Keywords

gamification, information security, data privacy, compliance training

Abstract

Companies depend on strong internal controls to protect the integrity of accounting information systems. IT security and data privacy training are critical controls to safeguarding company information. However, employees often dislike the training, which can cause a lack of attention to and poor understanding of training concepts, leading to less effective internal controls. To improve the training experience, companies are implementing principles of games into employee training modules; a practice known as gamification. Using a laboratory experiment of data privacy training and a field study involving a publicly-traded bank’s rollout of IT security training, we test whether a training environment with basic gamification elements results in greater trainee satisfaction and knowledge acquisition than traditional, non-gamified training. We find basic gamification results in much higher satisfaction levels in the lab and field, but only marginally significant improvements in learning. Furthermore, these learning improvements are quite small (e.g., 1 to 3 percent). Finally, we find that “gamers” (i.e., those who participate in gaming on their own time) gain more knowledge from gamified training than “non-gamers,” even though gamers are less satisfied with gamified training.

Original Publication Citation

Baxter, R., D. K. Holderness, and D. A. Wood. 2016. Applying basic gamification techniques to IT compliance training: Evidence from the lab and field. Journal of Information Systems, 30 (3): 119-133. DOI: 10.2308/isys-51341.

Document Type

Peer-Reviewed Article

Publication Date

2016

Publisher

Journal of Information Systems

Language

English

College

Marriott School of Business

Department

Accountancy

University Standing at Time of Publication

Full Professor

Download

Included in

Accounting Commons

Share

COinS