9 Workarounds in information management

In this chapter

The focus of the research on workarounds in the enterprise and in a clinical setting is on the extent to which an employee uses an IT process in the specific way in which it was designed to be used. A significant amount of work has gone into identifying the reasons why the employee might create, use and share a workaround, but very little attention has been given to the extent to which a workaround could have an impact on information quality and as a result have an impact on the extent to which decisions made on the information might not be optimal. This could result in significant risks to the organisation.

Cut, paste and deliver

When it comes to information management workarounds you have probably used a workaround every day, and maybe every hour. The workaround is known better as ‘cut and paste’ and we have all done it, as indeed I have in writing this book.

Although organisations of all sizes and sectors use IT to support the execution of processes the content in these processes is almost always validated at the point of being added to the process through a series of data quality checks. At a very simple level, using GB to denote Great Britain is not an allowed term, and the system only accommodates UK. Once in the system the data element is then locked down so that it cannot be changed without due authority from a manager with the training, experience and authority to do so. The data quality and consistency is managed through a Master Data Schema which is managed with considerable care.

However there are many processes which depend to a greater or lesser extent on the creation of what is often described as ‘free text’, ranging from emails to the Annual Report of the organisation. The quality control of this content should in principle be governed within an information management strategy and set of policies but very few organisations have an information management framework or any policies.

For many years I have been promoting a high-level information charter as a framework for information management that I recommend a Board of Directors should adopt in the same way as they will have policies on ethical behaviours or climate control.

The charter is that employees can :-

  1. Find the internal and external information they need to make effective business decisions that reduce corporate risk, enhance the achievement of strategic and operational objectives and enable them to develop their careers.
  2. Trust that the information they find to be the best and most current available.
  3. Publish information so that it can be used by other employees both as quickly as is appropriate.
  4. Locate and take advantage of the expertise and experience of other employees.
  5. Link to internal and external social and business networks.
  6. Be confident that the roles and responsibilities of their manager include ensuring that their information requirements are recognised and addressed appropriately.
  7. Be assured that the organisation complies with all legal and regulatory requirements for the retention, use and transmission of information.
  8. Take advantage of training in how to be effective users and managers of information resources.

Laumer et al (Laumer, Maier and Weitzel 2017) highlight that very little research has been carried out on workarounds in content management systems, and that is still the situation. Google Scholar listed 151 citations to this paper but on inspection relatively few are directly concerned with workarounds and are citing the paper because it provides a good overview of the lack of information management discipline in organisations. The case study in the paper was of a financial service provider with approximately 900 employees. The organisation had introduced a web-based enterprise content management (ECM) system to support organisational processes and employees’ work routines, providing information not covered by the core IS (e.g. core banking system) but required to support sales talks and other work routines.

Among the workarounds that emerged from the research were

  • Employees call experts by phone when they have a question instead of searching for the information they need in the ECM system.
  • If experts do not respond by phone, employees write an e-mail requesting help and information.
  • Employees ask their co-workers for help instead of searching for information.
  • If co-workers cannot provide the information, they call experts in the organisation.
  • Employees use their own local file systems to share information within a group of people.
  • Instead of using the information provided that might solve an IT issue, employees open tickets to get help from the IT department

Downstream impact assessment

Business processes rarely have just a single step; one process or task leads onto another process or task, the scope and purpose of which may well be invisible to an individual employee. This could be because the process shifts to a different department or even a different location. A good model for the consequences of workarounds that are information rich has been developed by Drum (2015). These are Neutral, Obstruction and Requirement. A neutral workaround has no impact on the downstream user of the information, an obstruction workaround creates a block on the downstream user’s workflow and a requirement workaround is a workaround that is imperative for the completion of the given task.

Processes and procedures

Processes are linear but in an office/document environment there can be multiple contributors to a document in a mix of parallel and linear paths. Whether ‘procedure’ is a better description is arguable. The important distinction is that it is highly likely that a document is prepared for a reader to make a decision, and that decision inevitably carries with it a degree of risk. A useful illustration of a decision process is that presented by Citroen (2011) in his study of how senior executives collect the information they need to make strategic decisions. The multiplicity of actors and processes involved in the preparation of a document makes it very difficult to identify where workarounds have been undertaken. The paper includes a flow chart which illustrates quite graphically the complexity of a work flow leading up to a strategic decision.

This is especially the case when contributions have been made from multiple locations in a multi-national business. Often intermediaries are involved in managing the flows of information. A paper by Brooks et al (Brooks, Oshri and Ravishankar 2018) explores these complex issues in some detail with quotes from participants. A useful bibliography of prior work is provided.

