AI disappoints us daily, yet we keep paying for it. Expectation-confirmation theory explains the trap.
Comps & Reflections
Personal reflections, comps preparation notes, PhD life, and field-level observations on the practice of IS research.
The artifact is only the vehicle. The contribution is what we learn from building and evaluating it.
Open banking APIs are boundary resources, RegTech is institutional isomorphism, and DeFi is disintermediation. Finance journals borrow IS theory quietly.
IS research is built on fragile survey designs, PLS-SEM misuse, and TAM studies that rarely replicate. It is time we said this out loud.
Security spending hits $213 billion in 2025. Breach costs hit $4.88 million on average. Both numbers go up together, and that should bother us more than it does...
Organizations buy expensive analytics platforms and learn nothing. The theory of absorptive capacity explains why prior knowledge, not capital, determines wheth...
Agency theory explains IT outsourcing and governance through principals, agents, and monitoring. AI rewrites the problem in a way the original framework did not...
The platform that controls the agent communication protocol will control the Internet of Agents, just as Google owned search and Apple owned mobile.
Rogers showed that innovation adoption follows an S-curve. Enterprise AI is not stalling. It is exactly where diffusion theory predicts.
Rogers, Granovetter, and Burt explain why the department with the AI champion adopts faster while the department across the building with the same budget does n...
TOE from Tornatzky and Fleischer explains why most AI investments fail while a few transform organizations: the three contexts must align.
Organizations use AI to optimize existing processes while calling it transformation. March (1991) would call this pure exploitation, and the exploration gap is ...
Thirty percent acceptance is adoption, not effective use. Burton-Jones and Grange defined effective use as faithful domain representation, not output.
AI outperforms radiologists at detection but hospitals do not adopt it. Identity theory explains why. The tools that succeed will verify professional identity, ...
AI models predict patterns in observed data but never access the generative mechanisms that produce them. Critical realism tells us why that ceiling is not a te...
Gartner says two-person AI-augmented teams will deliver what twenty-person teams do today. Baird and Maruping predicted this years ago. The real question is not...
Network effects theory explains why AI markets concentrate around a few providers and why the data flywheel makes it nearly impossible for new entrants to catch...
Social cognitive theory predicts that AI adoption clusters not by access but by observation: people adopt when they see peers succeed with AI, and the gap betwe...
Star and Griesemer defined boundary objects in 1989. AI output fits the definition perfectly. And that is why every governance policy that treats it as a single...
The EU has comprehensive legislation. The US has executive orders. China has sector-specific rules. The UK has no AI-specific law. Organizations operating globa...
When 80% of unauthorized AI use is internal policy violations, AI security platforms are governance products, not security products.
Access to AI tools is not the barrier. The belief that you can use them effectively is what separates who gains and who falls behind.
Goodhue and Thompson said performance follows fit, not features. AI is a family of tools, and the wrong one for the task will fail the same way every time.
The New York Times lawsuit against OpenAI is the Knowledge-Based View of the firm becoming visible in court and in every training data licensing negotiation.
Transaction cost economics predicts that when AI cuts coordination costs, organizations should restructure. But they are not. What gives?
AI trust repair is not about rebuilding a relationship. It is about recalibration. The IS trust literature has been explaining this for two decades.
When an algorithm screens job applicants or recommends bail conditions, it is not neutral infrastructure. It is policy, running at scale, with no judgment calls...
Ocasio's attention-based view says firm behavior follows what executives notice, not what they intend. Attention is the scarcest organizational resource.
Star and Griesemer's boundary objects are plastic enough to serve local needs but robust enough to hold shared identity. That is why the spreadsheet survives.
Most organizations have dashboards showing last month's numbers and call it data-driven. That is BI. An analytics culture is something different, and harder.
CDSS tools fire alerts, suggest diagnoses, flag drug interactions. But when the algorithm is wrong and the doctor follows it anyway, who is responsible for the ...
I had read Orlikowski and Iacono before. Three hours on one page taught me what I had missed about the five views of the IT artifact.
Each reread of the same foundational IS papers reveals something new: the claim, then the evidence, then the limits, then the connections across decades.
Studying institutional theory for comps changed how I read the news. Every AI-first press release is mimetic isomorphism. I cannot unsee it.
The further I get into comps, the more I see Markus and Robey's three causal stances in every paper. It is not just one paper anymore. It is the lens.
My comps notes are a wreck of sticky notes, marginalia, and inconsistent filenames. The mess is not a sign of failure. It is how real understanding happens.
I answered a practice comps question about coercive isomorphism completely wrong. That mistake reshaped how I study for exams.
I confused structuration theory's three modalities with institutional theory's three pillars for months. A study partner caught it, and getting corrected was th...
One page of sticky notes became a wall of connected IS theories. RBV, dynamic capabilities, structuration, affordances, institutional theory: the connections be...
Reading Sarker et al. (2019) for the third time during comps prep, the 56% stat finally hit me: more than half of IS papers do not theorize technology at all.
Hardware-level encryption during processing changes the risk side of the privacy calculus. IS privacy models were built for a world that no longer exists.
A routine config update grounded airlines and froze hospitals. The risk was not the update but the architecture that pushed it everywhere at once.
Dashboards fail when they are built for reporting instead of decision-making. DeLone and McLean show why, and Torres and Sidorova show what to do about it.
Subsidized broadband matters. But the gap between having internet and using it to improve your life is wider than the access frame admits.
Compliance asks 'are we allowed to do this?' Ethics asks 'should we do this?' In most organizations, the first question is answered and the second is never aske...
