No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
The Challenge in Neutralizing Shadow IT: A Literature Review
ResearchGate has not been able to resolve any citations for this publication.
Financial management as a scholalry field has been rapidly chaning in the last few decaades. This paradigm shoft has been fueled by the non-precendented development of ICT technology, globalization, man-made and natural disasters and consequent crises. The aim of this book is to collect evidence on the development of financial management, both in the public and corporate sector. The book has 33 chapters, each with novel contributions to theory and practice of financial management. The book is an output of the Contemporary Financial Management Conference held in Belgrade, from 7-10 December 2022. The contributions come from various geographic regions including mainly Europe (the UK, Germany, Italy, Slovakia, Portugal, Serbia, Croatia, Montenegro, Bosnia and Herzegovina, Albania, North Macedonia), and Asia (Vietnam, and the Philippines). As for the topics – the chapters provide novel contributions to stock markets, cryptocurrencies, taxation, accounting and auditing, accounting and business intelligence, performance management and compensations, sustainable finance, financial technologies and much more. Chapters are based in various methodologies, ranging from literature reviews and theoretical conceptualizations to data science-related methodologies. The book offers valuable input for practitioners, scholars, policy makers, students and many other stakeholders interested in the ever-changing field of financial management.
Purpose
Personal knowledge management (KM) lends new emphasis to ways through which individual knowledge workers engage with knowledge in organizational contexts. This paper aims to go beyond an organizational approach to KM to examine key personal KM and knowledge building (KB) practices among adult professionals.
Design/methodology/approach
This paper presents a summary of the findings from interviews with 58 consultants from 17 managing consulting firms. Participants were selected based on their knowledge-intensive roles and their willingness to share information about their knowledge practices. Data analysis was inductive and revealed multiple personal KM activities common among research participants, and the way these are supported by informal ties and various technologies.
Findings
This work highlights ways in which “shadow information technology” undergirds personal knowledge infrastructures and supports KM and KB practices in the context of management consulting firms. The results uncover how personal knowledge infrastructures emerge from personal KM and KB practices, and the role of informal social networks as well as social media in supporting personal KM and KB.
Research limitations/implications
This study contributes an overall conceptual model of factors that help knowledge workers build a personal knowledge infrastructure. By affording an understanding of socially embedded personal KM activities, this work helps organizations create a balance between KM strategies at the organizational level and personal knowledge goals of individual workers.
Originality/value
Much of the previous research on KM adopts organizational approaches to KM, accentuating how organizations can effectively capture, organize and distribute organizational knowledge (primarily through KM systems).
accepted 14.02.2020: With the advent of end-user and cloud computing, business users can implement information systems for work practices on their own – either from scratch or as extensions to existing systems. The resulting information systems, however, often remain hidden from managers and official IT units, and are therefore called “shadow IT systems.” When a shadow IT system is identified, the organization has to decide on the future of this system. We use a configurational perspective to explain outcomes of shadow IT system identification, as well as the mechanisms and contextual conditions bringing them about. For this purpose, we compiled 27 profiles of shadow IT systems by conducting 35 interviews with respondents from different positions and industries. Our analysis gives insight into six distinct context-mechanism-outcome configurations explaining four outcomes occurring after shadow IT system identification, namely phase-out, replacement, continuing as IT-managed system, and continuing as business-managed system. These results extend the shadow IT literature and, more broadly, IS architecture and governance streams of the IS literature. They inform IT managers when weighing decision options for identified shadow IT systems given different contextual conditions.
Information security in an organization largely depends on employee compliance with information security policy (ISP). Previous studies have mainly explored the effects of command‐and‐control and self‐regulatory approaches on employee ISP compliance. However, how social influence at both individual and organizational levels impacts the effectiveness of these two approaches has not been adequately explored. This study proposes a social contingency model in which a rules‐oriented ethical climate (employee perception of a rules‐adherence environment) at the organizational level and susceptibility to interpersonal influence (employees observing common practices via peer interactions) at the individual level interact with both command‐and‐control and self‐regulatory approaches to affect ISP compliance. Using employee survey data, we found that these two social influence factors weaken the effects of both command‐and‐control and self‐regulatory approaches on ISP compliance. Theoretical and practical implications are also discussed.
