. 1–52, 2002.
[334] P. Balboni, V. Mascheroni, A. Paolo, and B. Law, “Data Protection and Data Security Issues Related to Cloud Computing in the EU,” Soc. Sci. Res., vol. 22, no. 22, pp. 1–12, 2010.
[335] A. Cadbury, “The Financial Aspects of Corporate Governance,” London, 1992.
[336] R. Romano, “The Sarbanes-Oxley Act and the Making of Quack Corporate Governance,” New Haven CT, No 297, 2004.
[337] F. Yu and X. Yu, “Corporate Lobbying and Fraud Detection,” J. Financ. Quant. Anal., vol. 46, no. 6, pp. 1865–1891, 2011.
[338] F. R. Council, “Consultation Document: Revisions to FRC Guidance on Audit Committees: Non-Audit Services,” London, 2010.
[339] J. Gassen, “Are Stewardship and Valuation Usefulness Compatible or Alternative Objectives of Financial Accounting?,” Ssrn 1095215, pp. 1–60, 2008.
[340] J. S. Hiller, “The Benefit Corporation and Corporate Social Responsibility,” J. Bus. Ethics, vol. 118, no. November 2012, pp. 287–301, 2013.
[341] D. S. Archambeault, F. T. DeZoort, and T. P. Holt, “The Need for an InternalAuditor Report to External Stakeholders to Improve GovernanceTransparency,” Account. Horizons, vol. 22, no. 4, pp. 375–388, Dec. 2008.
[342] T. Wang, K. N. Kannan, and J. R. Ulmer, “The Association Between the Disclosure and the Realization of Information Security Risk Factors,” Inf. Syst. Res., vol. 24, no. 2, pp. 201–218, 2013.
[343] B. B. Francis, I. Hasan, K. John, and L. Song, “Corporate Governance and Dividend Payout Policy: A Test Using Antitakeover Legislation,” Financ. Manag., vol. 40, no. Spring, pp. 83–112, 2011.
[344] M. Matsubara, “Countering Cyber-Espionage and Sabotage,” RUSI J., vol. 159, no. January 2015, pp. 86–93, 2014.
[345] E. D’Amico, D. Coluccia, S. Fontana, and S. Solimene, “Factors Influencing Corporate Environmental Disclosures,” Bus. Strateg. Environ., vol. 12, no. 1, pp. 53–73, 2014.
[346] S. Aier and M. Schönherr, “Model Driven Service Domain Analysis,” in Service-Oriented Computing ICSOC 2006, 2007, pp. 190–200.
[347] W. Baker, M. Goudie, A. Hutton, D. Hylender, J. Niemantsverdriet, C. Novak, D. Ostertag, C. Porter, M. Rosen, B. Sartin, P. Tippett, T. Bosschert, E. Brohm, C. Chang, M. Dahn, R. Dormido, B. Van Erck, K. Evans, E. Gentry, J. Grim, C. Hill, A. Kunsemiller, K. Lee, W. Lee, K. Long, R. Perelstein, E. Telemaque, D. Todd, Y. Uzawa, J. A. Valentine, N. Villatte, M. Van Der Wel, P. Wright, T. Beeferman, C. Dismukes, P. Goulding, and C. Neal, “2010 Data Breach Investigations Report,” 2010.
[348] A. Dey, “Corporate Governance and Agency Conflict,” J. Account. Res., vol. 46, no. 5, pp. 1143–1181, 2008.
[349] A. C. Johnston and M. Warkentin, “Fear Appeals and Information Security Behaviors: an Empirical Study,” MIS Q., vol. 34, no. 3, pp. 549–566, 2010.
[350] HP, “Finding the Right Cloud Solutions for your Organization,” 2011.
[351] P. M. Vasudev, “Corporate Governance at Nortel – Revisiting Board Functions,” Ssrn, pp. 1–42, 2014.
[352] Lloyds, “Managing digital risk Trends, issues and implications for business,” 2010.
[353] J. N. Gordon, “What Enron Means for the Management and Control of the Modern Business Corporation: Some Initial Reflections,” Univ. Chicago Law Rev., vol. 69, no. 3, pp. 1233–1250, 2002.
[354] P. Myners, “Institutional Investment in the United Kingdom: A Review,” London, 2001.
[355] Cisco, “Cisco 2011 Annual Security Report Highlighting Global Security Threats and Trends,” 2011.
[356] Y. Fassin and D. Gosselin, “The Collapse of a European Bank in the Financial Crisis: An Analysis from Stakeholder and Ethical Perspectives,” J. Bus. Ethics, vol. 102, no. 2, pp. 169–191, 2011.
[357] S. Schaltegger, F. L. Freund, and E. G. Hansen, “Business cases for sustainability: the role of business model innovation for corporate sustainability,” Int. J. Innov. Sustain. Dev., vol. 6, no. 2, p. 95, 2012.
