When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'

Manuel Wiesche; Michael Schermann; Helmut Krcmar

doi:10.1109/HICSS.2013.607

When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'

Manuel Wiesche, Michael Schermann, Helmut Krcmar

Informatics 17 - Chair of Information Systems and Business Process Management

Technical University of Munich

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

This paper investigates the complications of designing effective governance for IT risk management (IT-RM). Literature on formal governance suggests that either a coercive (i.e., to force employees' effort and compliance) or an enabling (i.e., to help employees better to master their tasks) design of procedures help to avoid what literature calls 'mock bureaucracy' (i.e., rules are promulgated for their symbolic value but ignored in practice). Our analysis of two organizations, however, implies that both coercive and enabling governance for IT-RM may lead to mock bureaucracy. We categorize antecedents of 'mock' IT-RM procedures and identify important design challenges for IT-RM research and practice. Our study contributes to the IT governance body of knowledge by linking types of bureaucracy to IT governance tasks and providing anti-patterns associated with IT-RM procedures.

Original language	English
Title of host publication	Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013
Pages	4502-4511
Number of pages	10
DOIs	https://doi.org/10.1109/HICSS.2013.607
State	Published - 2013
Event	46th Annual Hawaii International Conference on System Sciences, HICSS 2013 - Wailea, Maui, HI, United States Duration: 7 Jan 2013 → 10 Jan 2013

Publication series

Name	Proceedings of the Annual Hawaii International Conference on System Sciences
ISSN (Print)	1530-1605

Conference

Conference	46th Annual Hawaii International Conference on System Sciences, HICSS 2013
Country/Territory	United States
City	Wailea, Maui, HI
Period	7/01/13 → 10/01/13

Access to Document

10.1109/HICSS.2013.607

Cite this

Wiesche, M., Schermann, M., & Krcmar, H. (2013). When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'. In Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013 (pp. 4502-4511). Article 6480386 (Proceedings of the Annual Hawaii International Conference on System Sciences). https://doi.org/10.1109/HICSS.2013.607

@inproceedings{24ee4abcff3545909caa43d8085c28f5,

title = "When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'",

abstract = "This paper investigates the complications of designing effective governance for IT risk management (IT-RM). Literature on formal governance suggests that either a coercive (i.e., to force employees' effort and compliance) or an enabling (i.e., to help employees better to master their tasks) design of procedures help to avoid what literature calls 'mock bureaucracy' (i.e., rules are promulgated for their symbolic value but ignored in practice). Our analysis of two organizations, however, implies that both coercive and enabling governance for IT-RM may lead to mock bureaucracy. We categorize antecedents of 'mock' IT-RM procedures and identify important design challenges for IT-RM research and practice. Our study contributes to the IT governance body of knowledge by linking types of bureaucracy to IT governance tasks and providing anti-patterns associated with IT-RM procedures.",

author = "Manuel Wiesche and Michael Schermann and Helmut Krcmar",

year = "2013",

doi = "10.1109/HICSS.2013.607",

language = "English",

isbn = "9780769548920",

series = "Proceedings of the Annual Hawaii International Conference on System Sciences",

pages = "4502--4511",

booktitle = "Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013",

note = "46th Annual Hawaii International Conference on System Sciences, HICSS 2013 ; Conference date: 07-01-2013 Through 10-01-2013",

}

Wiesche, M, Schermann, M & Krcmar, H 2013, When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'. in Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013., 6480386, Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 4502-4511, 46th Annual Hawaii International Conference on System Sciences, HICSS 2013, Wailea, Maui, HI, United States, 7/01/13. https://doi.org/10.1109/HICSS.2013.607

When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'. / Wiesche, Manuel; Schermann, Michael; Krcmar, Helmut.
Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013. 2013. p. 4502-4511 6480386 (Proceedings of the Annual Hawaii International Conference on System Sciences).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - When IT risk management produces more harm than good

T2 - 46th Annual Hawaii International Conference on System Sciences, HICSS 2013

AU - Wiesche, Manuel

AU - Schermann, Michael

AU - Krcmar, Helmut

PY - 2013

Y1 - 2013

N2 - This paper investigates the complications of designing effective governance for IT risk management (IT-RM). Literature on formal governance suggests that either a coercive (i.e., to force employees' effort and compliance) or an enabling (i.e., to help employees better to master their tasks) design of procedures help to avoid what literature calls 'mock bureaucracy' (i.e., rules are promulgated for their symbolic value but ignored in practice). Our analysis of two organizations, however, implies that both coercive and enabling governance for IT-RM may lead to mock bureaucracy. We categorize antecedents of 'mock' IT-RM procedures and identify important design challenges for IT-RM research and practice. Our study contributes to the IT governance body of knowledge by linking types of bureaucracy to IT governance tasks and providing anti-patterns associated with IT-RM procedures.

AB - This paper investigates the complications of designing effective governance for IT risk management (IT-RM). Literature on formal governance suggests that either a coercive (i.e., to force employees' effort and compliance) or an enabling (i.e., to help employees better to master their tasks) design of procedures help to avoid what literature calls 'mock bureaucracy' (i.e., rules are promulgated for their symbolic value but ignored in practice). Our analysis of two organizations, however, implies that both coercive and enabling governance for IT-RM may lead to mock bureaucracy. We categorize antecedents of 'mock' IT-RM procedures and identify important design challenges for IT-RM research and practice. Our study contributes to the IT governance body of knowledge by linking types of bureaucracy to IT governance tasks and providing anti-patterns associated with IT-RM procedures.

UR - http://www.scopus.com/inward/record.url?scp=84875486615&partnerID=8YFLogxK

U2 - 10.1109/HICSS.2013.607

DO - 10.1109/HICSS.2013.607

M3 - Conference contribution

AN - SCOPUS:84875486615

SN - 9780769548920

T3 - Proceedings of the Annual Hawaii International Conference on System Sciences

SP - 4502

EP - 4511

BT - Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013

Y2 - 7 January 2013 through 10 January 2013

ER -

When IT risk management produces more harm than good: The phenomenon of 'mock bureaucracy'

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this