Several studies have hinted how the study of workarounds can help organizations to improve business processes. Through a systematic literature review of 70 articles that discuss workarounds by information systems users, we aim to unlock this potential. Based on a synthesis of recommendations mentioned in the reviewed studies, we describe five key activities that help organizations to deal with workarounds. We contribute to the IS literature by (1) providing an overview of concrete recommendations for managing workarounds and (2) offering a background for positioning new research activities on the subject. Organizations can apply these tools directly to turn their knowledge on workarounds into organizational improvement.
This study outlines the recent landscape of workaround research as regards the steps of workaround creation by Alter [1]. A workaround happens when a user does a course of actions beyond the formal system to achieve certain goals. The actions could be bypassing internal system procedures or breaking the established policies in response to the perceived system constraints. To this point, one may perceive workaround as an improvisation of the formal system; thus, it introduces both positive and negative outcomes for organisations. Here, the aim of this study is to capture the use of Theory of Workarounds [1] in research to explain the workaround creation. Especially, the application of seven steps mentioned in Theory of Workarounds. For this reason, as suggested by Dennehy and Sammon [2], we gathered ten top cited articles from 2014 and compare them with other ten most recent articles from Google Scholar. Afterward, we categorised those papers using Theory of Workarounds [1] to understand the state of the art of the workaround studies. The contribution of this research is that we demonstrate the application of Theory of Workarounds to capture how researchers explain the workaround creation in their papers. In our best knowledge, this is the first study to do so. Also, we contribute to the Information Systems (IS) body of knowledge as to the understanding of post-IS deployment. At the end of the research, we highlight open research areas in workarounds. Abstract This study outlines the recent landscape of workaround research as regards the steps of workaround creation by Alter [1]. A workaround happens when a user does a course of actions beyond the formal system to achieve certain goals. The actions could be bypassing internal system procedures or breaking the established policies in response to the perceived system constraints. To this point, one may perceive workaround as an improvisation of the formal system; thus, it introduces both positive and negative outcomes for organisations. Here, the aim of this study is to capture the use of Theory of Workarounds [1] in research to explain the workaround creation. Especially, the application of seven steps mentioned in Theory of Workarounds. For this reason, as suggested by Dennehy and Sammon [2], we gathered ten top cited articles from 2014 and compare them with other ten most recent articles from Google Scholar. Afterward, we categorised those papers using Theory of Workarounds [1] to understand the state of the art of the workaround studies. The contribution of this research is that we demonstrate the application of Theory of Workarounds to capture how researchers explain the workaround creation in their papers. In our best knowledge, this is the first study to do so. Also, we contribute to the Information Systems (IS) body of knowledge as to the understanding of post-IS deployment. At the end of the research, we highlight open research areas in workarounds.
IT governance describes the decision rights and accountability framework used to ensure the alignment of ITrelated activities with the organization's strategy and objectives. Conversely, IT consumerization refers to the process whereby the changing practices and expectations of consumers influence the IT-related activities of workers and managers in organizations. We propose that IT consumerization not only challenges the foundations of IT governance but ultimately also transforms it. To explore this research problem, we utilize the punctuated equilibrium theory and a case study of IT consumerization and the transformation of IT governance in a large global bank. Our findings suggest that the widespread adoption of digital technology in everyday life leads to "everyone's IT," which is a new set of shared beliefs among consumers that highlights democratized access and individualized use of IT. As everyone's IT beliefs begin to alter the IT-related activities of workers, the result is IT governance misalignments that ultimately lead to a punctuated transformation of IT governance that dismantles functional IT governance. The establishment of platform-based governance marks a new equilibrium period. Our mid-range theory contributes to the IS domain with the novel concept of everyone's IT and a grounded explanation of IT governance transformation in the context of IT consumerization. Our theory offers a set of significant research and practical implications.
