umu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Case Against the Checklist Approach: Exploring Epistemic Strategies in IT Risk Management
Umeå University, Faculty of Social Sciences, Department of Informatics.
Umeå University, Faculty of Social Sciences, Department of Informatics.
2011 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Practice-based perspectives in information systems have established how, in instances of information technology use, the user exercises considerable discretion in their appropriation of the technology with local workarounds and situated improvisations. Today, information systems research has a considerable stock of cases demonstrating the malleability of technology. We analyse the question, not pursued with much energy to date within practice-based perspectives, of how risk management practices in IT-enabled process management are enacted. Research on IT risk has over the last decades produced a number of frameworks and checklists to identify and manage risk, allowing for a proactive approach to e.g. IT development projects. Still, IT-projects fail more often than not and even the most proficient managers have difficulty in managing IT as an organizational resource. This paper introduces a framework for the analysis of software risk as knowledge systems (Holzner & Marx, 1979) composed of a set of knowledge processes, as they are enacted in the context of software risk management: reactive, proactive and adaptive IT risk management. We position ourselves in line with works that take a practice-based approach on knowledge and learning (Lave and Wenger, 1991; Wenger, 2000), which emphasise how knowledge is local, social, situated and closely linked to practice. However, another central premise behind our framework is that knowledge is not only local and situated, but also linked to larger established 'systems of knowledge'. This may imply that knowledge generation does not happen freely, but is highly contingent on the context in which knowledge generation is situated. In order to manage risk in the increasingly dynamic environment of organizational life, we argue that adaptive IT risk management provides organizations with a more powerful approach than we find in the reactive and proactive approach to IT risk management.

Place, publisher, year, edition, pages
2011.
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:umu:diva-52976OAI: oai:DiVA.org:umu-52976DiVA: diva2:508453
Conference
Nordic Academy of Management Conference, August 20-24 2011, School of Business, Stockholm University, Stockholm
Available from: 2012-03-30 Created: 2012-03-08 Last updated: 2012-03-30Bibliographically approved

Open Access in DiVA

fulltext(303 kB)304 downloads
File information
File name FULLTEXT02.pdfFile size 303 kBChecksum SHA-512
979498d4726002b9b34a37084850a64bd41d02e140aa092730d860a0cf1d287f49af0623235a05d3a706c81c994da6e7810ac4f983cf08e341c2cd78cfc40d83
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Rönnbäck, LarsHolmström, Jonny
By organisation
Department of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 304 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 238 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf