umu.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 16) Show all publications
Öbrand, L., Augustsson, N.-P., Mathiassen, L. & Holmström, J. (2019). The interstitiality of IT risk: an inquiry into information systems development practices. Information Systems Journal, 29(1), 97-118
Open this publication in new window or tab >>The interstitiality of IT risk: an inquiry into information systems development practices
2019 (English)In: Information Systems Journal, ISSN 1350-1917, E-ISSN 1365-2575, Vol. 29, no 1, p. 97-118Article in journal (Refereed) Published
Abstract [en]

Information systems development (ISD) has been part of the core of information systems for over 40 years. Throughout its history, the issue of risk has been closely related to ISD projects, and significant efforts have been made by researchers and practitioners to improve their quality. While important headway has been made in assessing and resolving ISD risk, the literature shows that new and salient risks emerge outside the scope of extant risk management regimes. As a consequence, organizations still struggle with leveraging new tech- nology as projects continue to fail at almost the same rate, albeit for different reasons. Understood as the distinction between reality and possibility, risk is inherently intertwined with practice and rooted in the knowledge, goals, power, and values of specific actors in particular contexts. Hence, to understand how risks emerge, we present a longitudinal case study in which we trace the origin and locus of risks in contemporary ISD practices. We draw on these insights to theorize information technology risk as increasingly inter- stitial, originating from sources positioned in between established practices and therefore outside the scope of conventional risk anal- yses. In conclusion, we discuss interstitial risks as an important form of emergent risk with implications for both research and practice.

Place, publisher, year, edition, pages
John Wiley & Sons, 2019
Keywords
risk management, interstitiality, emergence, ISD
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-154441 (URN)10.1111/isj.12178 (DOI)000452626400005 ()2-s2.0-85042562406 (Scopus ID)
Available from: 2018-12-18 Created: 2018-12-18 Last updated: 2019-09-05Bibliographically approved
Skog, D. A. & Öbrand, L. (2019). What Materiality is not, Materializing is:  Theorizing the Role of Digital Technology in Process Studies. In: : . Paper presented at 11th International Process Symposium (PROS), Chania, Greece, June 19-22, 2019..
Open this publication in new window or tab >>What Materiality is not, Materializing is:  Theorizing the Role of Digital Technology in Process Studies
2019 (English)Conference paper, Oral presentation only (Other academic)
National Category
Information Systems
Identifiers
urn:nbn:se:umu:diva-159787 (URN)
Conference
11th International Process Symposium (PROS), Chania, Greece, June 19-22, 2019.
Available from: 2019-06-07 Created: 2019-06-07 Last updated: 2019-06-13Bibliographically approved
Öbrand, L., Holmström, J. & Mathiassen, L. (2018). Between a rock and a hard place: facing dilemmas in IT risk management. Journal of Information Technology Theory and Application, 19(3), 22-44
Open this publication in new window or tab >>Between a rock and a hard place: facing dilemmas in IT risk management
2018 (English)In: Journal of Information Technology Theory and Application, ISSN 1552-6496, E-ISSN 1532-4516, Vol. 19, no 3, p. 22-44Article in journal (Refereed) Published
Abstract [en]

In this paper, we extend IT risk management theory using evidence gleaned from IT-enabled process management in a Swedish pulp and paper factory. Our analyses of risk management practices in the factory’s core process revealed surprising insights. As organizational actors managed process related IT risks to ensure that the core production process was running 24/7, they generated strategic IT risks that threatened the sustainability of the process infrastructure. However, they could not manage these strategic risks without jeopardizing the 24/7 operation. Hence, they inadvertently found themselves between a rock and a hard place where they could not mitigate one high priority risk without generating another. Drawing on practice theory, we explain the observed risk management practices, introduce the notion of risk dilemmas, and discuss the practice-based view of risk as a useful approach to advancing IT risk management theory.

