Computer-based systems are deeply embedded in organisations. This complicates the analysis of risk associated with such systems. The traditional view is that systems have flaws and on the basis of the frequency of manifestation and severity of the consequences we should assess the risk in order to drive the management of flaws. Organisations comprise many different groups whose risk perception may differ radically and whose needs for and attitude to system change also varies depending on role and environment. So two important lines of work in the Risk Theme are: how to exploit the Social Science literature on risk perception to help manage risk in complex organisations; and how to manage the risks of change in complex computer-based systems.
One leading example of the Social Science literature is Mary Douglas’ work on Cultural Theory. There she demonstrates how different constitutions of social groupings within an organisation will shape their perception of risk. We have used Douglas’ ideas to analyse potential risks in organisations focussing on how the dominance of particular groups de-emphasises certain classes of risk . In the area of standards Douglas’ work would suggest that standards writers would tend to emphasise the role of deviants as a source of risks. This is very evident in the NIST security risk assessment guideline which emphasises deviants and tends to neglect internal threats due to excessive diligence of some groups (e.g. system administrators in applying the latest patches). This provides the basis for a technique for identifying organizational risks that might otherwise be overlooked.
In a large-scale study of dependable process transfer from one location to another we have discovered the structure and modularity of organizations can pose significant risks for organizations. In particular the loss of information across modular boundaries can expose complex organizations to significant risks.
In studying change we have been particularly interested in exploring hybrid socio-technical approaches to mitigating the risks of change in complex organisations. One particular approach we have studied in depth is corealisation where a developer is embedded in the organisation and is capable of taking account of competing needs in the organisation. We have also studied the role of trust in managing risk and as a potential source of risk arising from failures of trust [4,5]. This provides strong linkage to the Responsibility Theme.
At a macroscopic scale a fascinating example of risk in large systems is the case of Long Term Capital Management (LTCM). Donald MacKenzie has published several papers on LTCM’s innovative use of a mathematical model for hedge funds[7-14]. MacKenzie's work explores the lessons market mechanisms have for the construction of large-scale computer-based systems. In particular he explores the connection between diversity in computer systems and diversity of portfolio together with social mechanisms that defeat attempts to maintain diversity in a changing market. Here there is a strong link to the Diversity Theme. In the area of standards we have analysed the European norm for medical device risk assessment. We are also commencing work on the analysis of the NIST Risk Assessment Standards.
1. Anderson, S, Koornneef, F & Voges, U (2003). “Risk management for medical devices,” Physica medica, European Journal of Medical Physics, 19(2003) S.63.
2. Anderson, S., Hardstone, G., Procter, R. and Williams, R. “Down in the Data/basement: Supporting Configuration in Organisational Information Systems”, in Ackerman, M., Erickson, T. and Halverson, C. (Eds.) Evolving Information Artefacts, Kluwer, to be published.
3. Buscher, M., Hartswood, M., Mogensen, P., Procter, R, Shapiro, D., Slack, R. and Voss, A. “Promises, Premises and Risks: Sharing Responsibilities, Working Up Trust and Sustaining Commitment in Participatory Design Projects,” in Proceedings of the Participatory Design Conference (PDC 2002), Malmo, Sweden, 23-25 June, Binder, T., Gregory, J., Wagner, I. (eds), pp. 183-192, 2000.
4. Clarke, K.M., Hartswood, M., Procter, R.N., Rouncefield, M., Slack, R, “Minus nine beds: Some Practical Problems of Integrating and Interpreting Information Technology in a Hospital Trust,” in Proceedings of the HC 2002 Conference: Current Perspectives in Healthcare Computing, Harrogate, United Kingdom, 18-20 March, pp. 205-211 2000. 5. Clarke, K., Hartswood, M., Procter, R. and Rouncefield, M, “Trusting the Record,” Methods of Information in Medicine , Volume 42 , pp. 345-352 , 2003.
6. Hardstone, G., Hartswood, M., Procter, R., Slack, R., Voss, A., and Rees, G. 2004. “Supporting informality: team working and integrated care records,” in Proceedings of the 2004 ACM Conference on Computer Supported Cooperative Work (Chicago, Illinois, USA, November 06 - 10, 2004). CSCW '04. ACM Press, New York, NY, 142-151.
7. MacKenzie, D, (with Yuval Millo) “Constructing a Market, Performing Theory: The Historical Sociology of a Financial Derivatives Exchange”, American Journal of Sociology 109 (2003): 107-145. To be reprinted in Richard Swedberg (ed.), New Developments in Economic Sociology (Cheltenham, Glos.: Elgar, forthcoming). Abbreviated French translation as Construction d’un marché et performation théorique: sociologie d’une bourse de produits dérivés financiers, Réseaux 122 (2003): 15-61.
8. MacKenzie, D. “Long-Term Capital Management and the Sociology of Arbitrage,” Economy and Society 32 (2003): 349-380. Abbreviated version reprinted as “How a Superportfolio Emerges: Long-Term Capital Management and the Sociology of Arbitrage,” in Karin Knorr Cetina and Alex Preda (eds), The Sociology of Financial Markets (Oxford: Oxford University Press, 2004), 62-83.
9. MacKenzie, D. “An Equation and its Worlds: Bricolage, Exemplars, Disunity and Performativity in Financial Economics,” Social Studies of Science 33 (2003): 831-868.
10. MacKenzie, D. “Social Connectivities in Global Financial Markets,” Environment and Planning D: Society and Space 22 (2004): 83-101.
11. MacKenzie, D. “The Big, Bad Wolf and the Rational Market: Portfolio Insurance, the 1987 Crash and the Performativity of Economics,” Economy and Society 33 (2004): 303-334.
12. MacKenzie, D. “Mathematizing Risk: Models, Arbitrage and Crises,” Revue d’Histoire des Sciences, in press.
13. MacKenzie, D. “Opening the Black Boxes of Global Finance,” Review of International Political Economy, accepted for publication.
14. MacKenzie, D. “Models, Risk and Crises: The Global Financial System in 1998,” in Mike Power and Bridget Hutter (eds), Organizational Encounters with Risk (Cambridge: Cambridge University Press), accepted for publication.
15. Douglas M. and Wildavsky A, Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers. Berkeley: University of California Press, 1982.
16. Risk Management Guide for Information Technology Systems, NIST SP 800-30, July 2002
|Page Maintainer: firstname.lastname@example.org||Credits||Project Members only||Last Modified: 10 August, 2005|