Employees' personal devices are increasingly evident in the workplace; the use of non‐enterprise sanctioned hardware and software is now commonplace. This phenomenon, frequently referred to as IT consumerization, is gaining momentum. Employees increasingly are using their own devices and choosing their own software (eg, Google Apps, Skype or Dropbox) in addition to—or instead of—enterprise IT. Employees are turning from consumers of enterprise IT to IT deciders, bypassing the IS department to use what critics call “rogue IT.” While discouraged in some contexts, the influx of consumer IT into the workplace has been suggested to influence innovative behaviours among employees. Although the phenomenon is very prevalent, research lags in the operationalization of an IT consumerization model. In this paper, we take a close look at the antecedents and consequences of consumerization behaviours. We examine to what extent an individual's level of satisfaction with enterprise IT in juxtaposition with the level of perceived relative advantage of consumer IT over enterprise IT influences an individual's usage of consumer IT in the workplace; we also examine how organizational mandates and IT empowerment influences IT consumerization behaviours. Finally, we investigate the influence of IT consumerization on innovative behaviours at work.
As information technology (IT)-based regulation has become critical and pervasive for contemporary organizing, information systems research turns mostly a deaf ear to the topic. Current explanations of IT-based regulation fit into received frameworks such as structuration theory, actor-network theory, or neoinstitutional analyses but fail to recognize the unique capacities IT and related IT-based regulatory practices offer as a powerful regulatory means. Any IT-based regulation system is made up of rules, practices, and IT artifacts and their relationships. We propose this trifecta as a promising lens to study IT-based regulation in that it sensitizes scholars into how IT artifacts mediate rules and constitute regulatory processes embracing rules, capacities of IT endowed by the artifact, and organizational practices. We review the concepts of rules and IT-based regulation and identify two gaps in the current research on organizational regulation: (1) the critical role of sensemaking as part of IT-based regulation, and (2) the challenge of temporally coupling rules and their enactment during IT-based regulation. To address these gaps we introduce the concept of regulatory episode as a unit of analysis for studying IT-based regulation. We also formulate a tentative research agenda for IT-based regulation that focuses on tensions triggered by the three key elements of the IT-based regulatory processes.
The online appendix is available at https://doi.org/10.1287/isre.2017.0771 .
Keywords: regulation; IT; time; conflicts of temporalities; dyschronies; organizational dyschronies
Shadow IT is the autonomous procurement or usage of IT by business units or users without involving the IT organization. To get an up to date IT management’s perspective on this phenomenon, 16 interviews with executive or senior IT managers were conducted. Using content analysis, the empirical data is compared with current themes about Shadow IT that were previously identified in a review of practitioner articles. In contrast to academic research, many practitioners currently deal with governance aspects of Shadow IT and its controlled use in organizations. We find that some study participants enable “Business-Managed IT” to harness the potential of Shadow IT in certain areas but also to manage associated risks. However, participants prefer to improve the IT organization to better serve their users and thus to reduce the need for Shadow IT.
The aim of this article is to explore and investigate the differences in the terms ‘feral information systems’ (FIS), ‘shadow systems’, and ‘workarounds’. We have conducted the research by using 41 scientific articles selected based upon the most-cited literature on Google Scholar as well as internal references. Subsequently, an analysis and a discussion of the central articles have been carried out to: 1) Show how each term has been utilized; 2) discover similarities and discrepancies; and 3) verify our findings through existing case studies. The results of the analysis indicate that there is reason behind the differences between the terms. This study, even though not conclusive, has uncovered a deeper problem regarding the usage of IS terminology within the IS field of research.