[358] F. S. Authority, “Listing Rules,” London, 2011.
[359] R. G. Eccles and G. Serafeim, “Corporate and Integrated Reporting: A Functional Perspective,” in SSRN Electronic Journal, 2014, pp. 1–21.
[360] D. J. Solove and W. Hartzog, “The FTC and Privacy and Security Duties for the Cloud,” SSRN Pap. no 2424998, pp. 1–6, 2014.
[361] I. Iankoulova and M. Daneva, “Cloud Computing Security Requirements: a Systematic Review,” in 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), 2012, pp. 1–7.
[362] Cesg, “GCHQ CESG Executive Companion,” 2012.
[363] N. Bieberstein, S. Bose, M. Fiammante, K. Jones, and R. Shah, Service-Oriented Architecture Compass: Business Value, Planning, and Enterprise Roadmap. FT Press, 2006.
[364] E. N. and I. S. Agency, “Cloud Computing: Benefits, Risks and Recommendations for Information Security - Google Search,” Computing, vol. 72, no. 1, pp. 2009–2013, 2009.
[365] L. E. Mitchell, “The Sarbanes-Oxley Act and the Reinvention of Corporate Governance?,” Villanovo Law Rev., vol. 48, no. 4, pp. 1189–1216, 2003.
[366] L. Mulig, S. Conger, and S. Blanke, “Linking IS Audit Concepts to the Real World Via an Experiential Learning Exercise,” in The 5th Annual General Business Conference, 2013, pp. 1–12.
[367] H. S. B. Herath and T. C. Herath, “IT security auditing: A performance evaluation decision model,” Decis. Support Syst., vol. 57, pp. 54–63, Jan. 2014.
[368] R. Eccles, K. Perkins, and G. Serafeim, “How to Become a Sustainable Company,” MIT Sloan Manag. Rev., vol. 53, no. 4, pp. 43–50, 2012.
[369] L.-H. Pan, C.-T. Lin, S.-C. Lee, and K.-C. Ho, “Information Ratings and Capital Structure,” J. Corp. Financ., vol. 31, pp. 17–32, 2015.
[370] F. R. Council, “Review of the 2003 Combined Code: Summary of Responses to the Review,” London, 2006.
[371] A. Ofoegbu, M. Griffiths, and A. Heinze, “Themes and challenges for service management solutions in Small and Medium Enterprises (SMEs),” 2011.
[372] T. Baars, L. Van Den Bemd, M. Theuns, R. VanderAkker, M. Schönbeck, and S. Brinkkemper, “Cyber Security in Smart Grid Substations,” 2012.
[373] L. Bebchuk, A. Cohen, and A. Ferrell, “What Matters in Corporate Governance?,” Rev. Financ. Stud., vol. 22, no. 617, pp. 784–827, 2008.
[374] Trustwave, “Trustwave Global Security Report,” 2013.
[375] M. E. Hathaway and J. E. Savage, “Stewardship of Cyberspace Duties of Internet Service Providers,” in Cyberdialogue2012, 2012, p. 24.
[376] R. Bushman, Q. Chen, E. Engel, and A. Smith, “Financial accounting information, organizational complexity and corporate governance systems,” J. Account. Econ., vol. 37, no. 2, pp. 167–201, Jun. 2004.
[377] D. Vinod and S. Chandarasekaran, “Information Security Assurance Model for Collaborating Business Processes,” in Proceedings of the 15th WSEAS, 2011, pp. 350–357.
[378] T. Hahn, J. Pinkse, L. Preuss, and F. Figge, “Tensions in Corporate Sustainability: Towards an Integrative Framework,” J. Bus. Ethics, vol. 127, no. 2, pp. 1–20, 2014.
[379] N. Papanikolaou, S. Pearson, M. C. Mont, and R. K. L. Ko, “Towards Greater Accountability in Cloud Computing through Natural-Language Analysis and Automated Policy Enforcement,” Engineering, pp. 1–4, 2011.
[380] F. Li, J. Q. Hou, and D. M. Xu, “Managing disruption risks in supply chain,” Proc. - 2010 IEEE Int. Conf. Emerg. Manag. Manag. Sci. ICEMMS 2010, vol. 14, no. 1, pp. 434–438, Jan. 2010.
[381] K. K. Jones, “The Impact of Legislation on the Organization: Evaluating the Impact of Corporate Governance Regulation on the Internal Audit Function,” 2013.
[382] K. Popovic and Z. Hocenski, “Cloud computing security issues and challenges,” MIPRO, 2010 Proc. 33rd Int. Conv., pp. 344–349, 2010.
[383] Cisco, “Cisco 2011 Annual Security Report,” 2011.
