Download PDFOpen PDF in browser

An Exploratory Study of IT Risk Management Implementation

EasyChair Preprint no. 6302

11 pagesDate: August 16, 2021


This paper presents an exploratory study of IT risk management implementation with a focus on process and individual IT culture. This qualitative study adopts a subjectivist epistemology, complemented by an interpretive paradigm and inductive reasoning. A series of three case studies were designed around twenty-seven semi-structured in-depth interviews and were conducted to investigate how and why IT individuals implemented a risk management framework within an IT department. The findings suggest a dynamic approach to implementing IT risk management frameworks — one that considers the interaction over time of intentions, context, process, and action. The research develops a substantive theory involving a schematic model comprised of four sub-process and a set of theoretical propositions. The last section presents an evaluation of the resulting theory by following the guidelines introduced by Sjøberg et al. (2008) for building behavioural theories in software engineering.

Keyphrases: interpretive research, IS implementation, IT Individual Culture, IT Risk Management, process research

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
  author = {Neda Azizi and Claire Davison and Peyman Akhavan and Omid Haass},
  title = {An Exploratory Study of IT Risk Management Implementation},
  howpublished = {EasyChair Preprint no. 6302},

  year = {EasyChair, 2021}}
Download PDFOpen PDF in browser