Place, publisher, year, edition, pages
Association for Information Systems, 2018
Keywords
Risk, Risk Management, Practice Theory, Information Technology
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110659 (URN)
Note

Originally included in thesis in manuscript form

Available from: 2015-10-26 Created: 2015-10-26 Last updated: 2018-12-18Bibliographically approved
Öbrand, L., Holmström, J. & Newman, M. (2018). Navigating Rumsfeld's quadrants: A performative perspective on IT risk management. Technology in society, 53, 1-8
Open this publication in new window or tab >>Navigating Rumsfeld's quadrants: A performative perspective on IT risk management
2018 (English)In: Technology in society, ISSN 0160-791X, E-ISSN 1879-3274, Vol. 53, p. 1-8Article in journal (Refereed) Published
Abstract [en]

In this paper, we contribute to risk management theory by investigating the internal dynamics of IT risks in contemporary organizations. We explore how digitization of previously physical organizational con- texts trigger risk by conceptualizing risk management from a performative perspective and the assumption that risks are sociomaterial by nature. Through an exploratory case study of the risk man- agement practices at a paper and pulp factory, we analyze the different epistemic strategies employed by the practitioners as proactive, reactive and adaptive. We discuss how and why these strategies emerge as a result of the sociomaterial configurations. 

Place, publisher, year, edition, pages
Elsevier, 2018
Keywords
Risk, Digital technologies, Practice, Case study
National Category
Information Systems, Social aspects
Research subject
computer and systems sciences
Identifiers
urn:nbn:se:umu:diva-144195 (URN)10.1016/j.techsoc.2017.09.009 (DOI)000432467300001 ()
Available from: 2018-01-25 Created: 2018-01-25 Last updated: 2018-06-27Bibliographically approved
Öbrand, L. (2015). Information infrastructure risk: perspectives, practices & technologies. (Doctoral dissertation). Umeå: Umeå universitet
Open this publication in new window or tab >>Information infrastructure risk: perspectives, practices & technologies
2015 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This dissertation investigates the nature and management of information infrastructure risks in organizations. Specifically, it examines how practitioners identify and manage threats towards their organizational aims, and suggests ways of achieving sustainable risk management, in settings characterized by the integration of information technology (IT) and organizational processes. The dissertation is motivated by the difficulties organizations encounter when attempting to leverage IT as an organizational resource and the observation that IT projects have high rates of failure despite three decades of research on and practice of risk management in Information Systems (IS). Three aspects of the underlying logic of existing research and practice on IS risk management are challenged: (1) the infrastructural character of IT is suggested to be consequential for organizational risk management, however not recognized by either IS research on risk or risk experts, (2) risk management is enacted within and across practices beyond the boundaries of formal risk management models, and subsequently, (3) risks are increasingly emergent rather than predictable. To investigate such risks and risk management processes the studies in the dissertation build on information infrastructure theory and practice theory and a qualitative approach.

As the role of IT in organizations has changed significantly over the last decades, so has both practice and research concerned with IT related risks. Research on risk in the field of IS has thus come to encompass a large variety of levels of analysis, risk levels and dimensions, organizational processes and research approaches. An analysis of the extant literature shows that despite this richness, it still does not account, or offer support, for situations characterized by a high degree of uncertainty and equivocality. In these kinds of situations, risks are typically emergent and cannot be identified or managed by the prescriptions found within the IS discourse. However, emergence has long been recognized as a characteristic of the organizational consequences of information technology. Paradoxically, while most IS scholars would recognize the socio-technical, or even sociomaterial, nature of IT, it has had little impact on research on risk in our field.

A key argument in this dissertation is that theories of technology and organizational change within IS are equally valid for practice and research on IT related risk and risk management. Information infrastructure theory has been influential in improving our understanding of the changing nature and role of contemporary IT in organizational processes. It highlights the infrastructural character of IT, technological agency, and the entanglement of IT and organizational practices. Grounded in information infrastructure theory, this dissertation examines how practitioners identify, assess, prioritize and resolve risk in their everyday organizational practices. While risk has been used as a concept to characterize the underlying logic of information infrastructure evolution, scant attention has been paid to the particularities of risk emergence and operational risk management practices. As such, existing IS research on risk management explains why risk emerges but not how. The notion of practice has recently gained momentum in the IS field for its usefulness as an analytical lens in approaching complex, dynamic and emergent phenomena, and it is reflective of information infrastructure theory in its fundamental ontological and epistemological assumptions. All of the papers included in this dissertation build, to varying degrees, on information infrastructure theory and a practice approach.

The dissertation contributes new knowledge to research on information infrastructure risk and risk management in IS by theorizing information infrastructure risk as emergent, interstitial, and rooted in practice and sociomaterial contexts.