[384] S. Young and V. Thyil, “Corporate Social Responsibility and Corporate Governance: Role of Context in International Settings,” J. Bus. Ethics, vol. 122, no. 1, pp. 1–24, 2014.
[385] H. McCraw, K. S. Moffeit, and J. R. O’Malley, “An Analysis of the Ethical Codes of Corporations and Business Schools,” J. Bus. Ethics, vol. 87, no. 1, pp. 1–13, Jul. 2009.
[386] K. Parella, “Outsourcing Corporate Accountability,” Washingt. Law Rev., vol. 89, no. 3, pp. 747–818, 2014.
[387] FRC, “The UK Stewardship Code,” London, 2012.
[388] C. Blackwell, “A security architecture to protect against data loss,” in Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 2010, vol. 41 LNICST, pp. 102–110.
[389] S. Pearson, V. Tountopoulos, D. Catteddu, M. Sudholt, R. Molva, C. Reich, S. Fischer-Hubner, C. Millard, V. Lotz, M. G. Jaatun, R. Leenes, C. Rong, and J. Lopez, “Accountability for Cloud and Other Future Internet Services,” in CloudCom 2012 - Proceedings: 2012 4th IEEE International Conference on Cloud Computing Technology and Science, 2012, pp. 629–632.
[390] C. Leuz, D. Nanda, and P. D. Wysocki, “Earnings Management and Investor Protection: An International Comparison,” J. financ. econ., vol. 69, no. 3, pp. 505–527, Sep. 2003.
[391] S. L. Gillan, “Recent Developments in Corporate Governance: An Overview,” J. Corp. Financ., vol. 12, no. 3, pp. 381–402, Jun. 2006.
[392] S. Harshbarger and G. U. Jois, “Looking Back and Looking Forward: Sarbanes-Oxley and the Future of Corporate Governance,” Akron Law Rev., pp. 1–53, 2007.
[393] M. A. Cherry, “Whistling in the Dark? Corporate Fraud, Whistleblowers, and the Implications of the Sarbanes – Oxley Act for Employment Law,” Washingt. Law Rev., vol. 15, no. 2003, pp. 1029–1123, 2004.
[394] C. Brown, D. Lee, C. Scott, and D. Strunk, “American Cyber Insecurity: The growing danger of cyber attacks,” 2014.
[395] G. R. Weaver, L. K. Treviño, and P. L. Cochran, “Corporate Ethics Programs As Control Systems: Influences of Executive Commitment and Environmental Factors.,” Acad. Manag. J., vol. 42, no. 1, pp. 41–57, 1999.
[396] F. R. Council, “Amendments to the 2003 Combined Code: Regulatory Impact Assessment,” London, 2006.
[397] B. Duncan, B. Duncan, and M. Whittington, “Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail,” in Cloud Computing 2016: The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization, 2016, no. November, pp. 125–130.
[398] J. Singh and J. M. Bacon, “On middleware for emerging health services,” J. Internet Serv. Appl., vol. 5, no. 1, p. 6, 2014.
[399] I. Montiel and J. Delgado-Ceballos, “Defining and Measuring Corporate Sustainability: Are We There Yet?,” Organ. Environ., vol. Advance on, pp. 1–27, 2014.
[400] Fujitsu, “Information Security Report 2012,” 2010.
[401] S. Abraham, C. Marston, and P. Darby, “Risk Reporting: Clarity , Relevance and Location,” ICAS, Edinburgh, 2012.
[402] R. Bauer, N. Guenster, and R. Otten, “Empirical Evidence on Corporate Governance in Europe: The Effect on Stock Returns, Firm Value and Performance,” J. Asset Manag., vol. 5, no. 2, pp. 91–104, 2004.
[403] D. Delves and B. Patrick, “Agency Theory Summary,” 2006.
[404] I. Fraser and J. Pierpoint, “Can we meet the needs? Auditor views on external assurance and management commentary - Executive Summary,” Edinburgh, 2011.
[405] C. Kavanagh and M. Carrieri, “Cyber Dialogue 2012 Briefs: Thinking Strategically About Cyber Security,” in Security, 2012, no. 2009, pp. 1–10.
[406] A. Johri, O. Nov, and R. Mitra, “‘Cool’ or ‘Monster’? Company Takeovers and Their Effect on Open Source Community Participation,” Culture, pp. 327–331, 2011.
[407] S. Pearson, “Towards Accountability in the Cloud,” IEEE Internet Comput., vol. 15, no. 4, pp. 64–69, Jul. 2011.
[408] Lee Badger, D. Bernstein, R. Bohn, F. de Vaulx, M. Hogan, J. Mao, J. Messina, K. Mills, A. Sokol, J. Tong, F. Whiteside, and D. Leaf, “US Government Cloud Computing Technology Roadmap Volume I Release 1.0 (Draft): High-Priority Requirements to Further USG Agency Cloud Ccomputing Adoption,” 2011.
