This article addresses attitudes toward the use of functional versus prescriptive risk regulations. The context for the study is the use of functional internal control regulations for information and communication technology (ICT) safety and security in network companies within the Norwegian electric power supply sector. The rapid development in ICT has made traditional methods of command and control (prescriptive) regulation by government less adequate in coping with modern risks, and the introduction of internal control has been an attempt to develop new approaches and means to cope with new challenges of misfits between technology and regulation (Hoyden, 1998). The article concludes that the degree of complexity, uncertainty and uncontrollability of a specific risk problem experienced by different actors, can explain varying attitudes toward the use of functional regulations for controlling risks.

• 出版日期2015-8