Shadow IT is relatively new and emerging phenomenon which is bringing number of concerns and risks to the organizational security. Past literature has mostly explored the “negative” effects of the Shadow IT phenomenon, including, for example, the security aspect where Shadow systems are said to undermine the official systems and endanger organizational data flows. However, the question of how Shadow IT can contribute to leverage user’s innovation has not been adequately addressed. We used three methods to understand if Shadow IT can be an important source of innovation for firms: 1) Single case study with international firm that adopted Shadow IT; 2) Interviews with 15 IT executives and 3) Focus group using twitter as enabling tool to interact with 65 IT professionals. We offer a new perspective on how Shadow IT practices can leverage user’s innovation. The study offers novel insights on the role of Shadow users in the organizational innovation process and how they contribute to new innovations by using Shadow IT. Not only this user led innovation through Shadow IT brings positive outcomes for the employee, but it also reveals the path to follow for organizations to increase their innovation capabilities.
In a comprehensive literature review, we identified 21 different terms used for Shadow IT related concepts. This variety makes it difficult to identify related research and build upon it. To address this ambiguity, we reduce the different terms to six distinct concepts by developing a taxonomy and examining their relation¬ships. We do so by using a rigorous iterative methodology to identify common characteristics and to classify terms along them. By clustering the results, we derive and visualize the taxonomy. The identified concepts are Feral Practices, Workarounds, Shadow IT, Shadow Systems, Un-enacted Projects, and Shadow Sourcing. We elaborate on the concepts along their characteristics and clearly define and delimit them. As a result, we create a guide for their usage, increase search- and comparability, and unify existing knowledge.
Shadow IT is a widespread phenomenon which includes systems, services, and processes that are not part of the " official " corporate IT. The topic is still an emerging research area and slowly gaining traction in recent years but a state of the art analysis is missing to date. We therefore conduct a structured literature review to derive a framework for causes, consequences, and governance of Shadow IT. We identify motivators, enablers, and missing barriers as causes for Shadow IT, both positive and negative consequences on an organizational and a technical level and governance approaches which focus on clearance of existing or prevention of future Shadow IT. Our review reveals that constructivist, qualitative design using a case study approach dominates existing research. There are no dominant theories yet to explain Shadow IT. We also highlight possibilities for future research to focus on the less explored governance aspect.
ERP systems integrate a major part of all business processes and organizations include
them in their IT service management. Besides these formal systems, there are additional systems
that are rather stand-alone and not included in the IT management tasks. These so-called ‘shadow
systems’ also support business processes but hinder a high enterprise integration. Shadow systems appear during their explicit detection or during software maintenance projects such as enhancements or release changes of enterprise systems. Organizations then have to decide if and to what extent they integrate the identified shadow systems into their ERP systems. For this decision, organizations have to compare the capabilities of each identified shadow system with their ERP systems. Based on multiple-case studies, we provide a dependency approach to enable their comparison. We derive categories for different stages of the dependency and base insights into integration possibilities on these stages. Our results show that 64% of the shadow systems in our case studies are related to ERP systems. This means that they share parts or all of their data and/or functionality with the ERP system. Our research contributes to the field of integration as well as to the discussion about shadow systems.
The Relation of Shadow Systems and ERP Systems—Insights from a Multiple-Case Study. Available from: https://www.researchgate.net/publication/292152857_The_Relation_of_Shadow_Systems_and_ERP_Systems-Insights_from_a_Multiple-Case_Study [accessed Mar 9, 2016].
Information Systems (IS) researchers traditionally have the assumption that Information Technology (IT) innovations are conceived within the IT department. Developments like ubiquitous computing, web services and the emerging culture of digital natives (DN) challenge this foundational assumption as they enable individuals to implement their own IT innovations quickly. Placing such empowered individuals into a strictly regulated IT environment will drive them away from the IT department and towards their own IT solutions and inevitably to non-compliance. Such user- or business-driven solu- tions are not necessarily the result of strict policies or limited user rights but may be caused by the inability of the IT department to fulfil business needs. The phenomenon of user-driven fulfilment of requirements is called Shadow IT (SIT). While receiving very limited scholarly attention, SIT is a widespread challenge amongst IT departments. We employ a triangulation approach using three inde- pendent data sources to address this phenomenon within the three domains of IS research, IS Security (ISsec), IT Governance (ITG) and Business IT Alignment (BITA). Our findings suggest that practitio- ners follow three different ITG approaches to SIT based on their business or IT strategy: IT-control, user-oriented and user-driven.