[409] R. La Porta, F. Lopez-de-Silanes, A. Shleifer, and R. Vishny, “Investor Protection and Corporate Governance,” Cambridge, 2000.
[410] R. T. Ainsworth, “Digital VAT and Development: D-VAT & D-Velopment,” Boston MA, WORKING PAPER NO. 06-21, 2006.
[411] C. Pardo, F. J. Pino, F. García, M. P. Velthius, and M. T. Baldassarre, “Trends in Harmonization of Multiple Reference Models,” Commun. Comput. Inf. Sci., vol. 230, no. 4, pp. 61–73, 2011.
[412] L. He, R. Labelle, C. Piot, and D. B. Thornton, “Board Monitoring, Audit Committee Effectiveness, and Financial Reporting Quality: Review and Synthesis of Empirical Evidence,” J. Forensic Investig. Account., vol. 1, no. 2, pp. 1–42, 2009.
[413] J. K. M. Mawutor, “Complicity of Auditors in Finacial Statement Fraud in Corporate Governance,” Int. J. Educ. Res., vol. 2, no. 5, pp. 321–334, 2014.
[414] S. Ngan, C. Cordery, and R. Baskerville, “Internet Pathways for Stakeholder Engagement and Accountability: Universities in the United Kingdom and Their Donors,” Auditing, pp. 1–20, 2008.
[415] Cisco, “Cisco 2010 Annual Security Report,” 2010.
[416] K. Brickey, “From Enron to WorldCom and beyond: Life and Crime after Sarbanes-Oxley,” St Louis, PAPER NO. 03-06-01, 2003.
[417] Computing, “Note to CIOs: Get Your Head in the Cloud,” Cloud Computing, pp. 1–4, 2011.
[418] L. F. Spira and M. Page, “Risk management: The reinvention of internal control and the changing role of internal audit,” Accounting, Audit. Account. J., vol. 16, no. 4, pp. 640–661, 2003.
[419] M. A. Delmas, D. Etzion, and N. Nairn-Birch, “Triangulating Environmental Performance: What Do Corporate Social Responsibility Ratings Really Capture?,” Acad. Manag. Perspect., vol. 27, no. 3, pp. 255–267, 2013.
[420] PWC, “Information Security Breaches Survey 2010 Technical Report,” pp. 1–22, 2010.
[421] CyberEdge Group, “2014 {CyberThreat} Defense Report North America & Europe,” 2014.
[422] European Network and Information Security Agency (ENISA), “Cloud Computing - Benefits, Risks and Recommendations for Information Security,” Computing, 2012. [Online]. Available: http://www.springerlink.com/index/R357K80TP72R7121.pdf. [Accessed: 01-Jan-2016].
[423] N. Beaumont and Z. Khan, “A Taxonomy of Refereed Outsourcing Literature,” Working Paper 22/05, 2005.
[424] B. S. Kaliski-Jr and W. Pauley, “Toward Risk Assessment as a Service in Cloud Environments,” in Proceedings of the 2nd USENIX conference on Hot topics in cloud computing, 2010, vol. 63, no. 2, pp. 1–7.
[425] N. G. Mankiw and P. Swagel, “The Politics and Economics of Offshore Outsourcing,” J. Monet. Econ., vol. 53, no. 5, pp. 1027–1056, 2006.
[426] S. Sahibudin, M. Sharifi, and M. Ayat, “Combining ITIL, COBIT and ISO/IEC 27002 in order to design a comprehensive IT framework in organizations,” Proc. - 2nd Asia Int. Conf. Model. Simulation, AMS 2008, pp. 749–753, May 2008.
[427] K. J. Hopt, “Modern Company and Capital Market Problems: Improving European Corporate Governance After Enron,” Hamburg, N°.05/2002, 2007.
[428] T. Elshandidy and L. Neri, “Corporate Governance, Risk Disclosure Practices, and Market Liquidity: Comparative Evidence from the UK and Italy,” Corp. Gov. An Int. Rev., vol. 23, no. 4, pp. 331–356, 2015.
[429] G. Ferrarini and P. Giudici, “Financial Scandals and the Role of Private Enforcement: The Parmalat Case,” 2005.
[430] R. Barabanov, S. Kowalski, and L. Yngstrom, “Information Security Metrics State of the Art,” 2011.
[431] S. Penman, “Accounting Standard Setting: Thoughts on Developing a Conceptual Framework,” China J. Account. Stud., vol. 1, no. 3–4, pp. 157–167, 2013.
[432] B. for I. Settlements, “Electronic Finance: A New Perspective and Challenges,” 2001.
[433] O. Wenge, M. Siebenhaar, U. Lampe, D. Schuller, and R. Steinmetz, “Much Ado about Security Appeal: Cloud Provider Collaborations and Their Risks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 7592 LNCS, no. 1, pp. 80–90, 2012.
