User resistance to the access review component of sailpoint identityiq by managers: a South African bank case study

Journal Title
Journal ISSN
Volume Title
The purpose of this study was to examine and explain why bank managers resist using the access review component of SailPoint IdentityIQ and explain the factors that influence bank managers to resist the access review component of SailPoint IdentityIQ. Moreover, the study also explained the managers’ resistance behaviour. The study adopted an interpretive paradigm and followed an inductive approach. Withing the broader scope of interpretive paradigm, the study adopted an explanatory research design. The case study strategy was employed by the study. Furthermore, the study employed a qualitative research method because its aim was not to generalise the research findings. The time horizon for the study was cross-sectional, and the sources of the data for the study was the primary data source. This study's primary data collection method was interviews. Thematic analysis process was followed to analyse the data collected for the study. The case study site was one of the South African banks, referred to in this study as ABC Bank. The research findings suggest that some bank managers at ABC bank do not perform access reviews mainly when their initial condition(s) and object(s) of resistance interact, they perceive something that leads them to behave in a resistant manner. Their perceptions are mostly on 1) whether they think they are doing something wrong, 2) ease of use, 3) consequences, 4) and value. These perceptions are developed by managers due to various factors such as fear of error, lack of perceived ease of use, lack of perceived consequences, and lack of perceived value. The study contributed theoretically by following a different research methodology to explain user resistance in a different setting from that used previously in Lapointe and Rivard (2005) and Selander and Henfridsson (2012). The study followed a crosssectional time horizon instead of a longitudinal time horizon, and it did so in a certain bank in South African. The study also tested the applicability of the Lapointe & Rivard (2005) framework in a South African bank following a qualitative methodology and cross-sectional time horizon. The study modified the Lapointe & Rivard (2005) framework to follow a qualitative methodology and cross-sectional time horizon to help answer the primary research question. The adaption of the framework proved to be helpful for the study. The study also contributed to the user resistance, identity governance and administration body of knowledge in the information systems research because there is limited academic literature on subjects relating to the enterprise identity governance and administration systems. Practically, the study contributes by providing some explanation on why some managers resist using the access review component of SailPoint IdentityIQ. The study also contributes by providing factors that influence managers not to perform access reviews on SailPoint IIQ. However, the author advises practitioners to generalise the findings of this study with caution. Moreover, the description reveals to practitioners that user resistance must be managed carefully by understanding the context as there is no 'silver bullet' strategy to mitigate user resistance.
A dissertation submitted in fulfilment of the requirements for the degree of Master of Commerce to the Faculty of Commerce, Law and Management, University of the Witwatersrand, Johannesburg, 2022
South African Bank, Bank managers, SailPoint IdentityIQ