Workarounds as deviations from defined routines in business processes challenge standardization and thus the performance improvements expected from information systems. Literature associates workarounds predominantly with performance losses. Only few studies report on performance improvements from workarounds. However, what characterizes situations in which managers tolerate workarounds to yield potential performance improvements? This study examines situations in which managers are able to decide whether to tolerate or to prohibit workarounds. We report on a multiple case study in two organizations and use existing research on workarounds to structure our analysis. Building on this, we show that expected efficiency gains, exposure to compliance risk and perceived process weakness have an effect on the willingness of management to tolerate workarounds. We develop a model that illustrates important aspects of situations that influence this willingness and outlines the role of information systems in understanding workarounds.
Shadow IT is a currently misunderstood and relatively unexplored phenomena. It represents all hardware, software, or any other solutions used by employees inside of the organisational ecosystem which have not received any formal IT department approval. But how much do we know about this phenomenon? What is behind the curtain? Is security in organisations jeopardised? In the research study reported here, we conducted an in-depth analysis of the organisational Shadow IT software database, reporting the view from behind the curtain. The study used triangulation approach to investigate the Shadow IT phenomena and its findings open Pandora’s Box as they lay a new picture of what Shadow IT looks like from the software perspective. Our study revealed that greynet, content apps, and utility tools are the most used shadow systems. This study offers important insights on the Shadow IT phenomena for information management professionals and provides new research directions for academia.
Shadow IT describes the supplement of “official” IT by several, autonomous developed IT systems, processes and organizational units, which are located in the business departments. These systems are generally not known, accepted and supported by the official IT department. From the perspective of IT management and control it is necessary to find out, which interrelations exist with shadow IT and what tasks are resultant. So far only little research exists on this topic. To overcome this deficit the presented project targets on a scientifically based definition of shadow IT, the investigation of best practices in several companies and the development and application of instruments for the identification, the assessment and controlling of shadow IT.
Shadow IT describes the supplement of “official” IT by several, autonomous developed IT systems, processes and organizational units, which are located in the business departments. These systems are generally not known, supported and accepted by the official IT department. From a company's, IT governance and IT management's perspective it is necessary to find a way to deal with this phenomenon. As a part of an integrated methodology to control shadow IT, this paper presents an evaluation model for identified shadow IT instances.
This paper offers guidance to conducting a rigorous literature review. We present this in the form of a five-stage process in which we use Grounded Theory as a method. We first probe the guidelines explicated by Webster and Watson, and then we show the added value of Grounded Theory for rigorously analyzing a carefully chosen set of studies; it assures solidly legitimized, in-depth analyses of empirical facts and related insights. This includes, the emergence of new themes, issues and opportunities; interrelationships and dependencies in or beyond a particular area; as well as inconsistencies. If carried out meticulously, reviewing a well-carved out piece of literature by following this guide is likely to lead to more integrated and fruitful theory emergence, something that would enrich many fields in the social sciences.
