@inproceedings{99ee1fcfca984dd59c18eeb841f05a12,
title = "Understanding the enabling design of IT risk management processes",
abstract = "Although managing information technology (IT) risks is widely regarded as a critical in organizations, stakeholders often question the value provided by IT risk management (IT-RM) to an organization. Organizational research suggests the concept of 'enabling formalization' to design highly formalized organizational processes. Processes like IT-RM that are designed in an enabling way support organizational members through flexible guidelines that communicate best practices and empower them in resolving surprises and crises during process execution. It remains unclear, however, how organizations can implement enabling IT-RM processes. We conduct an exploratory study and identify four design decisions for IT-RM. We identify different solutions to these IT-RM design decision and provide empirical evidence as to how these solutions facilitate enabling process design. Our results suggest that organizations need to balance rewarding and punishment-centered strategies in designing IT-RM to change it from an ineffective, costly, and detrimental endeavor into an enabling organizational process.",
keywords = "Design decisions, Enabling, Grounded theory techniques, IT risk management",
author = "Manuel Wiesche and Michael Schermann and Helmut Krcmar",
year = "2015",
language = "English",
isbn = "9780996683111",
series = "2015 International Conference on Information Systems: Exploring the Information Frontier, ICIS 2015",
publisher = "Association for Information Systems",
booktitle = "2015 International Conference on Information Systems",
note = "2015 International Conference on Information Systems: Exploring the Information Frontier, ICIS 2015 ; Conference date: 13-12-2015 Through 16-12-2015",
}