Shadow Systems, Risk, and Shifting Power Relations in Organizations

Drawing on notions of power and the social construction of risk, we build new theory to understand the persistence of shadow systems in organizations. From a single case study in a mid-sized savings bank, we derive two feedback cycles that concern shifting power relations between business units and central IT associated with shadow systems. A distant business-IT relationship and changing business needs can create repeated cost and time pressures that make business units draw on shadow systems. The perception of risk can trigger an opposing power shift back through the decommissioning and recentralization of shadow systems. However, empirical findings suggest that the weakening tendency of formal risk-management programs may not be sufficient to stop the shadow systems cycle spinning if they fail to address the underlying causes for the emergence of shadow systems. These findings highlight long-term dynamics associated with shadow systems and pose “risk” as a power-shifting construct.

[1]  Steven L. Mandell The Management Information System is Going to Pieces , 1975 .

[2]  J. Henrich,et al.  The evolution of prestige: freely conferred deference as a mechanism for enhancing the benefits of cultural transmission. , 2001, Evolution and human behavior : official journal of the Human Behavior and Evolution Society.

[3]  K. Weick The Collapse of Sensemaking in Organizations: The Mann Gulch Disaster , 1993 .

[4]  Walter Brenner,et al.  European Conference on Information Systems ( ECIS ) 5-15-2012 EXPLORING THE SHADOWS : IT GOVERNANCE APPROACHES TO USER-DRIVEN INNOVATION , 2012 .

[5]  Robert D. Galliers,et al.  Aligning in practice: from current cases to a new agenda , 2015, J. Inf. Technol..

[6]  Daniel Fürstenau,et al.  Shadow IT Systems: Discerning the Good and the evil , 2014, ECIS.

[7]  Leslie P. Willcocks,et al.  Crocodiles in the Regulatory Swamp: Navigating The Dangers of Outsourcing, SaaS and Shadow IT , 2015, ICIS.

[8]  Michael R. Wade,et al.  An Exploration of Organizational Level Information Systems Discontinuance Intentions , 2011, MIS Q..

[9]  Carol V. Brown,et al.  Alignment of the IS Functions With the Enterprise: Toward a Model of Antecedents , 1994, MIS Q..

[10]  E. Roche Managing Information Technology in Multinational Corporations , 1992 .

[11]  Björn Niehaves,et al.  Conceptualizing Individualization in Information Systems - A Literature Review , 2015, Commun. Assoc. Inf. Syst..

[12]  Andreas Eckhardt,et al.  Normalizing the Shadows - The Role of Symbolic Models for Individuals' Shadow IT Usage , 2014, ICIS.

[13]  Thomas H. Davenport,et al.  Chapter 8 – Information Politics , 1998 .

[14]  Sandy Behrens,et al.  Shadow systems: the good, the bad and the ugly , 2009, CACM.

[15]  Jan Muntermann,et al.  Paradoxes and the Nature of Ambidexterity in IT Transformation Programs , 2015, Inf. Syst. Res..

[16]  Jeffrey M. Voas,et al.  BYOD: Security and Privacy Considerations , 2012, IT Professional.

[17]  James Howison,et al.  Beyond the organizational 'container': Conceptualizing 21st century sociotechnical work , 2014, Inf. Organ..

[18]  L. Diamond IT Governance : How Top Performers Manage IT Decision Rights for Superior Results , 2005 .

[19]  Linda Leon,et al.  Beyond Regulatory Compliance for Spreadsheet Controls: A Tutorial to Assist Practitioners and a Call for Research , 2010, Commun. Assoc. Inf. Syst..

[20]  Luke Houghton,et al.  What Drives the End User to Build a Feral Information System? , 2012, ACIS.

[21]  Amrit Tiwana,et al.  Complementarities Between Organizational IT Architecture and Governance Structure , 2010, Inf. Syst. Res..

[22]  Colin Camerer,et al.  Not So Different After All: A Cross-Discipline View Of Trust , 1998 .

[23]  M. Lynne Markus,et al.  Power, politics, and MIS implementation , 1987, CACM.

[24]  Yajiong Xue,et al.  Information Technology Governance in Information Technology Investment Decision Processes: The Impact of Investment Characteristics, External Environment, and Internal Context , 2008, MIS Q..

[25]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[26]  G. Hauke,et al.  Values in Strategic Brief Therapy: From Need to Value-directed Living , 2006 .

[27]  Robin Williams,et al.  Research Commentary - Moving Beyond the Single Site Implementation Study: How (and Why) We Should Study the Biography of Packaged Enterprise Solutions , 2012, Inf. Syst. Res..

[28]  Robert W. Zmud,et al.  Arrangements for Information Technology Governance: A Theory of Multiple Contingencies , 1999, MIS Q..

[29]  Wanda J. Orlikowski,et al.  Understanding Shifting Power Relations within and Across Organizations: A Critical Genre Analysis , 2008 .

[30]  K. Jamieson,et al.  The Rise and Fall of a Shadow System: Lessons for Enterprise System Implementation , 2004 .

[31]  Stephen J. Andriole,et al.  Who owns IT? , 2015, Commun. ACM.

[32]  Cynthia Hardy,et al.  Organizing Processes and the Construction of Risk: A Discursive Approach , 2013 .

