Download PDFOpen PDF in browserAn Exploratory Study of IT Risk Management ImplementationEasyChair Preprint 630211 pages•Date: August 16, 2021AbstractThis paper presents an exploratory study of IT risk management implementation with a focus on process and individual IT culture. This qualitative study adopts a subjectivist epistemology, complemented by an interpretive paradigm and inductive reasoning. A series of three case studies were designed around twenty-seven semi-structured in-depth interviews and were conducted to investigate how and why IT individuals implemented a risk management framework within an IT department. The findings suggest a dynamic approach to implementing IT risk management frameworks — one that considers the interaction over time of intentions, context, process, and action. The research develops a substantive theory involving a schematic model comprised of four sub-process and a set of theoretical propositions. The last section presents an evaluation of the resulting theory by following the guidelines introduced by Sjøberg et al. (2008) for building behavioural theories in software engineering. Keyphrases: IS implementation, IT Individual Culture, IT Risk Management, interpretive research, process research
|