Change search
ReferencesLink to record
Permanent link

Direct link
A Case Against the Checklist Approach: Exploring Epistemic Strategies in IT Risk Management
Umeå University, Faculty of Social Sciences, Department of Informatics.
Umeå University, Faculty of Social Sciences, Department of Informatics.
2011 (English)Conference paper (Refereed)
Abstract [en]

Practice-based perspectives in information systems have established how, in instances of information technology use, the user exercises considerable discretion in their appropriation of the technology with local workarounds and situated improvisations. Today, information systems research has a considerable stock of cases demonstrating the malleability of technology. We analyse the question, not pursued with much energy to date within practice-based perspectives, of how risk management practices in IT-enabled process management are enacted. Research on IT risk has over the last decades produced a number of frameworks and checklists to identify and manage risk, allowing for a proactive approach to e.g. IT development projects. Still, IT-projects fail more often than not and even the most proficient managers have difficulty in managing IT as an organizational resource. This paper introduces a framework for the analysis of software risk as knowledge systems (Holzner & Marx, 1979) composed of a set of knowledge processes, as they are enacted in the context of software risk management: reactive, proactive and adaptive IT risk management. We position ourselves in line with works that take a practice-based approach on knowledge and learning (Lave and Wenger, 1991; Wenger, 2000), which emphasise how knowledge is local, social, situated and closely linked to practice. However, another central premise behind our framework is that knowledge is not only local and situated, but also linked to larger established 'systems of knowledge'. This may imply that knowledge generation does not happen freely, but is highly contingent on the context in which knowledge generation is situated. In order to manage risk in the increasingly dynamic environment of organizational life, we argue that adaptive IT risk management provides organizations with a more powerful approach than we find in the reactive and proactive approach to IT risk management.

Place, publisher, year, edition, pages
National Category
Information Systems, Social aspects
URN: urn:nbn:se:umu:diva-52976OAI: diva2:508453
Nordic Academy of Management Conference, August 20-24 2011, School of Business, Stockholm University, Stockholm
Available from: 2012-03-30 Created: 2012-03-08 Last updated: 2012-03-30Bibliographically approved

Open Access in DiVA

fulltext(303 kB)243 downloads
File information
File name FULLTEXT02.pdfFile size 303 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Rönnbäck, LarsHolmström, Jonny
By organisation
Department of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 243 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 127 hits
ReferencesLink to record
Permanent link

Direct link