Dealing with Risks and Workarounds: A Guiding Framework

  • João BarataEmail author
  • Paulo Rupino da Cunha
  • Luís Abrantes
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 235)


We present rISk-arounD, an enterprise-wide framework for modeling risks and workarounds in conformity with ISO 9001. The mode of inquiry is the canonical action research (CAR), conducted in a metalworking company. Our contribution suggests that (1) risks and workarounds should be jointly considered to model uncertainty in organizations, (2) participative enterprise modeling can assist process improvement and regulatory compliance, and (3) it is also necessary to address informal “shadow” practices in enterprise models. Moreover, we discuss how to adopt CAR to promote a culture of participative enterprise modeling. This framework can help organizations in their transition to the new 2015 version of ISO 9001, which endorses process oriented approaches and risk-based thinking as top priorities.


Information systems Participative enterprise modeling Risks Workarounds rISk-arounD ISO 9001:2015 



The authors thank the three reviewers for their comments and ideas to improve the paper. This work has been partially funded by European Regional Development Fund (ERDF), within the National Strategic Reference Framework (NSRF) – Mais Centro.


  1. 1.
    Alter, S.: Theory of workarounds. Commun. Assoc. Inf. Syst. 34, 1041–1066 (2014)Google Scholar
  2. 2.
    Röder, N., Wiesche, M., Schermann, M., Krcmar, H.: Workaround aware business process modeling. In: Proceedings of International Conference on Wirtschaftsinformatik, pp. 482–496 (2015)Google Scholar
  3. 3.
    Stirna, J., Persson, A., Sandkuhl, K.: Participative enterprise modeling: experiences and recommendations. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007 and WES 2007. LNCS, vol. 4495, pp. 546–560. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    ISO: ISO 9001 Quality management system – requirements. International Organization for Standardization, Geneva (2008)Google Scholar
  5. 5.
    IAF: Transition planning guidance for ISO 9001:2015. ISO/TC 176/SC2. International Accreditation Forum (2015)Google Scholar
  6. 6.
    Antunes, A., Cunha, P.R., Barata, J.: MUVE IT: Reduce the Friction in Business Processes. Bus. Process Manag. J. 20, 571–597 (2014)CrossRefGoogle Scholar
  7. 7.
    Sadgrove, M.K.: The Complete Guide to Business Risk Management. Ashgate (2015)Google Scholar
  8. 8.
    Alter, S., Sherer, S.A.: A general, but readily adaptable model of information system risk. Commun. Assoc. Inf. Syst. 14, 1–28 (2004)Google Scholar
  9. 9.
    Zur Mühlen, M., Rosemann, M.: Integrating Risks in Business Process Models. In: Proceedings of ACIS, pp. 62–72 (2005)Google Scholar
  10. 10.
    Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A.H.M., Adams, M., Conforti, R., Fidge, C., La Rosa, M., Ouyang, C., Pika, A., Rosemann, M., Wynn, M.: Current research in risk-aware business process management - overview, comparison, and gap analysis. Commun. Assoc. Inf. Syst. 34, 933–984 (2014)Google Scholar
  11. 11.
    Ferneley, E.H., Sobreperez, P.: Resist, comply or workaround? an examination of different facets of user engagement with information systems. Eur. J. Inf. Syst. 15, 345–356 (2006)CrossRefGoogle Scholar
  12. 12.
    Malaurent, J., Avison, D.: Reconciling global and local needs: a canonical action research project to deal with workarounds. Inf. Syst. J. (2015). doi: 10.1111/isj.12074 Google Scholar
  13. 13.
    Popescu, M., Dascalu, A.: Considerations on integrating risk and quality management. Annals of “Dunarea de Jos” University of Galati, Fascicle I, pp. 49–54 (2011)Google Scholar
  14. 14.
    Aureli, S., Salvatori, F.: The current state of risk management in italian small and medium-sized enterprises. In: Proceedings of AMIS, pp. 15–36 (2013)Google Scholar
  15. 15.
    Islam, A., Tedford, D.: Risk determinants of small and medium-sized manufacturing enterprises (SMEs) - an exploratory study in New Zealand. J. Ind. Eng. Int. 8, 12 (2012)CrossRefGoogle Scholar
  16. 16.
    Susman, G.I., Evered, R.D.: An assessment of the scientific merits of action research. Adm. Sci. Q. 23, 582–603 (1978)CrossRefGoogle Scholar
  17. 17.
    Davison, R., Martinsons, M.G., Kock, N.: Principles of canonical action research. Inf. Syst. J. 14, 65–86 (2004)CrossRefGoogle Scholar
  18. 18.
    Holton, G.A., Knight, F.: Defining risk. Financ. Anal. J. 60, 19–25 (2006)CrossRefGoogle Scholar
  19. 19.
    Kaplan, R.S.: Risk management and the strategy execution system. Balanc. Scorec. Rep. 11, 1–6 (2009)Google Scholar
  20. 20.
    Zoet, M., Welke, R., Versendaal, J., Ravesteyn, P.: Aligning risk management and compliance considerations with business process development. In: Di Noia, T., Buccafurri, F. (eds.) EC-Web 2009. LNCS, vol. 5692, pp. 157–168. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    NIST, N.I. of S. and T.: NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach (2010)Google Scholar
  22. 22.
    Sadiq, W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Handel, M.J., Poltrock, S.: Working around official applications. In: Proceedings of CSCW (2011)Google Scholar
  24. 24.
    Röder, N., Schermann, M.: Why managers tolerate workarounds - the role of information systems. In: Proceedings of AMCIS (2014)Google Scholar
  25. 25.
    Zhou, X., Ackerman, M., Zheng, K.: CPOE workarounds, boundary objects, and assemblages. In: Proceedings of CHI (2011)Google Scholar
  26. 26.
    Halbesleben, J.R.B., Wakefield, D.S., Wakefield, B.J.: Work-arounds in health care settings: Literature review and research agenda. Health Care Manage. Rev. 33, 2–12 (2008)CrossRefGoogle Scholar
  27. 27.
    Gallear, D., Ghobadian, A.: An empirical investigation of the channels that facilitate a total quality culture. Total Qual. Manag. Bus. Excell. 15, 1043–1067 (2004)CrossRefGoogle Scholar
  28. 28.
    Persson, A., Stirna, J.: An explorative study into the influence of business goals on the practical use of enterprise modelling methods and tools. In: Proceedings of ISD, pp. 275–287. Springer, New York (2001)Google Scholar
  29. 29.
    Holmes, K.J., Graham, J.A., McKone, T., Whipple, C.: Regulatory models and the environment: practice, pitfalls, and prospects. Risk Anal. 29, 159–170 (2009)CrossRefGoogle Scholar
  30. 30.
    Barata, J., da Cunha, P.R.: Modeling the organizational regulatory space: a joint design approach. In: Grabis, J., Kirikova, M., Zdravkovic, J., Stirna, J. (eds.) PoEM 2013. LNBIP, vol. 165, pp. 206–220. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  31. 31.
    Barata, J., Cunha, P.R.: Five dimensions of information systems: a perspective from the IS and quality managers. In: Proceedings of EMCIS, Windsor, UK (2013)Google Scholar
  32. 32.
    Baxter, G., Sommerville, I.: Socio-technical systems: from design methods to systems engineering. Interact. Comput. 23, 4–17 (2011)CrossRefGoogle Scholar
  33. 33.