This research identifies factors affecting the operation of a supply chain in a large, asset rich transport utility, and how a recent Enterprise Resource Planning System (ERP) implementation was perceived with respect to its usability for the task. A lack of trust in the ERP, ineffective training methods and complexity in extracting the data from the ERP were identified as a problem which lead to the development of “Feral Systems” (systems outside the accepted ERP or corporation condoned information systems – sometimes called skunkworks). This research uses an interpretative case study approach to gain insights into the human sense-making within the study organisation. The research argues that power relationships between operational managers and financial managers and processual power relationships between operational managers led to the development of these systems. Yes Yes
Modern business of the digital age brings numerous opportunities, but also imposes challenges and carries a risk for companies. The amount of data generated via multiple sources, which characterize the embraced Industry 4.0, could be considered as an incredible chance for process improvement, but also it is a source of tasks that are not easy to complete. A necessity for quick response to business changes often collides with general information systems features and functions. The lack of fit of official information systems with users’ requirements frequently implies occurrence of Shadow IT. Shadow IT is still an emerging topic, although gaining more attention in the previous decade. This paper aims to examine shadow IT existence and its characteristics in companies operating in the Republic of Serbia. A systematic literature review was performed to identify papers that cover the topic of shadow IT in the Republic of Serbia. The following electronic databases were searched: Web of Science, Scopus, COBISS.SR and Google Scholar. Based on the literature review, the most frequently occurring form of shadow IT in the Republic of Serbia is outlined, along with accompanying positive and negative consequences. Given the literature review, the authors proposed risk mitigation suggestions related to spreadsheet education improvements.KeywordsShadow ITSpreadsheet applicationsRepublic of SerbiaLiterature review
Enterprise system users are required to improve competence to gain the system’s value. The development of user competence to effectively use a complex system is socially constructed. Based on the job demands-resources model, we propose and empirically validate how two types of work contextual factors, namely, job demands and job resources, are directly and interactively related to user competence. Results of a longitudinal survey from users in six organizations suggest that all three job resource factors considered—leader–member exchange, traditional support structures, and peer support structure—allow users to acquire both the technical and business knowledge needed for effective application of the system for work. But, work overload, as the job demand factor, has no significant effect on user competence. Further analysis shows the relationship between work overload and user competence is moderated by leader–member exchange, but not the two support structures. Our findings are of great importance for practice, as they suggest job resources are conducive to the development of user competence, whereas work overload is an inevitable, acute problem.
Shadow IT coexists with mandated information systems. Developed and applied by nonIT domain experts, it is as a rule, but not exclusively, used for resolving nonroutine issues, for which mandated IS does not have appropriate functions. Shadow IT solutions are not supported or controlled by IT departments. The aim of the paper is to show to which extent shadow IT has been researched, as this area has not yet received the necessary attention from both academia and business. A systematic literature review was conducted in order to find the papers covering the topic of shadow IT. The following electronic databases were searched: Web of Science (Thomson Reuters), Scopus (Elsevier), and AIS Electronic Library (The Association for Information Systems (AIS)). More than half of the analysed papers are case studies in one or more organizations. The papers were published mostly in scientific conferences and in scientific journals. Based on the literature review, the reasons for shadow IT occurrence, the possibility of its management, as well as its advantages and disadvantages are presented. The most important conclusions and views regarding shadow IT, according to the authors’ opinion, are indicated at the end. The limitation of a systematic literature review is that only papers published in English are analysed. Besides identifying papers covering the shadow IT topics, the reasons for the emergence of shadow IT, the possibilities of its management and its advantages and disadvantages are systematized.
The use of unauthorised technologies in the workplace, called shadow IT, is increasing within organisations. Research has identified that employees frequently use unauthorised solutions to collaborate and communicate at work, which can ultimately enhance their performance. This research aims to examine the mediating role of social presence on the relationship between shadow IT usage and individual performance. We performed a survey among 286 employees from three large companies. The results show a positive relationship between shadow IT usage and social presence, suggesting that some aspects of social presence, such as perceived higher levels of sensitivity and comprehension, are significant outcomes related to the use of shadow IT. The results also provide empirical evidence to show social presence has a mediating role in the relationship of shadow IT usage and individual performance. Thereby, this research contributes by providing new insights into the consequences of shadow IT usage, and partially explaining the impact the use of shadow IT has on employee performance. In addition, the findings highlight the importance of social presence in relation to technology-mediated communication within organisations.
Shadow IT represents a software, hardware, or any other solution used by employees within organizations that has not received any prior formal approval from the IT department to be used. Currently, the issue of Shadow IT is increasingly under discussion and is beginning to be explored in the private sector. However, this issue is not addressed comprehensively in the public sector. The main aim of this paper is therefore to propose a Shadow IT management concept for the public sector. The proposal of Shadow IT management concept identified problematic areas related to Shadow IT discovered during a case study in connection with the main aim of the paper. There are 7 areas designated as A1 to A7. The recommended approaches and solutions are set for these problem areas. Shadow IT Management Concept was created based on the case study (including interviews with main stakeholders).
