W. Alec Cram

Associate Professor, Emerging Technologies: J. Page R. Wadsworth Junior Chair in Accounting and Finance

Office: HH 289G

-

Contact: 519-888-4567, ext. 48060

Email: wacram@uwaterloo.ca

Bio

Alec graduated from Queen’s University with a Bachelor of Commerce and worked as an IT Audit Manager at Deloitte before returning to Queen's for an MSc and PhD. He is also a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP). Prior to joining the University of Waterloo, Alec was on the faculty of Bentley University. His research explores the behavioural and emotional responses of employees to technology-based control initiatives, namely cybersecurity and algorithmic management. Alec's work has been published in a variety of outlets, including MIS Quarterly, Information Systems Research, Journal of Management Information Systems, Journal of the Association for Information Systems, Information Systems Journal, and European Journal of Information Systems. He serves as associate editor at the Information Systems Journal and holds the J. Page R. Wadsworth Junior Chair in Accounting and Finance.

Selected Publications

Mueller, L., Albrecht, G., Toutaoui, J., Benlian, A., Cram, W. A. (2024). Navigating role identity tensions — IT project managers’ identity work in agile information systems developmentEuropean Journal of Information Systems. Forthcoming.

Proudfoot, J. G., Cram, W. A., Madnick, S. (2024). Weathering the storm: Examining how organisations navigate the sea of cybersecurity regulations. European Journal of Information Systems. Forthcoming.

Cram, W. A., D'Arcy, J., Benlian, A. (2024). Time Will Tell: The Case for an Idiographic Approach to Behavioral Cybersecurity Research. MIS Quarterly, 48 (1), 95-136.

Proudfoot, J. G., Cram, W. A., Madnick, S., Coden. M. (2023). The Importance of Board Member Actions for Cybersecurity Governance and Risk Management. MIS Quarterly Executive, 22 (4), 235-250.

Cram, W. A., D'Arcy, J. (2023). 'What a Waste of Time': An Examination of Cybersecurity Legitimacy. Information Systems Journal, 33 (6), 1396-1422.

Cram, W. A., Yuan, J. (2023). Out with the Old, In with the New: Examining National Cybersecurity Strategy Changes over Time. Journal of Cyber Policy. 8 (1), 26-47.

Wiener, M., Cram, W. A., Benlian, A. (2023). Algorithmic Control and Gig Workers: A Legitimacy Perspective of Uber Drivers. European Journal of Information Systems, 32 (3), 485-507.

Wiener, M., Cram, W. A., Remus, U., Mähring, M. (2023). Control-Style Choices and Performance Impacts: How Should Senior IS Managers Enact Control Over Uncertain IS Projects? Decision Support Systems, 167, 113915.

Cram, W. A., Mouajou-Kenfack, R. (2023). Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications. Organizational Cybersecurity Journal, 3 (1), 1-17.

Cram, W. A., Wang, T., Yuan, J. (2023). Cybersecurity Research in Accounting Information Systems: A Review and Framework. Journal of Emerging Technologies in Accounting, 20 (1), 15-38.

Bitzer, T., Wiener, M., Cram, W. A. (2023). Algorithmic Transparency: Concepts, Antecedents, and Consequences – A Review and Research Framework. Communications of the Association for Information Systems, 52 (14), 293-331.

Cram, W. A., Wiener, M., Tarafdar, M., Benlian, A. (2022). Examining the Impact of Algorithmic Control on Uber Drivers' Technostress. Journal of Management Information Systems, 39 (2), 426-453.

Benlian, A., Wiener, M., Cram, W. A., Krasnova, H., Maedche, A., Möhlmann, M., Recker, J., Remus, U. (2022). Algorithmic Management: Bright and Dark Sides, Practical Implications, and Research Opportunities. Business & Information Systems Engineering, 64, 825-839. 

Walser, R., Cram, W. A., Bernroider, E. W. N., Wiener, M. S. (2021). Control Choices and Enactments in IS Development Projects: Implications for Legitimacy Perceptions and Compliance Intentions. Information & Management, 58 (7), 1-16. 

Cram, W. A., Proudfoot, J. G., D'Arcy, J. (2021). When Enough is Enough: Investigating the Antecedents and Consequences of Information Security Fatigue. Information Systems Journal, 31 (4), 521-549.

Cram, W. A., Templier, M., Paré, G. (2020). (Re)considering the Concept of Literature Review Reproducibility. Journal of the Association for Information Systems, 21 (5), 1103-1114.

Cram, W. A., Proudfoot, J. G., D'Arcy, J. (2020). Maximizing Employee Compliance with Cybersecurity Policies. MIS Quarterly Executive, 19 (3), 183-198.

Cram, W. A., Wiener, M. S. (2020). Technology-Mediated Control: Case Examples and Research Directions for the Future of Organizational Control. Communications of the Association for Information Systems, 46 (4), 70-91.

Wiener, M. S., Mähring, M., Remus, U., Saunders, C., Cram, W. A. (2019). Moving IS Project Control Research into the Digital Era: The ‘Why’ of Control and the Concept of Control Purpose. Information Systems Research, 30 (4), 1387-1401.

Cram, W. A., D'Arcy, J., Proudfoot, J. G. (2019). Seeing the Forest and the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance. MIS Quarterly, 43 (2), 525-554.

Cram, W. A. (2019). Agile Development in Practice: Lessons from the Trenches. Information Systems Management, 36 (1), 2-14.

Cram, W. A., Wiener, M. S. (2018). Perceptions of Control Legitimacy in Information Systems Development. Information Technology & People, 31 (3), 712-740.

Cram, W. A., Marabelli, M. (2018). Have Your Cake and Eat it Too? Simultaneously Pursuing the Knowledge Sharing Benefits of Agile and Traditional Development Approaches. Information & Management, 55 (3), 322-339.

Cram, W. A., Proudfoot, J. G., D'Arcy, J. (2017). Organizational Information Security Policies: A Review and Research Framework. European Journal of Information Systems, 26 (6), 605-641.

Cram, W. A., Gallupe, R. B. (2016). A Method to Evaluate Information Systems Control Alignment. Journal of Information Systems, 30 (1), 117-135.

Cram, W. A., Brohman, M. K., Gallupe, R. B. (2016). Information Systems Control: A Review and Framework for Emerging Information Systems Processes. Journal of the Association for Information Systems, 17 (4), 216-266.

Cram, W. A., Brohman, M. K., Gallupe, R. B. (2016). Hitting a moving target: A process model of information systems control change. Information Systems Journal, 26 (3), 195-226.

Cram, W. A., D'Arcy, J. (2016). Teaching Information Security in Business Schools: Current Practices and a Proposed Direction for the Future. Communications of the Association for Information Systems, 39 (1), 32-51.

Cram, W. A., Newell, S. (2016). Mindful Revolution or Mindless Trend? Examining Agile Development as a Management Fashion. European Journal of Information Systems, 25 (2), 154-169.

Cram, W. A., Brohman, M. K., Chan, Y. E., Gallupe, R. B. (2016). Information Systems Control Alignment: Complementary and Conflicting Systems Development Controls. Information & Management, 53 (2), 183-196.

Cram, W. A., Brohman, M. K., Gallupe, R. B. (2015). Addressing the Control Challenges of the Enterprise Architecture Process. Journal of Information Systems, 29 (2), 161-182.

Cram, W. A., Brohman, M. K. (2013). Controlling Information Systems Development: A New Typology for an Evolving Field. Information Systems Journal, 23 (2), 137-154.