Associate Professor, Emerging Technologies

Office: HH 289G-

Contact: 519-888-4567, ext. 48060



Alec graduated from Queen’s University in 2002 and worked as an IT Audit Manager at Deloitte before completing his MSc (2009) and PhD (2013). He is also a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP). Prior to joining the University of Waterloo, Alec was on the faculty of Bentley University from 2013-2019. His research focuses on how information systems control initiatives can contribute to improving the performance of organizational processes, including cybersecurity and algorithmic management. Alec's work has been published in a variety of outlets, including MIS Quarterly, Information Systems Research, Journal of Management Information Systems, Journal of the Association for Information Systems, Information Systems Journal, and European Journal of Information Systems. He also serves as associate editor at the Information Systems Journal and holds the J. Page R. Wadsworth Junior Chair in Accounting and Finance.

Selected Publications

Cram, W. A., D'Arcy, J., Benlian, A. (2023). Time Will Tell: A Case for an Idiographic Approach for Behavioral Cybersecurity Research. MIS Quarterly. Forthcoming.

Cram, W. A., D'Arcy, J. (2023). 'What a Waste of Time': An Examination of Cybersecurity Legitimacy. Information Systems Journal. Forthcoming. 

Cram, W. A., Yuan, J. (2023). Out with the Old, In with the New: Examining National Cybersecurity Strategy Changes over Time. Journal of Cyber Policy. Forthcoming.

Wiener, M., Cram, W. A., Benlian, A. (2023). Algorithmic Control and Gig Workers: A Legitimacy Perspective of Uber Drivers. European Journal of Information Systems, 32 (3), 485-507.

Wiener, M., Cram, W. A., Remus, U., Mähring, M. (2023). Control-Style Choices and Performance Impacts: How Should Senior IS Managers Enact Control Over Uncertain IS Projects? Decision Support Systems, 167, 113915.

Cram, W. A., Wang, T., Yuan, J. (2022). Cybersecurity Research in Accounting Information Systems: A Review and Framework. Journal of Emerging Technologies in Accounting, 20 (1), 15-38.

Cram, W. A., Wiener, M., Tarafdar, M., Benlian, A. (2022). Examining the Impact of Algorithmic Control on Uber Drivers' Technostress. Journal of Management Information Systems, 39 (2), 426-453.

Bitzer, T., Wiener, M., Cram, W. A. (2022). Algorithmic Transparency: Concepts, Antecedents, and Consequences – A Review and Research Framework. Communications of the Association for Information Systems, 52 (14), 293-331.

Benlian, A., Wiener, M., Cram, W. A., Krasnova, H., Maedche, A., Möhlmann, M., Recker, J., Remus, U. (2022). Algorithmic Management: Bright and Dark Sides, Practical Implications, and Research Opportunities. Business & Information Systems Engineering, 64, 825-839. 

Cram, W. A., Mouajou-Kenfack, R. (2022). Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications. Organizational Cybersecurity Journal. Forthcoming.

Walser, R., Cram, W. A., Bernroider, E. W. N., Wiener, M. S. (2021). Control Choices and Enactments in IS Development Projects: Implications for Legitimacy Perceptions and Compliance Intentions. Information & Management, 58 (7), 1-16. 

Cram, W. A., Proudfoot, J. G., D'Arcy, J. (2021). When Enough is Enough: Investigating the Antecedents and Consequences of Information Security Fatigue. Information Systems Journal, 31 (4), 521-549.

Cram, W. A., Templier, M., Paré, G. (2020). (Re)considering the Concept of Literature Review Reproducibility. Journal of the Association for Information Systems, 21 (5), 1103-1114.

Cram, W. A., Proudfoot, J. G., D'Arcy, J. (2020). Maximizing Employee Compliance with Cybersecurity Policies. MIS Quarterly Executive, 19 (3), 183-198.

Cram, W. A., Wiener, M. S. (2020). Technology-Mediated Control: Case Examples and Research Directions for the Future of Organizational Control. Communications of the Association for Information Systems, 46 (4), 70-91.

Wiener, M. S., Mähring, M., Remus, U., Saunders, C., Cram, W. A. (2019). Moving IS Project Control Research into the Digital Era: The ‘Why’ of Control and the Concept of Control Purpose. Information Systems Research, 30 (4), 1387-1401.

Cram, W. A., D'Arcy, J., Proudfoot, J. G. (2019). Seeing the Forest and the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance. MIS Quarterly, 43 (2), 525-554.

Cram, W. A. (2019). Agile Development in Practice: Lessons from the Trenches. Information Systems Management, 36 (1), 2-14.

Cram, W. A., Wiener, M. S. (2018). Perceptions of Control Legitimacy in Information Systems Development. Information Technology & People, 31 (3), 712-740.

Cram, W. A., Marabelli, M. (2018). Have Your Cake and Eat it Too? Simultaneously Pursuing the Knowledge Sharing Benefits of Agile and Traditional Development Approaches. Information & Management, 55 (3), 322-339.

Cram, W. A., Proudfoot, J. G., D'Arcy, J. (2017). Organizational Information Security Policies: A Review and Research Framework. European Journal of Information Systems, 26 (6), 605-641.

Cram, W. A., Gallupe, R. B. (2016). A Method to Evaluate Information Systems Control Alignment. Journal of Information Systems, 30 (1), 117-135.

Cram, W. A., Brohman, M. K., Gallupe, R. B. (2016). Information Systems Control: A Review and Framework for Emerging Information Systems Processes. Journal of the Association for Information Systems, 17 (4), 216-266.

Cram, W. A., Brohman, M. K., Gallupe, R. B. (2016). Hitting a moving target: A process model of information systems control change. Information Systems Journal, 26 (3), 195-226.

Cram, W. A., D'Arcy, J. (2016). Teaching Information Security in Business Schools: Current Practices and a Proposed Direction for the Future. Communications of the Association for Information Systems, 39 (1), 32-51.

Cram, W. A., Newell, S. (2016). Mindful Revolution or Mindless Trend? Examining Agile Development as a Management Fashion. European Journal of Information Systems, 25 (2), 154-169.

Cram, W. A., Brohman, M. K., Chan, Y. E., Gallupe, R. B. (2016). Information Systems Control Alignment: Complementary and Conflicting Systems Development Controls. Information & Management, 53 (2), 183-196.

Cram, W. A., Brohman, M. K., Gallupe, R. B. (2015). Addressing the Control Challenges of the Enterprise Architecture Process. Journal of Information Systems, 29 (2), 161-182.

Cram, W. A., Brohman, M. K. (2013). Controlling Information Systems Development: A New Typology for an Evolving Field. Information Systems Journal, 23 (2), 137-154.

University of Waterloo

Profiles by type