The voluntary use of private devices by employees without the formal approval of the IT department, commonly termed Shadow IT, is an increasingly widespread phenomenon. In this article, the authors study the role of private smartphones (and related applications like WhatsApp) in knowledge-intensive practices in the manufacturing domain. With an in-depth case study based on data gained from observations and interviews, the authors are able to empirically illustrate why workers use their private smartphones (contrary to company guidelines) and how they find significant gains of productivity by using the forbidden applications. This study gives rich insights into the rise of Shadow IT in a manufacturing context which takes place in a self-organised way without knowledge of the management.
Shadow information technology systems (SITS) coexist with formal enterprise systems in organisations. SITS pose risks but also increase flexibility of business units. Practice shows that SITS emerge, despite that Enterprise Architecture Management (EAM) aims at controling all IT systems in an organization. Studies acknowledge this problem in general. However, they neither show the specific influencing areas of SITS nor provide approaches to address them. To close this gap, we use a literature review to analyse examples of practical SITS and their interference with EAM concerns. Thus, we find that they hinder especially transparency, reduction of EA complexity and governance. Research has focused on achieving transparency, governing the evolution of the EA but lacks strategies for reducing complexity. This study contributes to research and practice by uncovering the main influencing areas of SITS on EAM, as well as by laying a foundation for future research on this topic.
SYNOPSIS
Business trends show that more and more employees are creating shadow IT systems—IT systems that are not sanctioned or monitored by the IT department. This paper examines how the use of shadow IT in product costing impacts managers' perceptions of information credibility and managerial decision making. Using two experiments, we find that participants view information from shadow IT systems as less credible and they are less impacted by and less willing to rely on costing reports produced from shadow IT systems versus non-shadow IT systems. We also find that although participants are concerned about the credibility of shadow IT systems, they are not more likely to find simple mathematical errors embedded in shadow IT costing reports relative to non-shadow IT reports. This suggests that although concerned about shadow IT systems, managers still do not exercise sufficient care in evaluating reports created using these systems. The results of our study should prove informative as shadow systems become more prevalent in organizations.
Data Availability: Contact the authors.
This study examines the role of neutralization and deterrence in discouraging employees from using Shadow IT: tools, services and systems used in an organization but not authorized by the IT department. Our study provides a unique contribution to the IT security literature by studying effects of neutralization on both intentions (self-reported) and actual behavior, as well as examining the role of shame as a mediator. We surveyed employees from four organizations and found that the " metaphor of the ledger " neutralization technique predicts Shadow IT intention and actual Shadow IT usage. We also find that neutralization and deterrence effects influence shame.
An interesting phenomenon that has received limited attention in the literature is the concept of workaround practices in the field of IT and their use in organizations adopting ERP solutions. The main purpose of this paper is to analyze the effectiveness of workaround strategy by examining the main reasons behind it. The “Echo” method was used to evaluate the comments that participants provided regarding their ERP system task-related interactions, i.e., helpful, not-so-helpful behaviors, and workaround strategies used to handle the not-so-helpful situations. In “the Company's” case, the organizational Interaction Effectiveness (IE) ratio of 0.24 can be used as a baseline to determine the relative effectiveness of different interactions. The categorization process of the qualitative data revealed that “Reliability” (55%) received the highest number of helpful comments while “Flexibility” (44%) received the highest number of not-so-helpful comments.
In several organizations, business workgroups autonomously implement information technology (IT) outside the purview of the IT department. Shadow IT, evolving as a type of workaround from nontransparent and unapproved end-user computing (EUC), is a term used to refer to this phenomenon, which challenges norms relative to IT controllability. This report describes shadow IT based on case studies of three companies and investigates its management. In 62% of cases, companies decided to reengineer detected instances or reallocate related subtasks to their IT department. Considerations of risks and transaction cost economics with regard to specificity, uncertainty, and scope explain these actions and the resulting coordination of IT responsibilities between the business workgroups and IT departments. This turns shadow IT into controlled business-managed IT activities and enhances EUC management. The results contribute to the governance of IT task responsibilities and provide a way to formalize the role of workarounds in business workgroups.
