MIS Quarterly, 2015, Volume 39,
Issue 2, Page 345-366.
Access-policy violations are a growing problem with substantial costs for organizations. Although training programs and sanctions have been suggested as a means of reducing these violations, evidence shows the problem persists. It is thus imperative to identify additional ways to reduce access-policy violations, especially for systems providing broad access to data. We use accountability theory to develop four user-interface (UI) design artifacts that raise users' accountability perceptions within systems and in turn decrease access-policy violations. To test our model, we uniquely applied the scenario-based factorial survey method to various graphical manipulations of a records system containing sensitive information at a large organization with over 300 end users who use the system daily. We show that the UI design artifacts corresponding to four submanipulations of accountability can raise accountability and reduce access policy violation intentions. Our findings have several theoretical and practical implications for increasing accountability using UI design. Moreover, we are the first to extend the scenario-based factorial survey method to test design artifacts. This method provides the ability to use more design manipulations and to test with fewer users than is required in traditional experimentation and research on humanÐcomputer interaction. We also provide bootstrapping tests of mediation and moderation and demonstrate how to analyze fixed and random effects within the factorial survey method optimally.
Keywords: Accountability theory; identifiability; expectation of evaluation; awareness of monitoring; social presence; factorial survey method; user-interface design; information security policy violations; unauthorized access; mediation; moderation