[434] J. Singh, J. Bacon, and D. Eyers, “Policy Enforcement Within Emerging Distributed, Event-based Systems,” Proc. 8th ACM Int. Conf. Distrib. Event-Based Syst. - DEBS ’14, pp. 246–255, 2014.
[435] C. A. Adams and R. Evans, “Accountability, Completeness, Credibility and the Audit Expectations Gap,” JCC 14 Summer 2014, vol. 14, no. Summer, pp. 97–115, 2004.
[436] L. F. B. Soares, D. a B. Fernandes, J. V Gomes, M. M. Freire, and P. R. M. Inácio, “Security, Privacy and Trust in Cloud Systems,” in Security, Privacy and Trust in Cloud Systems, Springer, 2014, pp. 3–44.
[437] C. Lennox, P. Lisowsky, and J. Pittman, “Tax Aggressiveness and Accounting Fraud,” J. Account. Res., vol. 51, no. 0, pp. 739–778, 2013.
[438] S. Inaganti and G. K. Behara, “Service Identification: BPM and SOA Handshake,” BPTrends, vol. 3, no. March, pp. 1–12, 2007.
[439] M. Bergfeld and B. C. Doepfer, “Innovation in Outsourcing Alliances: Managing the Prisoner’s Dilemma of Cooperative Competence Building,” in Innovation, 2009, no. June, pp. 1–5.
[440] K. Irion, “Government Cloud Computing and the Policies of Data Sovereignty,” Budapest, Hungary, 2011.
[441] J. Cohen, G. Krishnamoorthy, and A. M. Wright, “Corporate Governance and the Audit Process,” Contemp. Account. Res., vol. 19, no. 4, pp. 573–594, 2002.
[442] D. Andrew, A. Asher, A. Carey, G. Dallas, D. Edmonds, C. Graham, N. Hawkins, J. Roberts, and P. Vass, “Regulated Industries - The ‘Governance Contract,’” in Proceedings of CRI, 2002, pp. 1–142.
[443] A. Baldwin, Y. Beres, and S. Shiu, “Using Assurance Models in IT Audit Engagements,” Oct. 2011.
[444] B. J. Bushee, M. E. Carter, and J. Gerakos, “Institutional Investor Preferences for Corporate Governance Mechanisms,” Soc. Sci. Res. Netw., vol. 26, no. 2, pp. 123–149, 2010.
[445] G. A. Lewis, “The Role of Standards in Cloud- Computing Interoperability,” in System Sciences (HICSS), 2013 46th Hawaii International Conference on, 2012, no. October, pp. 1652–1661.
[446] E. Ohki, Y. Harada, S. Kawaguchi, T. Shiozaki, and T. Kagaya, “Information Security Governance Framework,” in Proceedings of the first ACM workshop on Information security governance - WISG ’09, 2009, p. 1.
[447] G. Simmonds and I. Bartle, “The UK Gas Industry 2003/2004,” Regul. Ind. Br. CRI, pp. 1–132, 2004.
[448] M. C. Jensen, “The Modern Industrial Revolution, Exit, and the Failure of Internal Control Systems,” J. Finance, vol. 48, no. 3, pp. 831–880, 1993.
[449] R. Moeller, “Managing Internal Auditing in a Post-SOA World,” J. Corp. Account. Financ., vol. 15, no. 4, pp. 41–45, 2004.
[450] T. M. Harrison, S. Guerrero, G. B. Burke, M. Cook, A. Cresswell, N. Helbig, J. Hrdinova, and T. Pardo, “Open Government and E-Government: Democratic Challenges from a Public Value Perspective,” Inf. Polity Int. J. Gov. Democr. Inf. Age, vol. 17, no. 2, pp. 83–97, 2012.
[451] R. Michaely, A. Rubin, and A. Vedrashko, “Corporate Governance and the Timing of Earnings Announcements,” Rev. Financ., no. Idc, pp. 1–54, 2013.
[452] S. Deleersnyder, P. Chandra, K. Hinojosa, and B. De Win, “Software Assurance Maturity Model - Version 1.0,” 2009.
[453] M. Sako, “Outsourcing and Offshoring: Implications for Productivity of Business Services,” Oxford Rev. Econ. Policy, vol. 22, no. 4, pp. 499–512, Dec. 2006.
[454] M. Sako, “Outsourcing and Offshoring of Professional Services,” 2014.
[455] BIS, “10 Steps to Cyber Security,” pp. 1–22, 2012.
[456] F. R. Council, “Revisions to the Combined Code: Summary of Responses to Consultation,” London, 2008.
