Dealing with Risks and Workarounds: A Guiding Framework

We present rISk-arounD, an enterprise-wide framework for modeling risks and workarounds in conformity with ISO 9001. The mode of inquiry is the canonical action research (CAR), conducted in a metalworking company. Our contribution suggests that (1) risks and workarounds should be jointly considered to model uncertainty in organizations, (2) participative enterprise modeling can assist process improvement and regulatory compliance, and (3) it is also necessary to address informal “shadow” practices in enterprise models. Moreover, we discuss how to adopt CAR to promote a culture of participative enterprise modeling. This framework can help organizations in their transition to the new 2015 version of ISO 9001, which endorses process oriented approaches and risk-based thinking as top priorities.

[1]  Robert M. Davison,et al.  Principles of canonical action research , 2004, Inf. Syst. J..

[2]  K John Holmes,et al.  Regulatory Models and the Environment: Practice, Pitfalls, and Prospects , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[3]  H. Raghav Rao,et al.  Framework for Analyzing Critical Incident Management Systems (CIMS) , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[4]  Maria Popescu,et al.  Considerations on Integrating Risk and Quality Management , 2011 .

[5]  Helmut Krcmar,et al.  Workaround Aware Business Process Modeling , 2015, Wirtschaftsinformatik.

[6]  Selena Aureli,et al.  THE CURRENT STATE OF RISK MANAGEMENT IN ITALIAN SMALL AND MEDIUM-SIZED ENTERPRISES , 2013 .

[7]  Janis Stirna,et al.  An Explorative Study into the Influence of Business Goals on the Practical Use of Enterprise Modelling Methods and Tools , 2002 .

[8]  Robert M. Davison,et al.  The Roles of Theory in Canonical Action Research , 2012, MIS Q..

[9]  Martha S. Feldman,et al.  Designing routines: On the folly of designing artifacts, while hoping for patterns of action , 2008, Inf. Organ..

[10]  Mark S. Ackerman,et al.  CPOE workarounds, boundary objects, and assemblages , 2011, CHI.

[11]  Kurt Sandkuhl,et al.  Participative Enterprise Modeling: Experiences and Recommendations , 2007, CAiSE.

[12]  Steven L. Alter,et al.  A General, But Readily Adaptable Model of Information System Risk , 2004, Commun. Assoc. Inf. Syst..

[13]  João Barata,et al.  ISO2: A New Breath for the Joint Development of IS and ISO 9001 Management Systems , 2013, ISD.

[14]  Helmut Krcmar,et al.  Why Managers Tolerate Workarounds - The Role of Information Systems , 2014, AMCIS.

[15]  Kit Sadgrove,et al.  The Complete Guide to Business Risk Management , 2005 .

[16]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .

[17]  Des Tedford,et al.  Risk determinants of small and medium-sized manufacturing enterprises (SMEs) - an exploratory study in New Zealand , 2012 .

[18]  Ian Sommerville,et al.  Socio-technical systems: From design methods to systems engineering , 2011, Interact. Comput..

[19]  Michael D. Myers,et al.  The qualitative interview in IS research: Examining the craft , 2007, Inf. Organ..

[20]  Mika Ojala,et al.  Risks and Risk Management in ERP Project - Cases in SME Context , 2006, BIS.

[21]  Carla Carnaghan,et al.  Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison , 2006, Int. J. Account. Inf. Syst..

[22]  Joint Task Force Transformation Initiative Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach , 2014 .

[23]  Zhenbin Yang,et al.  Workarounds in the use of IS in healthcare: A case study of an electronic medication administration system , 2012, Int. J. Hum. Comput. Stud..

[24]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[25]  Steven E. Poltrock,et al.  Working around official applications: experiences from a large engineering project , 2011, CSCW '11.

[26]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[27]  Steven L. Alter,et al.  USF Scholarship: a digital repository @ Gleeson Library | Geschke Center , 2016 .

[28]  Mathias Weske,et al.  Investigating Process Elicitation Workshops Using Action Research , 2011, Business Process Management Workshops.

[29]  Bonnie J. Wakefield,et al.  Work-arounds in health care settings: Literature review and research agenda , 2008, Health care management review.

[30]  G. Susman,et al.  An Assessment of the Scientific Merits of Action Research. , 1978 .

[31]  Stefan Strecker,et al.  RiskM: A multi-perspective modeling method for IT risk assessment , 2011, Inf. Syst. Frontiers.

[32]  Julien Malaurent,et al.  Reconciling global and local needs: a canonical action research project to deal with workarounds , 2016, Inf. Syst. J..

[33]  Moe Thandar Wynn,et al.  Current Research in Risk-aware Business Process Management - Overview, Comparison, and Gap Analysis , 2014, Commun. Assoc. Inf. Syst..

[34]  Richard Baskerville,et al.  Diversity in information systems action research methods , 1998 .

[35]  Leonard Steinborn International Organization for Standardization ISO 9001:2000 Quality Management Systems — Requirements , 2004 .

[36]  João Barata,et al.  FIVE DIMENSIONS OF INFORMATION SYSTEMS: A PERSPECTIVE FROM THE IS AND QUALITY MANAGERS , 2013 .

[37]  Vaughan Michell,et al.  A normative method to analyse workarounds in a healthcare environment: motivations, consequences, and constraints , 2013 .

[38]  Peter Bernus,et al.  Enterprise models for enterprise architecture and ISO9000: 2000 , 2003, Annu. Rev. Control..

[39]  Abby Ghobadian,et al.  An Empirical Investigation of the Channels that Facilitate a Total Quality Culture , 2004 .

[40]  Elaine H. Ferneley,et al.  Resist, comply or workaround? An examination of different facets of user engagement with information systems , 2006, Eur. J. Inf. Syst..

[41]  João Barata,et al.  MUVE IT: reduce the friction in business processes , 2014, Bus. Process. Manag. J..

[42]  Martijn Zoet,et al.  Aligning Risk Management and Compliance Considerations with Business Process Development , 2009, EC-Web.

[43]  João Barata,et al.  Modeling the Organizational Regulatory Space: A Joint Design Approach , 2013, PoEM.

[44]  Erik J. De Vries,et al.  Rigorously Relevant Action Research in Information Systems , 2007, ECIS.