Abstract

Organizations face challenges in managing non-compliant information technology (IT) use, which involves deploying IT that deviates from salient norms. While existing research often identifies deterrence-focused governance mechanisms, the lack of nuanced, multilevel causal explanations prevents effective governance of non-compliant IT use. This study employed a critical realist, qualitative, multi-method, multi-case study methodology, utilizing data from four organizations collected through 49 semi-structured interviews investigating 23 events of non-compliant IT use. The analysis employed an iterative six-step data analysis approach, incorporating coding and retroduction, to elucidate Context-Mechanism-Outcome configurations as causal mechanisms underlying non-compliant IT use governance. The detailed causal explanations explicate how multilevel governance mechanisms influence non-compliant IT use. Salient findings from one non-compliant IT use governance mechanism underscore how policy ambiguity, perceived norm legitimacy, communication efficacy, and group dynamics significantly negatively impact mechanism effectiveness. We contribute in-depth, nuanced, mechanism-based explanations, extending IT governance and non-compliance literature by elucidating complex multilevel mechanisms.

Download

Share

COinS