In this paper we set out to demonstrate that the traditional approach to risk management is based on a flawed assumption regarding the objectivity of risk. Risk management is generally seen as a possible remedy for the frequent failure of ISD efforts. The idea behind traditional risk management is that risk factors must first be identified and evaluated, then eliminated or kept in check. Our argument is that this approach is problematic because it assumes the objective reality of risk. The assumption that risk is objective gives managers a false sense of security. Furthermore, it also eliminates those risks that might be specific to an organisation or a situation from being dealt with. We suggest that risks should be viewed as social constructions. On the one hand this approach is more suitable to the nature of risks and the epistemology of risk research. On the other hand, a constructionist view of risks offers a sound theoretical foundation for participative managerial tactics which offer a better avenue for dealing with the positive as well as the negative aspects of risk than the traditional approach.
|Journal||Communications of the International Information Management Association|
|Publication status||Published - 2003|