Umeå University's logo

umu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Between a rock and a hard place: facing dilemmas in IT risk management
Umeå University, Faculty of Social Sciences, Department of Informatics. (IT management)
Umeå University, Faculty of Social Sciences, Department of Informatics.
Georgia State University.
2018 (English)In: Journal of Information Technology Theory and Application, ISSN 1552-6496, E-ISSN 1532-4516, Vol. 19, no 3, p. 22-44Article in journal (Refereed) Published
Abstract [en]

In this paper, we extend IT risk management theory using evidence gleaned from IT-enabled process management in a Swedish pulp and paper factory. Our analyses of risk management practices in the factory’s core process revealed surprising insights. As organizational actors managed process related IT risks to ensure that the core production process was running 24/7, they generated strategic IT risks that threatened the sustainability of the process infrastructure. However, they could not manage these strategic risks without jeopardizing the 24/7 operation. Hence, they inadvertently found themselves between a rock and a hard place where they could not mitigate one high priority risk without generating another. Drawing on practice theory, we explain the observed risk management practices, introduce the notion of risk dilemmas, and discuss the practice-based view of risk as a useful approach to advancing IT risk management theory.

Place, publisher, year, edition, pages
Association for Information Systems, 2018. Vol. 19, no 3, p. 22-44
Keywords [en]
Risk, Risk Management, Practice Theory, Information Technology
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:umu:diva-110659OAI: oai:DiVA.org:umu-110659DiVA, id: diva2:864135
Note

Originally included in thesis in manuscript form

Available from: 2015-10-26 Created: 2015-10-26 Last updated: 2023-10-02Bibliographically approved
In thesis
1. Information infrastructure risk: perspectives, practices & technologies
Open this publication in new window or tab >>Information infrastructure risk: perspectives, practices & technologies
2015 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This dissertation investigates the nature and management of information infrastructure risks in organizations. Specifically, it examines how practitioners identify and manage threats towards their organizational aims, and suggests ways of achieving sustainable risk management, in settings characterized by the integration of information technology (IT) and organizational processes. The dissertation is motivated by the difficulties organizations encounter when attempting to leverage IT as an organizational resource and the observation that IT projects have high rates of failure despite three decades of research on and practice of risk management in Information Systems (IS). Three aspects of the underlying logic of existing research and practice on IS risk management are challenged: (1) the infrastructural character of IT is suggested to be consequential for organizational risk management, however not recognized by either IS research on risk or risk experts, (2) risk management is enacted within and across practices beyond the boundaries of formal risk management models, and subsequently, (3) risks are increasingly emergent rather than predictable. To investigate such risks and risk management processes the studies in the dissertation build on information infrastructure theory and practice theory and a qualitative approach.

As the role of IT in organizations has changed significantly over the last decades, so has both practice and research concerned with IT related risks. Research on risk in the field of IS has thus come to encompass a large variety of levels of analysis, risk levels and dimensions, organizational processes and research approaches. An analysis of the extant literature shows that despite this richness, it still does not account, or offer support, for situations characterized by a high degree of uncertainty and equivocality. In these kinds of situations, risks are typically emergent and cannot be identified or managed by the prescriptions found within the IS discourse. However, emergence has long been recognized as a characteristic of the organizational consequences of information technology. Paradoxically, while most IS scholars would recognize the socio-technical, or even sociomaterial, nature of IT, it has had little impact on research on risk in our field.

A key argument in this dissertation is that theories of technology and organizational change within IS are equally valid for practice and research on IT related risk and risk management. Information infrastructure theory has been influential in improving our understanding of the changing nature and role of contemporary IT in organizational processes. It highlights the infrastructural character of IT, technological agency, and the entanglement of IT and organizational practices. Grounded in information infrastructure theory, this dissertation examines how practitioners identify, assess, prioritize and resolve risk in their everyday organizational practices. While risk has been used as a concept to characterize the underlying logic of information infrastructure evolution, scant attention has been paid to the particularities of risk emergence and operational risk management practices. As such, existing IS research on risk management explains why risk emerges but not how. The notion of practice has recently gained momentum in the IS field for its usefulness as an analytical lens in approaching complex, dynamic and emergent phenomena, and it is reflective of information infrastructure theory in its fundamental ontological and epistemological assumptions. All of the papers included in this dissertation build, to varying degrees, on information infrastructure theory and a practice approach.

The dissertation contributes new knowledge to research on information infrastructure risk and risk management in IS by theorizing information infrastructure risk as emergent, interstitial, and rooted in practice and sociomaterial contexts.

Place, publisher, year, edition, pages
Umeå: Umeå universitet, 2015. p. 77
Series
Research reports in informatics, ISSN 1401-4572 ; 15.02
Keywords
Risk, risk management, practice research, information infrastructure theory
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110665 (URN)978-91-7601-340-3 (ISBN)
Public defence
2015-11-18, MIT-huset, sal MA121, Umeå universitet, Umeå, 13:00 (English)
Opponent
Supervisors
Available from: 2015-10-28 Created: 2015-10-26 Last updated: 2018-06-07Bibliographically approved

Open Access in DiVA

fulltext(769 kB)206 downloads
File information
File name FULLTEXT02.pdfFile size 769 kBChecksum SHA-512
804221225c3e0d7a81e45dbc921f06619035290e98501444e676201b544be59a3232858e7e37790ca297285f22db9c5d7f4a278a20938ee2d36978fa48282bf7
Type fulltextMimetype application/pdf

Other links

URL

Authority records

Öbrand, LarsHolmström, Jonny

Search in DiVA

By author/editor
Öbrand, LarsHolmström, Jonny
By organisation
Department of Informatics
In the same journal
Journal of Information Technology Theory and Application
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 209 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 879 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf