We draw on notions of power and the social construction of risk to understand the persistence of shadow IT within organizations. From a single case study in a mid-sized savings bank we derive two feedback cycles that concern shifting power relations between business units and central IT associated with shadow IT. A distant business-IT relationship, a lack of IT business knowledge and changing business needs can create repeated cost and time pressures that make business units draw on shadow IT. The perception of risk can trigger an opposing power shift back through the decommissioning and recentralization of shadow IT. However, empirical findings suggest that the weakening tendency of formal programs may not be sufficient to stop the shadow IT cycle spinning if they fail to address the underlying causes for the shadow IT emergence. These findings highlight long-term dynamics associated with shadow IT and pose "risk" as a power-shifting construct.
展开▼