Place, publisher, year, edition, pages
Umeå: Umeå universitet, 2015. p. 77
Series
Research reports in informatics, ISSN 1401-4572 ; 15.02
Keywords
Risk, risk management, practice research, information infrastructure theory
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110665 (URN)978-91-7601-340-3 (ISBN)
Public defence
2015-11-18, MIT-huset, sal MA121, Umeå universitet, Umeå, 13:00 (English)
Opponent
Supervisors
Available from: 2015-10-28 Created: 2015-10-26 Last updated: 2018-06-07Bibliographically approved
Öbrand, L. & Holmström, J. (2013). Recalcitrant technologies and unfolding ontologies: exploring the emergent character of IT risks and epistemic strategies in IT risk management. In: : . Paper presented at The 29th European Group for Organization Studies (EGOS) Colloquium, Montreal, July 4-6, 2013.
Open this publication in new window or tab >>Recalcitrant technologies and unfolding ontologies: exploring the emergent character of IT risks and epistemic strategies in IT risk management
2013 (English)Conference paper, Oral presentation only (Other academic)
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-88265 (URN)
Conference
The 29th European Group for Organization Studies (EGOS) Colloquium, Montreal, July 4-6, 2013
Available from: 2014-04-29 Created: 2014-04-29 Last updated: 2019-05-08Bibliographically approved
Öbrand, L., Augustsson, N.-P., Holmström, J. & Mathiassen, L. (2012). The Emergence of Information Infrastructure Risk Management in IT Services. In: Ralph H. Sprague, Jr. (Ed.), Proceedings of 45th Annual Hawaii International Conference of Systems Science (HICSS): . Paper presented at 45th Hawaii International Conference on Systems Sciences (HICSS), 4–7 January 2012, Maui, Hawaii (pp. 4904-4913). Los Alamitos: IEEE Computer Society
Open this publication in new window or tab >>The Emergence of Information Infrastructure Risk Management in IT Services
2012 (English)In: Proceedings of 45th Annual Hawaii International Conference of Systems Science (HICSS) / [ed] Ralph H. Sprague, Jr., Los Alamitos: IEEE Computer Society, 2012, p. 4904-4913Conference paper, Published paper (Refereed)
Abstract [en]

Failure to understand, identify, and manage risk is often cited as a major cause of IT problems. While the project is the preferred level of analysis in most IT risk management research, IT is becoming increasingly infrastructural, and there is therefore a need to adapt risk strategies beyond the project level. In this paper, we explore how risk management practices in a successful IT service provider group emerged over time as the group coped with infrastructural dynamics and complexities. Drawing on Orlikowski's practice lens, we investigate actual practices and possible options related to risk management as rapid technological and organizational changes resulted in increased infrastructure management challenges for the IT service provider. Our research contributes to the IT risk management literature by applying risk theory to service management in the infrastructural domain and by moving beyond the project as level of analysis.

Place, publisher, year, edition, pages
Los Alamitos: IEEE Computer Society, 2012
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-52975 (URN)978-0-7695-4525-7 (ISBN)978-1-4577-1925-7 (ISBN)
Conference
45th Hawaii International Conference on Systems Sciences (HICSS), 4–7 January 2012, Maui, Hawaii
Note