Most people have dozens of digital identities that don't talk to each other. The vision of user-controlled identity has been under development for years and rem...
Every default in a digital system is a design choice with behavioral consequences. IS designers are choice architects whether they admit it or not.
Digital provenance (BOMs, attestation databases, watermarking) gives users verifiable information about system origin and integrity. It is the first trust calib...
Where data is stored and processed has become a geopolitical question, not just a technical one. GDPR, Schrems II, and chip export controls explain why.
Ninety percent login rates tell you almost nothing about whether a system is doing its job. Burton-Jones and Grange showed why measuring adoption instead of eff...
The EU AI Act is now in force. If you build or deploy AI that touches EU users, you are in a regulated space whether or not you planned for it.
The EU AI Act's high-risk requirements hit in August 2026. Organizations with EU operations using AI in hiring, credit, or healthcare are not ready.
Stripe and Chime built modern financial infrastructure from scratch while banks ran on mainframes from the 1970s. The gap is real, but the narrative oversimplif...
Cohen, March and Olsen showed that in real organizations, solutions arrive before problems. The AI strategy wave is the clearest recent example.
Geopatriation is not a cloud architecture decision. It is an institutional choice about which logic dominates.
Uber sets the prices, assigns the work, and deactivates accounts. Calling that 'independent contracting' is a governance choice, not a neutral fact.
The Great Resignation hit the IS workforce hard. Organizations discovered how much institutional knowledge had been quietly sitting in people who had just left.
The US has spent billions on EHRs since 2009. Patient records still don't move between systems. Fax machines still work. Here's why.
Healthcare has led IBM's breach cost rankings for 14 consecutive years. The reasons have nothing to do with careless hospitals and everything to do with structu...
Institutional theory explains why organizations conform. Institutional entrepreneurship explains who breaks that conformity and rewrites the rules everyone else...
IS sits between technology and management, and that positioning opens more paths than most people realize, including some that didn't exist five years ago.
Both paths study organizations and technology. The differences in how they do it, and what you give up, are rarely described honestly.
Most IS theory was built in high-income countries with reliable infrastructure. When you apply those assumptions in LMICs, many of them fall apart immediately.
Academic publishing in IS is slow, opaque, and high-stakes. Understanding the game is as important as doing good research.
Going through an IS PhD program has been genuinely valuable. It has also revealed some consistent gaps between what the curriculum covers and what doing IS rese...
Organizations outsource IT, run into problems, bring it back in-house, then outsource again. The cycle is predictable. The reasons it repeats are not mysterious...
Most organizations have more IT projects in flight than they can deliver. Portfolio management theory says say no. Organizational politics make saying no nearly...
Nonaka's SECI model explains why most knowledge management systems only solve half the problem, and the easy half at that.
LLMs are different from earlier automation. The right question is not which jobs will disappear but which tasks inside each job will change, and what that leave...
Hundreds of millions of people have downloaded mental health apps. The clinical evidence is mixed, the privacy practices are questionable, and the regulation ba...
Platform ranking algorithms are not neutral pipes. When they optimize for engagement, outrage and false information spread faster. That is a design outcome, not...
Open-weight AI is digital commons at global scale. The question is not open versus closed but governance design, and Ostrom's principles tell us where to start.
Predicting attacks is useless if nobody acts on the warning. PMT explains why organizations stall on preemptive security.
COVID-19 forced the largest unplanned IS deployment in history. What it revealed about organizations was not what most people expected.
Most IS papers are improvements dressed as inventions. Sun et al. say you need novelty, rigor, and relevance, not two out of three.
Ferneley and Sobreperez's workaround types explain why employees bypass official AI tools. Shadow AI is task-technology fit failure, not compliance failure.
Social capital theory says the network around a system determines whether the system works. IS treats this network as a constant. It is not.
COVID-19 didn't break supply chains. It revealed how much fragility had been building for decades. The digital response is real, but the problems aren't primari...
Zuboff's argument is not just that companies collect too much data. It is that behavioral data has become raw material for a specific economic logic aimed at pr...
Synthetic data offers a way to train AI on sensitive domains without exposing real people's records. The privacy tradeoff is real but often misunderstood.
Goodhue and Thompson showed that performance depends on fit between task and technology, not on whether the tool is good in the abstract.
Enterprise knowledge systems capture what can be written down and miss everything else. Argyris, Nonaka, and Cohen tell us why.
COVID forced telehealth adoption overnight. The waivers, the reimbursement, the video calls. Now the question is which parts of that experiment actually held.
56% of IS papers study the social side without theorizing technology at all. The field's identity crisis is not rhetorical. The numbers show it is real.
Rogers showed that the S-curve is a social process with five failure points built in. Most product teams read it as a timeline and miss the diagnostic entirely.
The TOE framework explains why identical technology adoption fails in one organization and succeeds in another: context is not background, it is the whole story...
Gartner projects one million vulnerabilities annually by 2030. Patching cannot scale. The only move is to reconfigure how the firm approaches software risk.
Technically correct IS papers fail all the time. The difference between a paper that passes review and one that advances the field is harder to name than it sou...
The Standish Group has tracked IT project outcomes for decades. The numbers have barely moved. This is a structural problem, not a competence problem.
Ferneley and Sobreperez argued workarounds are not user failure but evidence of system-task misfit. The workaround is the real requirements document.
When AI generates unverified data at scale, the assumption that data is trustworthy by default becomes the most dangerous assumption in your architecture.