[457] P. Skott and F. Guy, “Power, Luck and Ideology: Technological and Institutional Parameters of the Agency Problem for CEOs,” Rev. Radic. Polit. Econ., vol. 45, pp. 323–332, 2013.
[458] N. Papanikolaou, S. Pearson, and M. C. Mont, “Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography,” Analysis, pp. 1–9, 2011.
[459] B. Duncan and M. Whittington, “The importance of proper measurement for a cloud security assurance model,” in Proceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015, 2016, pp. 517–522.
[460] T. Baums and K. E. Scott, “Taking Shareholder Protection Seriously? Corporate Governance in the United States and Germany,” Am. J. Comp. Law, vol. 53, no. 1, pp. 31–75, 2005.
[461] T. Sohail, L. A. Gordon, and M. P. Loeb, “To Tell or Not to Tell: Market Value of Voluntary Disclosures of Information Security Activities,” 2006.
[462] EU, “Unleashing the Potential of Cloud Computing in Europe,” Brussels, 2012.
[463] B. Duncan and M. Whittington, “Enhancing Cloud Security and Privacy: Broadening the Service Level Agreement,” in The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), 2015, pp. 1088–1093.
[464] J. Dibbern, T. Goles, R. Hirschheim, and B. Jayatilaka, “Information Systems Outsourcing,” Inf. Syst. Outsourcing, vol. 35, no. 7, pp. 6–102, 2009.
[465] D. J. Wood, “Measuring Corporate Social Performance: A Review,” Int. J. Manag. Rev., vol. 12, no. 1, pp. 50–84, 2010.
[466] R. Holland, A. Cser, E. Ferrara, J. Kindervag, R. Murphy, R. Parrish, M. Whitworth, and M. Maxim, “Quick Take: 12 Lessons For Security & Risk Pros From The US OPM Breach,” Forrester Research Inc, 2015. [Online]. Available: https://www.forrester.com/Quick+Take+12+Lessons+For+Security+Risk+Pros+From+The+US+OPM+Breach/fulltext/-/E-res123441.
[467] J. R. Heier, M. T. Dugan, and D. L. Sayers, “Sarbanes-Oxley and the Culmination of Internal Control Development: A Study of Reactive Evolution,” J. Account., no. January, pp. 1–16, 2003.
[468] S. A. Johnson, H. E. Ryan, and Y. S. Tian, “Executive Compensation and Corporate Fraud,” SSRN Electron. J., pp. 1–48, 2005.
[469] N. Papanikolaou, T. Rübsamen, and C. Reich, “A Simulation Framework to Model Accountability Controls for Cloud Computing,” CLOUD Comput. 2014, Fifth Int. Conf. Cloud Comput. GRIDs, Virtualization, no. c, pp. 12–19, 2014.
[470] C. Howard, “International Executive Compensation and Corporate Governance: How a Cross-Cultural Analysis of Executive Compensation Regulation Shows Diverging Trends in Corporate Governance,” Richmond J. Glob. Law Bus. Online, Forthcom., pp. 1–15, 2013.
[471] A. Kolk, “Sustainability, accountability and corporate governance: Exploring multinationals’ reporting practices.,” Bus. Strateg. Environ., vol. 17, no. 1, pp. 1–15, 2008.
[472] E. Engel, R. M. Hayes, and X. Wang, “The Sarbanes-Oxley Act and Firms’ Going-Private Decisions,” J. Account. Econ., vol. 44, no. 1–2, pp. 116–145, 2007.
[473] J. Prüfer, “How to govern the cloud? Characterizing the optimal enforcement institution that supports accountability in cloud computing,” Proc.  Int. Conf. Cloud Comput. Technol. Sci. CloudCom, vol. 2, pp. 33–38, 2013.
[474] A. A. SHACKELFORD, SCOTT J.  Proia and A. N. Martell, Brenton & CRAIG, “Toward a Global Cybersecurity Standard of Care?: Exploring the Implications of the 2014 NIST Cybersecurity Framework on Shaping Reasonable National and International Cybersecurity Practices,” Tex. Int. Law J., vol. 50, no. 2, pp. 303–353, 2015.
[475] L. J. Abbott, S. Parker, G. F. Peters, and D. V. Rama, “Corporate Governance, Audit Quality, and the Sarbanes-Oxley Act: Evidence from Internal Audit Outsourcing,” Account. Rev., vol. 82, no. 4, pp. 803–835, 2007.
[476] B. Duncan and M. Whittington, “Information Security in the Cloud: Should We be Using a Different Approach?,” in 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015, pp. 1–6.
[477] G. Simmonds, “Regulation of the UK Electricity Industry,” Regul. Ind. Br. CRI, pp. 1–143, 2002.
[478] E. B. Broshko and K. Li, “Corporate Governance Requirements in Canada and the United States,” Soc. Sci., pp. 1–21, 2006.