Setting the standards

Many organisations are compliant with ISO 9001:2015 for quality management systems. Clause 4.4 (Quality management systems and its processes) requires the organisation to

“maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confident that the processes are being carried out as planned.”

Controlling documents is a key requirement of ISO 9001:2015 (Control of Documents’ (4.2.3)), and one of the required six documented procedures is the Document Control Procedure (4.2.3). The standard specifies that seven controls should be defined within the procedure.

These controls are

  1. To approve documents for adequacy prior to issue
  2. To review and update as necessary and re-approve documents
  3. To ensure that changes and the current revision status of documents are identified
  4. To ensure that relevant versions of applicable documents are available at points of use
  5. To ensure that documents remain legible and readily identifiable
  6. To ensure that documents of external origin determined by the organisation to be necessary for the planning and operation of the quality management system are identified and their distribution controlled
  7. To prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
  8. To apply suitable identification to them if they are retained for any purpose.

In developing processes and procedures for managing information the problem with ISO 9001:2015 is that the standard only considers the quality management processes and neither the quality or availability of information, especially in cases where compliance with the standard is not a requirement. Financial information is just one example.

Without any formal performance benchmarks for the quality of the content it is down to an individual employee to make an as-informed judgement as they can about the quality of the information they receive.

The dark side of information

Stone (2020) reviews the literature on information mismanagement and constructs a typology of misinformation that can be applied to analyse project planning and strategic planning processes to reduce the chances of failure that results from information mismanagement. One of the categories in their list of potential sources of what they denote as Dark Side Information Behaviour (DSIB) are system or process issues such as

  • Information incompetence systems and processes do not deliver required information and the situation is tolerated.
  • Unconscious or deliberate creation/sustaining of a process/system known to support a particular type of DSIB.

However, there is no further analysis of the extent and impact of systems-related issues, and the concept of workarounds is not considered.

A nuclear disaster case study

The Fukushima nuclear disaster took place on 11 March 2011 at the Fukushima Daiichi Nuclear Power Plant in Ōkuma, Fukushima, Japan. The proximate cause of the disaster was the 2011 Tōhoku earthquake and tsunami, which occurred on the afternoon of 11 March 2011 and remains the most powerful earthquake ever recorded in Japan. The earthquake triggered a powerful tsunami, with 13–14-metre-high waves damaging the nuclear power plant’s emergency diesel generators, leading to a loss of electric power.

In 2014 (Thatcher et al) undertook a forensic analysis of the published reports on the causes of the disaster show that a culture of ‘nuclear energy is safe’. Communication was informal and oral and a cost saving attitude developed in which natural disasters were viewed as low risk. As a result resources were not provided for protective measures, causing a lack of preparedness for the disaster. Information which did not conform to pre-existing attitudes towards nuclear power was avoided, ignored and distorted.

The paper does not specifically cite ‘workarounds’ as a cause of the disaster but in effect I would argue that the way in which information was ‘managed’ was indeed a workaround as it saved time and effort (oral versus documented reports) and important information was not shared with employees who could have taken a contrary view of the opinions expressed.

A question of trust

It can be difficult to appreciate the scale of the information that is pushed to an employee, either by a process (as they are the next link in a pre-ordained sequence) or by a person using email or internal social media. In the case of a personal push the recipient may well know the person or has the means of checking out their credentials using a personal directory. When it is pushed by a system it can well be impossible to find out who created the process and which employee completed a process that triggered the onward journey of a piece of information. The format of the information is unlikely to be a document (which would usually have an owner) but instead there is data appearing in a structured user interface.

In principle enterprise systems should be able to carry out authority checks on information added to a system, but this tends to be at a very basic level, e.g. does the product number have five digits and two letters? In theory the system should be able to access a product data base to validate the product number but the challenges of maintaining enterprise databases on a frequent-enough level to provide a comprehensive and authoritative validation are significant.

Then comes the problem of detecting the workaround that may have been used to create the data that the employee has received, and being able to judge if the workaround has in any way resulted in incorrect data and information being forwarded down the process line.

Most organisations are unaware of the scale of employees working around a problem by making contact with an ‘expert’. This leads into the difficult area of defining what an expert is. In my opinion an expert is someone with apparently more knowledge about a particular topic than I have. It does not necessarily mean that the expert is a senior manager with a long period of employment in the organisation.

In addition there is an assumption that the expert will respond quickly enough for the process to be completed. The expert contacted may not be available or may not feel it is their responsibility to respond to the query.

