Umeå University's logo

umu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Information infrastructure risk: perspectives, practices & technologies
Umeå University, Faculty of Social Sciences, Department of Informatics. (IT management)
2015 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This dissertation investigates the nature and management of information infrastructure risks in organizations. Specifically, it examines how practitioners identify and manage threats towards their organizational aims, and suggests ways of achieving sustainable risk management, in settings characterized by the integration of information technology (IT) and organizational processes. The dissertation is motivated by the difficulties organizations encounter when attempting to leverage IT as an organizational resource and the observation that IT projects have high rates of failure despite three decades of research on and practice of risk management in Information Systems (IS). Three aspects of the underlying logic of existing research and practice on IS risk management are challenged: (1) the infrastructural character of IT is suggested to be consequential for organizational risk management, however not recognized by either IS research on risk or risk experts, (2) risk management is enacted within and across practices beyond the boundaries of formal risk management models, and subsequently, (3) risks are increasingly emergent rather than predictable. To investigate such risks and risk management processes the studies in the dissertation build on information infrastructure theory and practice theory and a qualitative approach.

As the role of IT in organizations has changed significantly over the last decades, so has both practice and research concerned with IT related risks. Research on risk in the field of IS has thus come to encompass a large variety of levels of analysis, risk levels and dimensions, organizational processes and research approaches. An analysis of the extant literature shows that despite this richness, it still does not account, or offer support, for situations characterized by a high degree of uncertainty and equivocality. In these kinds of situations, risks are typically emergent and cannot be identified or managed by the prescriptions found within the IS discourse. However, emergence has long been recognized as a characteristic of the organizational consequences of information technology. Paradoxically, while most IS scholars would recognize the socio-technical, or even sociomaterial, nature of IT, it has had little impact on research on risk in our field.

A key argument in this dissertation is that theories of technology and organizational change within IS are equally valid for practice and research on IT related risk and risk management. Information infrastructure theory has been influential in improving our understanding of the changing nature and role of contemporary IT in organizational processes. It highlights the infrastructural character of IT, technological agency, and the entanglement of IT and organizational practices. Grounded in information infrastructure theory, this dissertation examines how practitioners identify, assess, prioritize and resolve risk in their everyday organizational practices. While risk has been used as a concept to characterize the underlying logic of information infrastructure evolution, scant attention has been paid to the particularities of risk emergence and operational risk management practices. As such, existing IS research on risk management explains why risk emerges but not how. The notion of practice has recently gained momentum in the IS field for its usefulness as an analytical lens in approaching complex, dynamic and emergent phenomena, and it is reflective of information infrastructure theory in its fundamental ontological and epistemological assumptions. All of the papers included in this dissertation build, to varying degrees, on information infrastructure theory and a practice approach.

The dissertation contributes new knowledge to research on information infrastructure risk and risk management in IS by theorizing information infrastructure risk as emergent, interstitial, and rooted in practice and sociomaterial contexts.

Place, publisher, year, edition, pages
Umeå: Umeå universitet , 2015. , p. 77
Series
Research reports in informatics, ISSN 1401-4572 ; 15.02
Keywords [en]
Risk, risk management, practice research, information infrastructure theory
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:umu:diva-110665ISBN: 978-91-7601-340-3 (print)OAI: oai:DiVA.org:umu-110665DiVA, id: diva2:864156
Public defence
2015-11-18, MIT-huset, sal MA121, Umeå universitet, Umeå, 13:00 (English)
Opponent
Supervisors
Available from: 2015-10-28 Created: 2015-10-26 Last updated: 2018-06-07Bibliographically approved
List of papers
1. IT-adaptation challenges in the process industry: an exploratory case study
Open this publication in new window or tab >>IT-adaptation challenges in the process industry: an exploratory case study
2007 (English)In: Industrial management & data systems, ISSN 0263-5577, E-ISSN 1758-5783, Vol. 107, no 9, p. 1276-1289Article in journal (Refereed) Published
Abstract [en]

Purpose – This paper seeks to identify and explore critical challenges for the process industry in information technology (IT) infrastructure integration and adaptation.

Design/methodology/approach – An exploratory case study was conducted at a paper mill and their main IT-vendor. Using a qualitative approach eight semi-structured interviews were carried out with representatives from both organizations.

Findings – The paper identifies four critical challenges in the integration and adaptation of IT-infrastructure in the process industry: integration as an ongoing process; maintaining stability in the installed base; locking the right stuff in; and balancing user value, continuity of production and compatibility.

