Developing the concept of Individual IT Culture and its Impact on IT Risk Management Implementation

Organisational implementations of IT risk management (IT-RM) frameworks often fail due to cultural forces. This work-in-progress study focuses on the action of IT individuals involved with IT-RM implementations. Particularly, this research steps outside the conventional factor analytic perspective of IT risk management research by focusing on contextual and processual elements as well as the actions and interpretations of managers to explain successful implementations. A series of case studies were designed around semi-structured in-depth interviews with IT managers. Grounded theory-like analysis of the case text produced a structure of conceptual categories and themes depicting the successful implementation of an IT-RM framework.

[1]  Isabelle Walsh,et al.  A strategic path to study IT use through users' IT culture and IT needs: A mixed-method grounded theory , 2014, J. Strateg. Inf. Syst..

[2]  Dorothy E. Leidner,et al.  Review: A Review of Culture in Information Systems Research: Toward a Theory of Information Technology Culture Conflict , 2006, MIS Q..

[3]  Elizabeth Sheedy,et al.  Risk Governance, Structures, Culture, and Behavior: A View from the Inside , 2018 .

[4]  Erno T. Tornikoski,et al.  Perceived uncertainty and behavioral logic: Temporality and unanticipated consequences in the new venture creation process , 2019, Journal of Business Venturing.

[5]  Andrew H. Van de Ven,et al.  Process studies of change in organization and management , 2009 .

[6]  Neda Azizi,et al.  The Moderating Effects of Organisational Culture on the Relationship between Knowledge Sharing and IT Risk Management Success , 2018, ECIS.

[7]  Graeme Harrison,et al.  Organisational culture and enterprise risk management: The Australian not‐for‐profit context , 2019, Australian Journal of Public Administration.

[8]  T. Themsen,et al.  The performativity of risk management frameworks and technologies: The translation of uncertainties into pure and impure risks , 2018 .

[9]  Bruce Hamilton Rowlands,et al.  Grounded in Practice: Using Interpretive Research to Build Theory , 2005 .

[10]  Lawrence B. Mohr,et al.  Explaining organizational behavior , 1982 .

[11]  W. Alec Cram,et al.  Organizational information security policies: a review and research framework , 2017, Eur. J. Inf. Syst..

[12]  Helmut Krcmar,et al.  Understanding the Enabling Design of IT Risk Management Processes , 2015, ICIS.

[13]  Lennart Jaeger Information Security Awareness: Literature Review and Integrative Framework , 2018, HICSS.

[14]  Tim Huygh,et al.  Exploring the Contemporary State of Information Technology Governance Transparency in Belgian Firms , 2017, Inf. Syst. Manag..