This paper examines user participation in information systems security risk management and its influence in the context of regulatory compliance via a multi-method study at the organizational level. First, eleven informants across five organizations were interviewed to gain an understanding of the types of activities and security controls in which users participated as part of Sarbanes-Oxley compliance, along with associated outcomes. A research model was developed based on the findings of the qualitative study and extant user participation theories in the systems development literature. Analysis of the data collected in a questionnaire survey of 228 members of ISACA, a professional association specialized in information technology governance, audit, and security, supported the research model. The findings of the two studies converged and indicated that user participation contributed to improved security control performance through greater awareness, greater alignment between IS security risk management and the business environment, and improved control development. While the IS security literature often portrays users as the weak link in security, the current study suggests that users may be an important resource to IS security by providing needed business knowledge that contributes to more effective security measures. User participation is also a means to engage users in protecting sensitive information in their business processes.
Empirical results both from information technology acceptance research as well as from other fields suggest that attitude and subjective norms may have a nonlinear relationship. Based on the economic theory of complementarities, the present paper hypothesizes a substitution relationship or negative synergy between attitude and subjective norms in organizational IT use contexts. Employing two methods for modeling and measuring nonlinear effects of latent constructs, as well as two approaches for visualizing and interpreting interaction and quadratic terms, structural equation modeling analysis of data collected from 258 users of a variety of IT applications in 14 organizations provides support for the hypothesis that attitude and subjective norms were substitutes in predicting intention to use.
Despite calls for improving current approaches to conceptualizing and measuring the construct of information system use, theoretical advances in this regard are still insufficient. The present paper proposes to expand the focus of existing conceptualizations that exclusively focus on technology interaction behaviors via the construct of IS use-related activity. Based on task-technology fit and activity theory, IS use-related activity is conceptualized as a second-order aggregate construct that comprises both technology interaction behaviors, as well as activities users undertake to adapt the task-technology-individual system. A multiple-indicators and multiple-causes analysis of data collected from 190 users in 21 organizations is found to support the proposed conceptualization.
Drawing both from the IS literature on software project risk management and the contingency research in Organization Theory literature, the present study develops an integrative contingency model of software project risk management. Adopting a profile deviation perspective of fit, the outcome of a software development project (Performance) is hypothesized to be influenced by the fit between the project's risk (Risk Exposure) and how project risk is managed (Risk Management Profile). The research model was tested with longitudinal data obtained from project leaders and key users of 75 software projects. The results support the contingency model proposed and suggest that in order to increase project performance a project's risk management profile needs to vary according to the project's risk exposure. Specifically, high-risk projects were found to call for high information processing capacity approaches in their management. However, the most appropriate management approach was found to depend on the performance criterion used. When meeting project budgets was the performance criterion, successful high-risk projects had high levels of internal integration, as well as high levels of formal planning. When system quality was the performance criterion, successful high-risk projects had high levels of user participation.
Researchers from a wide range of management areas agree that conflicts are an important part of organizational life and that their study is important. Yet, interpersonal conflict is a neglected topic in information system development (ISD). Based on definitional properties of interpersonal conflict identified in the management and organizational behavior literatures, this paper tests a model of how individuals participating in ISD projects perceive interpersonal conflict and examines the relationships between interpersonal conflict, management of the conflict, and ISD outcomes. Questionnaire data was obtained from 265 IS staff and 272 users working on 162 ISD projects. Results indicated that the construct of interpersonal conflict was reflected by three key dimensions: disagreement, interference, and negative emotion. While conflict management was found to have positive effects on ISD outcomes, it did not substantially mitigate the negative effects of interpersonal conflict on these outcomes. In other words, the impact of interpersonal conflict was perceived to be negative, regardless of how it was managed or resolved.