Practical implications – Given the centrality of IT infrastructure in today’s process industries, the importance of dealing with these challenges must be emphasized. The four challenges identified in this study are of such a complexity that they can only lend themselves to the evolutionary strategy. Such a strategy is in concert with the sensibility towards risk found in the paper industry.

Originality/value – This paper contributes by building on and expanding IT-infrastructure literature, as a result of exploring IT-adaptation challenges in process industry organizations. The findings also provide managers with a valuable insight into recognizing and handling these challenges.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2007
Keywords
Integration, Communication technologies, Paper industry, Sweden
National Category
Information Systems
Identifiers
urn:nbn:se:umu:diva-6945 (URN)10.1108/02635570710833965 (DOI)2-s2.0-35748939075 (Scopus ID)
Available from: 2008-01-01 Created: 2008-01-01 Last updated: 2023-03-24Bibliographically approved
2. Between a rock and a hard place: facing dilemmas in IT risk management
Open this publication in new window or tab >>Between a rock and a hard place: facing dilemmas in IT risk management
2018 (English)In: Journal of Information Technology Theory and Application, ISSN 1552-6496, E-ISSN 1532-4516, Vol. 19, no 3, p. 22-44Article in journal (Refereed) Published
Abstract [en]

In this paper, we extend IT risk management theory using evidence gleaned from IT-enabled process management in a Swedish pulp and paper factory. Our analyses of risk management practices in the factory’s core process revealed surprising insights. As organizational actors managed process related IT risks to ensure that the core production process was running 24/7, they generated strategic IT risks that threatened the sustainability of the process infrastructure. However, they could not manage these strategic risks without jeopardizing the 24/7 operation. Hence, they inadvertently found themselves between a rock and a hard place where they could not mitigate one high priority risk without generating another. Drawing on practice theory, we explain the observed risk management practices, introduce the notion of risk dilemmas, and discuss the practice-based view of risk as a useful approach to advancing IT risk management theory.

Place, publisher, year, edition, pages
Association for Information Systems, 2018
Keywords
Risk, Risk Management, Practice Theory, Information Technology
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110659 (URN)
Note

Originally included in thesis in manuscript form

Available from: 2015-10-26 Created: 2015-10-26 Last updated: 2023-10-02Bibliographically approved
3. Recalcitrant technologies and unfolding ontologies: exploring epistemic strategies in IT risk management
Open this publication in new window or tab >>Recalcitrant technologies and unfolding ontologies: exploring epistemic strategies in IT risk management
(English)Manuscript (preprint) (Other academic)
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110660 (URN)
Available from: 2015-10-26 Created: 2015-10-26 Last updated: 2018-06-07
4. Information infrastructure risk: a longitudinal study of risk emergence in supplier practices
Open this publication in new window or tab >>Information infrastructure risk: a longitudinal study of risk emergence in supplier practices
(English)Manuscript (preprint) (Other academic)
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110662 (URN)
Available from: 2015-10-26 Created: 2015-10-26 Last updated: 2018-06-07
5. Managing information infrastructure risk: problems, causes, cures
Open this publication in new window or tab >>Managing information infrastructure risk: problems, causes, cures
(English)Manuscript (preprint) (Other academic)
National Category
Information Systems, Social aspects
Identifiers
urn:nbn:se:umu:diva-110664 (URN)
Available from: 2015-10-26 Created: 2015-10-26 Last updated: 2018-06-07

Open Access in DiVA

Information Infrastructure Risk(934 kB)2050 downloads
File information
File name FULLTEXT02.pdfFile size 934 kBChecksum SHA-512
71cbac99fdef5288d50c7b949b96141fd7ffdae2bd75adeed059d9293cb8f93c6cea38d7bb91e3049b9c4d528cac5ee240638dd467ae3bbd59aa63b85dee4b34
Type fulltextMimetype application/pdf
Spikblad(75 kB)74 downloads
File information
File name SPIKBLAD01.pdfFile size 75 kBChecksum SHA-512
ebac0c23213e4fbf3449fe5d0b161fc630a46c341b4a3339c809b09309c9b8d481f288a3069850849ad8bdce3af6958b568c7632cc71b100f63b4e4c9b1fa426
Type spikbladMimetype application/pdf

Authority records

Öbrand, Lars

Search in DiVA

By author/editor
Öbrand, Lars
By organisation
Department of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 2054 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 2517 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf