Don’t Become an ERP Horror Story – Implement Solid Risk Management


horror movie

Over the last two decades the road to business process transformation has been cluttered with ERP implementation disasters.  In the last few years, these are some that we’ve analyzed:

What do these examples of recent ERP horror stories teach us?  ERP implementation disasters come in every shape and every size.  They are not specific to a software package, system integrator, industry, geography, or company size.  Each failure has its own story and its own pedigree.

Hundreds of independent studies, both privately and publicly funded, have been conducted to identify the critical success/failure factors associated with ERP implementations.  The standard list of failure factors should hold no surprises:

  • Executive Engagement
  • Solid Business Case
  • Correct Software Package Selection
  • Rigorous Project Management – Give Your ERP Program a Tune-Up
  • End User Participation
  • Business Re-engineering… and many more

There is a broad understanding of the factors which bring about project success or failure, so why are there still so many ERP disasters?  Why don’t the methodologies and project management techniques that have been honed and exhaustively written about over the last 20 years always work?

I believe that the answer to this question can be traced back to the failure in one sliver of the ERP implementation process – Risk Management.  ERP implementation risk management processes are specifically designed to identify potential risks to a program, assess the magnitude of the risk, and prescribe treatment that is appropriate to the specific risk level.  If executed appropriately, these processes should theoretically incorporate the success and failure factors that have been identified.  This leads to the more interesting question… if the ERP implementation risks are already known and there are well established processes to manage risk, then why do the risk management processes fail?

Risk, by definition, is not a problem.  Risk is the anticipation of a future problem.  Risk leads an insidious and elusive existence.  It is present and absent, hard to pinpoint but very important.  If everything goes according to plan, nothing bad happens.  But as the saying goes, without risk there is no reward.  The only way to eliminate risk entirely is to do nothing at all, which by the way, brings its own risks to the business.

I have spent the last few years reading all the research papers I could get my hands on, studying the press as it relates to ERP implementation disasters, and going through all of the ERP implementations I have been involved with, to identify what goes wrong with the risk management process.  From this research, I have concluded that there are five things that repeatedly derail ERP implementation risk management.

  1. Failure to establish the proper context: Risk management processes are often designed around the risks associated with a single domain of risk effects – delivering the project on-time and on-budget.  These risk management processes are designed to ignore the four other domains of risk effects and hence fail to identify and mitigate risks that can later take a project down.
  2. Flawed executive engagement model: If executives are not actively engaged in the risk identification process, an opportunity is lost to develop a common view of success and to synchronize perceptions of risk.  Engaging executives early also enables the project team to develop a more balanced view and take ownership of risk.
  3. Not recognizing and addressing biases in the identification and assessment process: Even in ERP implementations, all of us make decisions that are based upon cognitive biases.  Whether cultural, organizationally driven or experiential, we all have them.  Failure to recognize these biases can lead to an inappropriate assessment regarding the probability of a particular risk event occurring or the potential magnitude of its impact.
  4. Failure to account for risk interrelationships: In an analysis of ERP risks it is not always obvious how risks interrelate.  Understanding how the realization of one risk might increase the probability of another risk is important in assessing the overall impact of a potential risk.
  5. Lack of rigor: Executed properly, risk management practices are embedded into the core decision making, ERP status reporting and deliverable tracking of a program.  Failure to scrupulously incorporate the practice of risk management can lead to risk management simply becoming a program cost overhead.

About the Author

Leave a Comment

*