Crossing the firewall

Information workarounds inside an organisation will probably have little immediate impact outside the organisation. A notable exception of that assumption is the case of financial information, even if it is not for public circulation. Drum (2015) has considered in some detail the issues that can arise in financial reporting where workarounds have resulted in some degree of corruption of the financial records of the organisation, records that will then be used by internal and in particular, external auditors, to assess the financial performance of the organisation.

Subsequent papers (Drum 2016 and Drum 2017) take this framework further to assess the problems that organisations face in collecting and managing financial information, as this information will have to be forwarded to external auditors for validation.

Information management in a clinical setting

Ensuring that information collection and distribution in an organisation is not compromised by workarounds is of primary importance in clinical settings using electronic health care records. (Jylha 2016) considers incident reports relating to situations where information accuracy has been compromised. This paper does not explicitly include workarounds in the research and analysis but does illustrate the wide range of information-related issues that can arise.

This is also the case with a thesis by Elliott (2022) but the value of the research lies in the direct quotes from clinicians and others managing patient notes under often significant time constraints. There are no specific references to workarounds but the interviews do indicate the pressures that clinical staff experience in managing patient records.

The bottom line

The attention being paid to business process management and process mining might suggest that all workarounds are under observation, even if not directly under control. However, there is a view that 80% of the content in an organisation is text-based. This is managed through procedures which are probably based on previous experience, personal knowledge and personal networks. Tracking these procedures using log data is not going to identify workarounds that have been taken in the development of a document or presentation. Few organisations have robust information management management strategies and policies which provide the basis for creating high-quality content on which business-critical decisions can be based. In the digital workplace, the subject of Chapter 10,  data and information applications come together. adding to the complexity of the systems being delivered to an employee.


Brooks, J.W., Oshri, I., & Ravishankar, M.N. (2018). Information brokering in globally distributed work: A workarounds perspective. Proceedings of the thirty ninth International Conference on Information Systems, San Francisco. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3936293

Drum, D.M., Standifer, R. & Bourne, K. (2015). Facing the consequences: examining a workaround outcomes-based model. Journal of Information Systems, 29,2. DOI: 10.2308/isys-50875

Drum, D.M., Pernsteiner, A.J & Revak, A. (2016). Walking a mile in their shoes: user workarounds in a SAP environment. International Journal of Accounting and Information Management, 24 2, 185-204.

Drum, D.M., Pernsteiner, A., & Revak, A. (2017). Workarounds in an SAP environment: impacts on accounting information quality. Journal of Accounting & Organizational Change 13(1) 44-64.   https://doi.org/10.1108/JAOC-05-2015-0040

Elliott, C. (2022). The preclusive and productive power of information systems: psychiatric clinicians, electronic health records, and the making of health information (Dissertation). Syracuse University. https://surface.syr.edu/etd/1551/

Gerson, E.M. & Star, S.L. (1986). Analyzing due process in the workplace. ACM Transactions on Office Information Systems, 4(3), 257-270.

Jylhä, V., Bates, D.W., & Saranto, K. (2016). Adverse events and near misses relating to information management in a hospital. Health Information Management Journal, 45(2) 55–63. https://pubmed.ncbi.nlm.nih.gov/27105482

Laumer, S., Maier, C., & Weitzel, T. (2017). Information quality, user satisfaction, and the manifestation of workarounds: A qualitative and quantitative study of enterprise content management system users. European Journal of Information Systems 26, 333–360.  https://www.tandfonline.com/doi/full/10.1057/s41303-016-0029-7

Pernsteiner, A., Drum, D.M., & Revak, A., (2018). Control or chaos: impact of workarounds on internal control. International Journal of Accounting & Information Management, 26(2),230-244.  https://doi.org/10.1108/IJAIM-12-2016-0116

Stone, M. Aravopoulou, E., Geraint Evans, G., Aldhaen, E., & Parnell, B. (2020). From information mismanagement to misinformation – the dark side of information management. The Bottom Line, 32,1, 47-70. https://www.emerald.com/insight/content/doi/10.1108/BL-09-2018-0043/full/html

Thatcher, A., Vasconcelos, A.C., & Ellis, D. (2014). An investigation into the impact of information behaviour on information failure: The Fukuschima Daiichi nuclear power disaster. International Journal of Information Management, 35, 57-63.           https://www.sciencedirect.com/science/article/abs/pii/S0268401214001017



Icon for the Creative Commons Attribution-NonCommercial 4.0 International License

Workarounds: the benefits and the risks Copyright © 2023 by Martin White is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.

Share This Book