Conducting Risk Management of Enterprise Resource Planning (ERP) projects is an ambitious task. ERP projects are complex undertakings for business enterprises, as the associated risk factors include myriad technological, managerial, psychological and sociological aspects. Moreover, such factors are often tightly interconnected and can have indirect effects on projects. Such features make Risk Management more difficult, uncertain and important than in traditional projects, especially in the Assessment stage.
The aim of this paper is to propose an innovative technique to support Risk Analysis in order to provide a better, more structured and systematic understanding of the major relations amongst various risk factors, on the one hand, and between risk factors and the specific effects associated with ERP projects, on the other. A real case study regarding a multinational company and involving a panel of experts and practitioners is presented to illustrate application of the method.
An Enterprise Resource Planning system is a suite of integrated software applications used to manage transactions through company-wide business processes, by using a common database, standard procedures and data sharing between and within functional areas. However, installing an enterprise system is not merely a computer project, but an expensive and risky investment, which impacts on a firm's primary and support processes, its organizational structure and procedures, the existing legacy systems, and the personnel's roles and tasks [41]. Many of the associated costs are hidden, its benefits intangible, and its effects wide-ranging, cross-functional (difficult to isolate) and “long-term” on resources and competences.
According to the estimation of the Standish Group International (SGI), 90% of SAP R/3 ERP projects run late [32], while another SGI study of 7400 Information Technology (IT) projects revealed that 34% were late or over budget, 31% were abandoned, scaled back or modified, and only 24% were completed on time and on budget [12]. One explanation advanced for the high ERP project failure rate is that managers do not take prudent measures to assess and manage the risks involved in these projects [20] and [39].
Therefore, the organizational consequences and risks involved with ERP projects make it all the more important that firms focus on ways to maximize the chances for successful adoption of ERP. Several studies of ERP implementations, combined with findings from earlier work on reengineering and change management, point to some of the areas where critical impediments to success are likely to occur [43]: human resources and capabilities management, cross-functional coordination, ERP software configuration and features, change management, organizational leadership [10], systems development and project management. With reference to the last factor, brand-spanking new combinations of hardware and software, as well as the wide range of organizational, human and political issues, make ERP projects inherently complex and the lack of skills and proven approaches to project management and Risk Management (RM) represents a critical risk factor [29].
This paper seeks to respond to the need to understand and model the interrelationships among project risk factors—a need typical of all Risk Management processes and particularly relevant with regard to complex projects such as ERP system introduction. To date, the research on such issues is quite meager. This lack has prompted the authors to develop, propose and apply a suitable methodology in order to represent the structural relationships amongst the risk factors involved in both the Risk Evaluation and Risk Treatment stages of RM.
The contribution of this work is to adapt and apply the Interpretive Structural Modeling technique to Risk Analysis in order to provide a more structured, systematic understanding of the major relationships among risk factors within ERP projects. This can guide managers during risk quantification and mitigation.
ISM provides managers with a support technique to help them identify, understand and model risk factor relationships, identify the most critical areas in need of attention and, if necessary, derive quantitative indicators of “risk dependency” to include in the risk evaluation algorithm.
The main findings appear to satisfy all the requirements set forth in the research objectives. The value and usefulness of the suggested ISM application in a typical Risk Analysis process can be expressed in terms of:
•
Risk Knowledge elicitation and structuring:
ISM forces users to systematically analyze every potential link among the identified risk factors, thereby avoiding their forgetting, neglecting or underestimating even the most uncommon or unusual ones. The technique also enables a highly valuable inter-functional, collaborative approach to Risk Analysis, which accounts for subjective judgments in a more structured format. Indeed, the Risk Analysis approach requires the involvement of different actors to identify and assess risks and develop management strategies: combining ISM and the DELPHI approach effectively supports this process In short, the ISM process helps transform unclear, poorly articulated mental models of systems into visible, well-defined models [30]. The out-coming knowledge is compiled in a well-structured format, which is suitable for inclusion in an RM database and then used to generate a Risk Assessment Report (an informative description of the nature and level of project risks, which becomes the functional input to the Risk Treatment stage).