INSPEC Accession Number: 12540848

Available from: 2012-04-02 Created: 2012-03-08 Last updated: 2018-06-08Bibliographically approved
Rönnbäck, L. & Holmström, J. (2011). A Case Against the Checklist Approach: Exploring Epistemic Strategies in IT Risk Management. Paper presented at Nordic Academy of Management Conference, August 20-24 2011, School of Business, Stockholm University, Stockholm.
Open this publication in new window or tab >>A Case Against the Checklist Approach: Exploring Epistemic Strategies in IT Risk Management
2011 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Practice-based perspectives in information systems have established how, in instances of information technology use, the user exercises considerable discretion in their appropriation of the technology with local workarounds and situated improvisations. Today, information systems research has a considerable stock of cases demonstrating the malleability of technology. We analyse the question, not pursued with much energy to date within practice-based perspectives, of how risk management practices in IT-enabled process management are enacted. Research on IT risk has over the last decades produced a number of frameworks and checklists to identify and manage risk, allowing for a proactive approach to e.g. IT development projects. Still, IT-projects fail more often than not and even the most proficient managers have difficulty in managing IT as an organizational resource. This paper introduces a framework for the analysis of software risk as knowledge systems (Holzner & Marx, 1979) composed of a set of knowledge processes, as they are enacted in the context of software risk management: reactive, proactive and adaptive IT risk management. We position ourselves in line with works that take a practice-based approach on knowledge and learning (Lave and Wenger, 1991; Wenger, 2000), which emphasise how knowledge is local, social, situated and closely linked to practice. However, another central premise behind our framework is that knowledge is not only local and situated, but also linked to larger established 'systems of knowledge'. This may imply that knowledge generation does not happen freely, but is highly contingent on the context in which knowledge generation is situated. In order to manage risk in the increasingly dynamic environment of organizational life, we argue that adaptive IT risk management provides organizations with a more powerful approach than we find in the reactive and proactive approach to IT risk management.

National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-52976 (URN)
Conference
Nordic Academy of Management Conference, August 20-24 2011, School of Business, Stockholm University, Stockholm
Available from: 2012-03-30 Created: 2012-03-08 Last updated: 2018-06-08Bibliographically approved
Rönnbäck, L. (2010). The crux of integration: exploring infrastructure evolution in the process industry. In: Jonny Holmström, Mikael Wiberg & Andreas Lund (Ed.), Industrial informatics design, use and innovation: perspectives and services (pp. 73-84). Hershey: IGI Global
Open this publication in new window or tab >>The crux of integration: exploring infrastructure evolution in the process industry
2010 (English)In: Industrial informatics design, use and innovation: perspectives and services / [ed] Jonny Holmström, Mikael Wiberg & Andreas Lund, Hershey: IGI Global , 2010, p. 73-84Chapter in book (Other academic)
Abstract [en]

The purpose of this chapter is to identify and explore critical challenges for the process industry in IT infrastructure integration and adaptation. The authors identify four critical challenges in the integration and adaption of IT infrastructure in the process industry: integration as an ongoing process; maintaining stability in the installed base; locking the right stuff in; and balancing user value, continuity of production and compatibility. Given the centrality of IT infrastructure in today’s process industries the importance of dealing with these challenges must be emphasized. The four challenges identified in this study are of such a complexity they can only lend themselves to the evolutionary strategy. Such a strategy is in concert with the sensibility towards risk the authors find in the paper industry.

Place, publisher, year, edition, pages
Hershey: IGI Global, 2010
Keywords
Manufacturing Process- Information Services, Production Engineering - Data Processing, Computer integrated manufacturing systems, Management information systems
Identifiers
urn:nbn:se:umu:diva-38464 (URN)10.4018/978-1-61520-692-6.ch007 (DOI)978-1-61520-692-6 (ISBN)978-1-61520-693-3 (ISBN)
Available from: 2010-12-20 Created: 2010-12-15 Last updated: 2018-06-08Bibliographically approved
Rönnbäck, L. & Holmström, J. (2008). Attention shaping in risk assessment processes: an action research study. In: Asproth, Viveca (Ed.), Public systems in the future: possibilities, challenges and pitfalls. Paper presented at IRIS 31, Information Systems Research in Scandinavia, Åre Sweden August 10-13.
Open this publication in new window or tab >>Attention shaping in risk assessment processes: an action research study
2008 (English)In: Public systems in the future: possibilities, challenges and pitfalls / [ed] Asproth, Viveca, 2008Conference paper, Published paper (Refereed)
Abstract [en]

This paper present an action research study conducted at Smurfit Kappa Kraftliner, in which a risk assessment method was used to identify risks related to their use of IT in the production. The aim of the paper is to create a better understanding of the risk management methods needed in addressing the complexities of todayʼs plant information systems. The result of the study is an adaption of the risk assessment method used to allow for identification of more complex, socio-technical risks.

Identifiers
urn:nbn:se:umu:diva-20540 (URN)
Conference
IRIS 31, Information Systems Research in Scandinavia, Åre Sweden August 10-13
Available from: 2009-03-20 Created: 2009-03-20 Last updated: 2018-06-09Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2573-5786

Search in DiVA

Show all publications