    Ojala, M., Vilpola, I., Kouri, I.: Risks and risk management in ERP Project-cases in SME Context. In: Proceedings of 9th International Conference on Business Information Systems (BIS 2006), pp. 179–186 (2006)Google Scholar
  34. 34.
    Kim, J.K., Sharman, R., Rao, H.R., Upadhyaya, S.: Framework for analyzing critical incident management systems (CIMS). In: Proceedings of HICSS (2006)Google Scholar
  35. 35.
    Nadhrah, N., Michell, V.: A normative method to analyse workarounds in a healthcare environment: motivations, consequences, and constraints. In: Proceedings of ICISO, pp. 195–205 (2013)Google Scholar
  36. 36.
    Strecker, S., Heise, D., Frank, U.: RiskM: A multi-perspective modeling method for IT risk assessment. Inf. Syst. Front. 13, 595–611 (2010)CrossRefGoogle Scholar
  37. 37.
    Carnaghan, C.: Business process modeling approaches in the context of process level audit risk assessment: an analysis and comparison. Int. J. Account. Inf. Syst. 7, 170–204 (2006)CrossRefGoogle Scholar
  38. 38.
    Hevner, A.R., March, S.T., Park, J.: Design science in information systems research. MIS Q. 28, 75–105 (2004)Google Scholar
  39. 39.
    Baskerville, R., Wood-Harper, A.T.: Diversity in information systems action research methods. Eur. J. Inf. Syst. 7, 90–107 (1998)CrossRefGoogle Scholar
  40. 40.
    Vries, E.: Rigorously relevant action research in information systems. Sprouts Work. Pap. Inf. Syst. 7, 1–24 (2007)Google Scholar
  41. 41.
    Myers, M.D., Newman, M.: The qualitative interview in IS research: examining the craft. Inf. Organ. 17, 2–26 (2007)CrossRefGoogle Scholar
  42. 42.
    Bernus, P.: Enterprise models for enterprise architecture and ISO9000:2000. Annu. Rev. Control. 27, 211–220 (2003)CrossRefGoogle Scholar
  43. 43.
    Yang, Z., Ng, B.Y., Kankanhalli, A., Luen Yip, J.W.: Workarounds in the use of IS in healthcare: a case study of an electronic medication administration system. Int. J. Hum. Comput. Stud. 70, 43–65 (2012)CrossRefGoogle Scholar
  44. 44.
    Pentland, B.T., Feldman, M.S.: Designing routines: on the folly of designing artifacts, while hoping for patterns of action. Inf. Organ. 18, 235–250 (2008)CrossRefGoogle Scholar
  45. 45.
    Barata, J., Cunha, P.R.: ISO2: A new breath for the joint development of IS and ISO 9001 management systems. In: Escalona, M., Aragón, G., Linger, H., Lang, M., Barry, C., Schneider, C. (eds.) Information Systems Development: Improving Enterprise Communication (Proceedings of ISD), pp. 499–510. Springer, Switzerland (2014)Google Scholar
  46. 46.
    Davison, R., Martinsons, M.G., Ou, C.X.J.: The roles of theory in canonical action research. MIS Q. 36, 763–786 (2012)Google Scholar
  47. 47.
    Luebbe, A., Weske, M.: Investigating process elicitation workshops using action research. In: Proceedings of BPM 2011 International Workshops, LNBIP 99, pp. 345–356. Springer, Heidelberg (2012)Google Scholar
  48. 48.
    French, J.R.P.: Field experiments: changing group productivity. In: Miller, J.G. (ed.) Experiments in Social Process: A Symposium on Social Psychology, pp. 81–96. McGraw-Hill, New York (1950)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • João Barata
    • 1
    • 2
    • 3
    Email author
  • Paulo Rupino da Cunha
    • 3
  • Luís Abrantes
    • 4
  1. 1.CTCV, Technological Center for Ceramics and GlassAntanholPortugal
  2. 2.ISMT, Miguel Torga InstituteCoimbraPortugal
  3. 3.CISUC, Department of Informatics EngineeringUniversity of CoimbraCoimbraPortugal
  4. 4.MIC, Mecânica Industrial de CoimbraTaveiroPortugal

Personalised recommendations