Electronic brainstorming (EBS) has been proposed as a superior approach to both nominal brainstorming (working alone) and face-to-face brainstorming (verbal). However, existing empirical evidence regarding EBS's superiority over nominal brainstorming is weak. Through a comprehensive examination of the process gains and process losses inherent to different brainstorming approaches, this paper explains past results. The paper also suggests that the process gain versus process loss advantages of EBS technologies may not be large enough to enable EBS groups to outperform nominal groups. In an effort to find alternate ways of using EBS more productively, three conditions thought to increase EBS's process gains and decrease its process losses (thus improving its productivity) are identified. A laboratory experiment designed to compare the productivity of ad hoc and established groups using four brainstorming technologies (nominal, EBS-anonymous, EBS-nonanonymous, verbal), generating ideas on socially sensitive and less sensitive topics, in the presence and absence of contextual cues, is then described. The results of the experiment showed that overall, groups using nominal brainstorming significantly outperformed groups using the other three brainstorming approaches. Further, even under conditions thought to be favorable to EBS, nominal brainstorming groups were at least as productive as EBS groups. The paper explains these results by suggesting that the process gains of EBS may not be as large as expected and that the presence of four additional process losses inherent to EBS technologies impair its productivity. It is also argued that the prevailing popularity of group brainstorming (verbal or electronic) in organizations may be explained by the perceived productivity of those approaches. These perceptions, which are at odds with reality, create the illusion of productivity. A similar misperception may also cause an illusion of EBS productivity in the research comm...
A After discussing how group size might affect the effectiveness of electronic brainstorming (EBS) as an idea generating tool, Dennis and Valacich (1999) conclude that EBS is not likely to surpass nominal brainstorming for small groups, but that for large groups (i.e., nine or more members), "EBS offers clear performance benefits over nominal group brainstorming, as well as verbal brainstorming." However, in our view, the existing theoretical and empirical evidence does not provide sufficient justification to clearly establish EBS' superiority over nominal brainstorming for large groups.
User participation has long been considered a key ingredient in information system development (ISD). However, research has generally failed to clearly demonstrate the benefits of user participation. A better description of interpersonal processes which occur during system development could be used to help explain the weak results. The present study builds upon the work of Robey and his colleagues (Robey and Farrow 1982, Robey et al. 1989, Robey et al. 1993), who examined user participation, influence, conflict, and conflict resolution during ISD. Results obtained in a field study of 74 IS projects suggest the following four conclusions: (i) conflict is best represented and measured as a multidimensional construct; (ii) the relationship between user participation and conflict is more complex than previously believed; (iii) influence has a dual role in the emergence of conflict; and (iv) influence plays a key role in the satisfactory resolution of conflict.
Defining user participation as the activities performed by users during systems development, user involvement as the importance and personal relevance of a system to its user, and user attitude as the affective evaluation of a system by the user, this study aims to: (1) develop separate measures of user participation, user involvement, and user attitude, (2) identify key dimensions of each construct, and (3) investigate the relationships among them. Responses from users in organizations developing new information systems were used to create an overall scale measuring user participation (along with three subscales reflecting the dimensions of responsibility, user-IS relationship, and hands-on activities), an overall scale measuring user involvement (along with two subscales reflecting the dimensions of importance and personal relevance), and a scale measuring user attitude. Analysis of the data provides evidence for the reliability and validity of the three constructs and their dimensions. User participation has long been considered a key variable in the successful development of information systems. However, past research has failed to clearly demonstrate its benefits. The measures developed in this study pro vide a useful starting point for deciphering the precise nature of the relationship among user participation, involvement, and attitude during systems implementation.
Despite the introduction and use of a wide variety of system development methods and tools, software projects are still plagued by time and cost overruns, and unmet user requirements. To avoid these problems, it is frequently recommended that the risk associated with a software project be managed. A task that is critical to the proper management of software development risk is the assessment of the risks facing the project. Based on previous research, this paper proposes a definition and a measure of software development risk. Subsequently, data collected in a survey of 120 projects is used to assess the reliability and validity of the instrument.
Within the field of information systems (IS), user involvement generally refers to participation in the systems development process by potential users or their representatives and is measured as a set of behaviors or activities that such individuals perform. This article argues for a separation of the constructs of user participation (a set of behaviors or activities performed by users in the system development process) and user involvement (a subjective psychological state reflecting the importance and personal relevance of a system to the user). Such a distinction is not only more consistent with conceptualizations of involvement found in other disciplines, but it also leads to a number of new and interesting hypotheses. These hypotheses promise a richer theoretical network that describes the role and importance of participation and involvement in the implementation process.
Information systems researchers, while helping others build better information systems, have done little in supporting their own information needs. The large amount of knowledge accumulated in IS today has created a situation where the researcher needs some sort of organizing mechanism to map the IS territory and relate its different components. A keyword classification scheme performs such a task through its content descriptors, systematically listed to show their relationships. This paper proposes a keyword classification scheme for IS. The scheme contains over 1,100 keywords and consists of nine top-level categories (reference disciplines, external environment, technological environment, organizational environment, IS management, IS development and operations, IS usage, information systems, and IS education and research), each of which is divided into subcategories.