[479] T. Clarke, “Cycles of Crisis and Regulation: The enduring agency and stewardship problems of corporate governance,” Corp. Gov. An Int. Rev., vol. 12, no. 2, pp. 153–161, 2004.
[480] V. V. Acharya, O. F. Gottschalg, M. Hahn, and C. Kehoe, “Corporate governance and value creation: Evidence from private equity,” Rev. Financ. Stud., vol. 26, no. 2008, pp. 368–402, 2013.
[481] Z. Zheng and M. R. Lyu, “Selecting an Optimal Fault Tolerance Strategy for Reliable Service-Oriented Systems with Local and Global Constraints,” IEEE Trans. Comput., vol. 64, no. 1, pp. 219–232, 2015.
[482] R. Sandhu, R. Boppana, R. Krishnan, J. Reich, T. Wolff, and J. Zachry, “Towards a Discipline of Mission-Aware Cloud Computing,” Proc. 2010 ACM Work. Cloud Comput. Secur. Work. - CCSW ’10, vol. Di, no. 13, p. 13, 2010.
[483] D. H. Erkens, M. Hung, and P. Matos, “Corporate Governance in the 2007-2008 Financial Crisis: Evidence from Financial Institutions Worldwide,” J. Corp. Financ., vol. 18, no. 2, pp. 389–411, 2012.
[484] J. W. Ross and G. Westerman, “Preparing for utility computing: The role of IT architecture and relationship management,” IBM Syst. J., vol. 43, no. 1, pp. 5–19, 2004.
[485] O. Data, “Open Data Center Alliance Usage: Service Catalog,” pp. 1–16, 2011.
[486] S. Pearson, “Taking account of privacy when designing cloud computing services,” Proc. 2009 ICSE Work. Softw. Eng. Challenges Cloud Comput. CLOUD 2009, pp. 44–52, 2009.
[487] L. Denardis, “The Emerging Field of Internet Governance,” Internet Res., no. Hargittai, pp. 1–21, 2010.
[488] D. G. Baird and R. K. Rasmussen, “Law & Economics: Four (or Five) Easy Lessons From Enron,” Vanderbilt Law Rev., vol. 55, no. 2, pp. 1–28, 2002.
[489] R. Kates, “Sustainability Science,” in World Academies Conference Transition to Sustainabilityin 21st Century, 2000, no. May, pp. 1–11.
[490] S. Bradshaw, C. Millard, and I. Walden, “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services,” Int. J. Law Inf. Technol., vol. 19, no. 3, pp. 187–223, 2011.
[491] Data Protection Working Party, “Opinion 05/2012 on Cloud Computing,” Brussels, Article 29 of Directive 95/46/EC, 2012.
[492] J. Cummins and D. Bawden, “Accounting for information: Information and knowledge in the annual reports of FTSE 100 companies,” J. Inf. Sci., vol. 36, no. 3, pp. 283–305, Feb. 2010.
[493] V. Chang, R. Newman, R. J. Walters, and G. B. Wills, “Review of Economic Bubbles,” 2014.
[494] J. Birchall and L. H. Ketilson, Resilience of the Cooperative Business Model in Times of Crisis. International Labour Organization, 2009.
[495] UNODC, “Illicit Financial Flows,” 2011.
[496] L. E. Gadde, “Moving Corporate Boundaries: Consequences for Innovative Redesign,” J. Supply Chain Manag., vol. 49, no. 4, pp. 12–26, 2013.
[497] F. B. Shaikh and S. Haider, “Security Threats in Cloud Computing,” in Procedia - Social and Behavioral Sciences, 2011, vol. 20, no. December, pp. 568–576.
[498] I. Bojanova, G. Hurlburt, and J. Voas, “Today, the Internet of Things. Tomorrow, the Internet of Everything. Beyond that, perhaps, the Internet of Anything - a Radically Super-Connected Ecosystem Where Questions About Security, Trust, and Control Assume Entirely New Dimensions.,” information-development, p. 4, 2013.
[499] J. Fiksel, I. Goodman, and A. Hecht, “Resilience: Navigating toward a Sustainable Future,” Solutions, pp. 1–13, 2014.
[500] R. K. L. Ko, P. Jagadpramana, and B. S. Lee, “Flogger: A File-centric Logger for Monitoring File Access and Transfers within Cloud Computing Environments,” Proc. 10th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. 2011, 8th IEEE Int. Conf. Embed. Softw. Syst. ICESS 2011, 6th Int. Conf. FCST 2011, pp. 765–771, 2011.
[501] R. E. Rosen, “Risk Management and Corporate Governance: The Case of Enron,” Conn. Law Rev., vol. 35, no. 1157, pp. 1157–1184, 2003.
[502] C. C. V, “Security research alliance to promote network security,” 1999.
[503] CAMM, “Common Assurance Maturity Model,” 2011.
