Abstract

Non-compliant IT use, characterized by behavior that deviates from organizational IT norms, is prevalent and increasing, often leading to negative consequences such as security threats. Existing literature lacks a comprehensive understanding of this phenomenon, hindering effective governance. This paper develops a non-compliant IT use taxonomy through a systematic configurational taxonomy development approach, grounded in empirical data from 49 interviews across 23 events of non-compliant IT use in four organizations. Thematic analysis and topic modeling identify attributes, and Fuzzy-Set Qualitative Comparative Analysis (fsQCA) uncovers distinct non-compliant IT use types. Preliminary results indicate attributes such as non-compliance consensus, actors cardinality, task type, norm source, and norm legitimacy describe distinct non-compliant IT use types, e.g., individual AI augmentation. The taxonomy aids research and practice by providing a tool for improved risk assessment, policy design, and interventions. Finalizing attributes and delineating types via fsQCA are the next steps.

Download

Share

COinS