[33]  Daniel Fürstenau,et al.  Why do Shadow Systems Fail? An Expert Study on Determinants of Discontinuation , 2016, ECIS.

[34]  Michel Foucault,et al.  “Panopticism” from Discipline & Punish: The Birth of the Prison , 2009 .

[35]  Brian S. Butler,et al.  Power and Information Technology Research: A Metatriangulation Review , 2002, MIS Q..

[36]  Kalle Lyytinen,et al.  A tale of two coalitions – marginalising the users while successfully implementing an enterprise resource planning system , 2015, Inf. Syst. J..

[37]  Luke Houghton,et al.  Power Relationships that Lead to the Development of Feral Systems , 2007, Australas. J. Inf. Syst..

[38]  Alicia A. Grandey,et al.  The relationship of organizational politics and support to work behaviors, attitudes, and stress , 1997 .

[39]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[40]  Sune Dueholm Müller,et al.  Benefits of Cloud Computing: Literature Review in a Maturity Model Perspective , 2015, Commun. Assoc. Inf. Syst..

[41]  Richard Walters,et al.  Bringing IT out of the shadows , 2013, Netw. Secur..

[42]  H. White,et al.  A Model of Robust Positions in Social Networks , 2008, American Journal of Sociology.

[43]  Joey F. George,et al.  Examining the computing and centralization debate , 1991, CACM.

[44]  Yaman Roumani,et al.  The Influence of Organizational Trust and Organizational Mindfulness on ERP Systems Usage , 2014, Commun. Assoc. Inf. Syst..

[45]  Carsten Felden,et al.  Managing Shadow IT Instances - A Method to Control Autonomous IT Solutions in the Business Departments , 2014, AMCIS.

[46]  Diane M. Strong,et al.  ERP Systems, Task Structure, and Workarounds in Organizations , 2001 .

[47]  Raymond R. Panko,et al.  Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks , 2006, Commun. Assoc. Inf. Syst..

[48]  Amrit Tiwana,et al.  Governance-Knowledge Fit in Systems Development Projects , 2009, Inf. Syst. Res..

[49]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[50]  Carol V. Brown,et al.  Horizontal Allocation of Decision Rights for On-Premise Applications and Software-as-a-Service , 2013, J. Manag. Inf. Syst..

[51]  Steven L. Alter,et al.  USF Scholarship: a digital repository @ Gleeson Library | Geschke Center , 2016 .

[52]  Amrit Tiwana,et al.  Special Issue: Information Technology and Organizational Governance: The IT Governance Cube , 2013, J. Manag. Inf. Syst..

[53]  Robert P. Bostrom,et al.  Mis problems and failures: a socio-technical perspective , 1977 .

[54]  John Leslie King,et al.  Centralized versus decentralized computing: organizational considerations and management options , 1983, CSUR.

[55]  L. Perlow The Time Famine: Toward a Sociology of Work Time , 1999 .

[56]  Kevin G. Corley,et al.  Seeking Qualitative Rigor in Inductive Research , 2013 .

[57]  M. Power Organized Uncertainty: Designing a World of Risk Management , 2007 .

[58]  Ephraim R. McLean,et al.  Theoretical perspectives in IS research: from variance and process to conceptual latitude and conceptual fit , 2015, Eur. J. Inf. Syst..

[59]  Carol V. Brown,et al.  Organizing and Configuring IT Function , 2014, Computing Handbook, 3rd ed..

[60]  A. Madill,et al.  Objectivity and reliability in qualitative analysis: realist, contextualist and radical constructionist epistemologies. , 2000, British journal of psychology.

[61]  Philip Koopman,et al.  Work-arounds, Make-work, and Kludges , 2003, IEEE Intell. Syst..

[62]  Andreas Eckhardt,et al.  Sensitizing Employees' Corporate IS Security Risk Perception , 2014, ICIS.

[63]  Jason Bennett Thatcher,et al.  Looking Toward the Future of IT-Business Strategic Alignment through the Past: A Meta-Analysis , 2014, MIS Q..

[64]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[65]  Christopher Rentrop,et al.  On the Emergence of Shadow IT - a Transaction Cost-Based Approach , 2014, ECIS.

[66]  C. Bauer The Circuits-of-Power Framework for Studying Power in Institutionalization of Information Systems , 2003 .

[67]  Andrea Back,et al.  Shadow it – A View from Behind the Curtain , 2014, Comput. Secur..

[68]  Markus Westner,et al.  Towards a Taxonomy for Shadow IT , 2016, AMCIS.

[69]  Andreas Eckhardt,et al.  Are Shadow System Users the Better IS Users? - Insights of a Lab Experiment , 2015, ICIS.

[70]  Rajeev Sharma,et al.  Strategic IT alignment: twenty-five years on , 2015, J. Inf. Technol..

[71]  Nicholas Berente,et al.  Institutional Contradictions and Loose Coupling: Postimplementation of NASA's Enterprise Information System , 2012, Inf. Syst. Res..

[72]  Hüseyin Tanriverdi,et al.  Information Technology Relatedness, Knowledge Management Capability, and Performance of Multibusiness Firms , 2005, MIS Q..