Author ORCID Identifier
Jing Liu: 0000-0001-9933-2328
Jun Zhang: 0000-0001-6275-9387
Hemin Jiang: 0000-0002-5269-7925
Jingzhi Zhang: 0000-0002-1913-7379
Mikko Siponen: 0000-0001-7041-1313
Abstract
To mitigate security risks, organizations often implement various controls to motivate employee information security policy (ISP) compliance. Although prior research has examined various controls influencing ISP compliance, most studies have focused on the effects of formal controls and paid relatively less attention to informal controls. This is especially evident in recent meta-analyses. Drawing on 183 independent studies, we conduct a meta-analysis with a focus on informal controls. Specifically, we synthesize and compare the effectiveness of informal controls (i.e., clan and self-controls) with formal controls in promoting ISP compliance. We find that informal controls are not only effective but also generally more effective than formal controls in motivating ISP compliance. Moreover, the influence of informal controls remains largely stable across contextual and methodological factors, whereas the effectiveness of formal controls is contingent upon factors such as national culture, policy specificity, and behavioral measurement type. Using a meta-analytic structural equation modeling approach, we further reveal that formal controls indirectly enhance ISP compliance by shaping employees’ perceptions of informal controls through socialization and internalization processes. These findings highlight the critical yet underexplored role of informal controls, and provide a nuanced understanding of how informal controls are shaped by formal controls.
Recommended Citation
Liu, J., Zhang, J., Jiang, H., Zhang, J., & Siponen, M. (In press). Understanding the Effects of Formal and Informal Controls on Employee Information Security Policy Compliance: A Meta-Analysis. Communications of the Association for Information Systems, 59, pp-pp. Retrieved from https://aisel.aisnet.org/cais/vol59/iss1/21
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.