[504] A. Bessani, R. Kapitza, D. Petcu, P. Romano, S. V. Gogouvitis, D. Kyriazis, and R. G. Cascella, “A look to the old-world_sky: EU-funded dependability cloud computing research,” ACM SIGOPS Oper. Syst. Rev., vol. 46, no. 2, p. 43, 2012.
[505] K. Litvak, “The Effect of the Sarbanes-Oxley Act on Non-US Companies Cross-Listed in the US,” vol. 13, no. May 2006, pp. 195–228, 2007.
[506] C. S. Armstrong, J. L. Blouin, A. D. Jagolinzer, and D. F. Larcker, “Corporate Governance, Incentives and Tax Avoidance,” J. Account. Econ., no. 136, pp. 1–39, 2015.
[507] I. R. Guzman, K. Stam, S. Hans, and C. Angolano, “Cyber Security and Global Information Assurance,” IGI Global, Apr. 2009.
[508] R. M. Bushman and A. J. Smith, Financial accounting information and corporate governance, vol. 32, no. 1–3. 2001.
[509] P. Schwarz, “Information Privacy in the Cloud,” Tilburg, Vol. 2014-073, 2014.
[510] A. Lennard, “Stewardship and the Objectives of Financial Statements: A Comment on IASB’s Preliminary Views on an Improved Conceptual Framework for Financial Reporting: The Objective of Financial Reporting and Qualitative Characteristics of Decision-Useful Financial Re,” Account. Eur., vol. 4, no. 1, pp. 51–66, 2007.
[511] B. Duncan and M. Whittington, “Cloud Cyber-Security: Empowering the Audit Trail,” Forthcom. Int. J. Adv. Secur., vol. v9, no. 3&4, p. 15, 2017.
[512] K. Ruan, J. James, J. Carthy, and T. Kechadi, “Key terms for service level agreements to support cloud forensics,” in IFIP Advances in Information and Communication Technology, vol. 383 AICT, 2012, pp. 201–212.
[513] ICAEW, “Audit Quality: Agency theory and the role of audit,” London, 2005.
[514] P. W. Owen and M. Courtney, “Accountability and Regulation - Reporting Performance,” in Proceedings 27, 2001, pp. 1–16.
[515] T. Greenham, E. Cox, and J. Ryan-Collins, Mapping Economic Resilience: Literature review. 2013.
[516] SNIA, “Cloud data management interface,” 2010.
[517] V. Chang, R. J. Walters, and G. Wills, “The development that leads to the Cloud Computing Business Framework,” Int. J. Inf. Manage., pp. 1–22, 2013.
[518] T. K. Mackey and B. A. Liang, “The Global Counterfeit Drug Trade: Patient Safety and Public Health Risks,” J. Pharm. Sci., vol. 100, no. 11, pp. 4571–4579, 2011.
[519] M. Huse, “Accountability and Creating Accountability: a Framework for Exploring Behavioural Perspectives of Corporate Governance,” Br. J. Manag., vol. 16, no. S1, pp. S65–S79, Mar. 2005.
[520] G. Dionne and T. Triki, “Risk Management and Corporate Governance: The Importance of Independence and Financial Knowledge for the Board and the Audit Committee,” SSRN Electron. J., vol. 7, no. May, pp. 1–53, 2005.
[521] S. Pearson, M. C. Mont, and G. Kounga, “Enhancing accountability in the cloud via sticky policies,” in Communications in Computer and Information Science, 2011, vol. 187 CCIS, pp. 146–155.
[522] B. Duncan and M. Whittington, “Company Management Approaches — Stewardship or Agency: Which Promotes Better Security in Cloud Ecosystems?,” in Cloud Computing 2015, 2015, pp. 154–159.
[523] D. Bodeau, R. Graubart, L. Lapadula, A. Rosenthal, and J. Brennan, “Cyber Resiliency Metrics,” MITRE Rep. MP 120053 Rev 1., no. April, pp. 1–40, 2012.
[524] L. A. Cunningham, “The Appeal and Limits of Internal Controls to Fight Fraud, Terrorism, Other Ills,” Obstet. Gynecol., vol. 118, no. 5, pp. 1–76, 2011.
[525] D. W. Michaud, C. Dutton, and K. A. Magaram, “Empowering Board Audit Committees: Electronic Discovery to Facilitate Corporate Fraud Detection,” Providence, RI, 2006.
[526] C. Millard, I. Walden, and W. K. Hon, “Who is Responsible for ‘Personal Data’ in Cloud Computing? The Cloud of Unknowing, Part 2,” Leg. Stud., vol. 27, no. 77, pp. 1–31, 2012.
[527] H. Peck, “Resilience in the Food Chain: A Study of Business Continuity Management in the Food and Drink Industry,” 2006.