In this chapter, the authors explore a wide mixture of economic and social concepts. At first, the reader may wonder what these diverse theories have to do with Feral Information Systems (FIS). However, the research indicates that understanding how these theoretical puzzle pieces interact with each other is important to increasing the understanding of what drives the End User to create Feral Information Systems.
Cloud computing enables convenient and on-demand access to a shared pool of configurable computing resources. While cloud computing's ability to improve operational efficiency has gained much attention in the literature, there has been limited research on how it can help organizations achieve dynamic capabilities. Drawing from dynamic capabilities theory, we conducted a field study using a multiple case study design to examine the following research question: How do organizations achieve dynamic capabilities by using Cloud Computing? We develop a framework that explains how organizations respond to market dynamism by developing sense-and-response strategies that enable them to achieve dynamic capabilities using business process redesign, business network redesign, and business scope redefinition. We discuss how these transformations, in turn, improve organizational outcomes such as service effectiveness and efficiency. Our study also identifies factors that support and hinder the development of dynamic capabilities. Our study contributes to the literature on dynamic capabilities by examining how IT capabilities like cloud computing may accelerate the ability of an organization to achieve dynamic capabilities. We also identify transformational changes of business processes and inter-organizational networks that are enabled by cloud computing. Further, we identify how the essential characteristics of cloud computing support sense and respond strategies.
Internet security risks, the leading security threats confronting today's organizations, often result from employees' non-compliance with the internet use policy (IUP). Extant studies on compliance with security policies have largely ignored the impact of intrinsic motivation on employees' compliance intention. This paper proposes a theoretical model that integrates an intrinsic self-regulatory approach with an extrinsic sanction-based command-and-control approach to examine employees' IUP compliance intention. The self-regulatory approach centers on the effect of organizational justice and personal ethical objections against internet abuses. The results of this study suggest that the self-regulatory approach is more effective than the sanction-based command-and-control approach. Based on the self-regulatory approach, organizational justice not only influences IUP compliance intention directly but also indirectly through fostering ethical objections against internet abuses. This research provides empirical evidence of two additional effective levers for enhancing security policy compliance: organizational justice and personal ethics.
The ethnographic investigation of a shadow system used in a higher educations institution, Central Queensland University (CQU) was reported in the article. The study explored the way system was built, implemented, and applied, and applied with a specific interest in people's lived experiences- the good, the bad, and the ugly. This shadow system, was developed by Webfuse to support the teaching and learning activities of academics and general staff in a single faculty at CQU. The total of 17 initial interviews were conducted within CQU, and interviewees included developers, users and sponsors of Webfuse. The study demonstrates that contrary to popular opinion, shadow systems can be positive sources of energy for organizations. The study reported that shadow systems may be just what an organization needs, that is a mechanism that ensures their survival in an increasingly competitive and uncertain environment.
This paper provides a summary of studies of user resistance to Information Technology (IT) and identifies workaround activity as an understudied and distinct, but related, phenomenon. Previous categorizations of resistance have largely failed to address the relationships between the motivations for divergences from procedure and the associated workaround activity. This paper develops a composite model of resistance/workaround derived from two case study sites. We find four key antecedent conditions derived from both positive and negative resistance rationales and identify associations and links to various resultant workaround behaviours and provide supporting Chains of Evidence from two case studies.
Justifying Shadow IT Usage
- S Haag
- A Eckhardt
S. Haag and A. Eckhardt, "Justifying Shadow IT Usage," in
PACIS, 2015.
Spreadsheet Application for Determining Activity Priority of Control and Inspection Authorities
- L Milutinovic
- L Rakovic
- S Antic
What drives the end user to build a Feral Information System?
- A Spierings
- D Kerr
- L Houghton
A. Spierings, D. Kerr, and L. Houghton, "What drives the
end user to build a Feral Information System?," ACIS
2012 : Proceedings of the 23rd Australasian Conference on
Information Systems, 2012.
Why managers tolerate workarounds - The role of information systems
- Roder