Risk assessment in ERP projects Davide Aloini n , Riccardo Dulmin, Valeria Mininno Department of Energy and System Engineering, University of Pisa, Largo Lucio Lazzarino 1, 56126 Pisa, Italy article info Article history: Received 16 August 2009 Received in revised form 14 May 2011 Accepted 1 October 2011 Available online 15 October 2011 Keywords: ERP Risk factors inter-dependence Risk Assessment Interpretive Structural Modeling (ISM) abstract Conducting Risk Management of Enterprise Resource Planning (ERP) projects is an ambitious task. ERP projects are complex undertakings for business enterprises, as the associated risk factors include myriad technological, managerial, psychological and sociological aspects. Moreover, such factors are often tightly interconnected and can have indirect effects on projects. Such features make Risk Management more difficult, uncertain and important than in traditional projects, especially in the Assessment stage. The aim of this paper is to propose an innovative technique to support Risk Analysis in order to provide a better, more structured and systematic understanding of the major relations amongst various risk factors, on the one hand, and between risk factors and the specific effects associated with ERP projects, on the other. A real case study regarding a multinational company and involving a panel of experts and practitioners is presented to illustrate application of the method. & 2011 Elsevier Ltd. All rights reserved. 1. Introduction An Enterprise Resource Planning system is a suite of integrated software applications used to manage transac- tions through company-wide business processes, by using a common database, standard procedures and data sharing between and within functional areas. However, installing an enterprise system is not merely a computer project, but an expensive and risky investment, which impacts on a firm’s primary and support processes, its organizational structure and procedures, the existing legacy systems, and the personnel’s roles and tasks [41]. Many of the asso- ciated costs are hidden, its benefits intangible, and its effects wide-ranging, cross-functional (difficult to isolate) and ‘‘long-term’’ on resources and competences. According to the estimation of the Standish Group Inter- national (SGI), 90% of SAP R/3 ERP projects run late [32], while another SGI study of 7400 Information Technology (IT) projects revealed that 34% were late or over budget, 31% were abandoned, scaled back or modified, and only 24% were completed on time and on budget [12]. One explanation advanced for the high ERP project failure rate is that managers do not take prudent measures to assess and manage the risks involved in these projects [20, 39]. Therefore, the organizational consequences and risks involved with ERP projects make it all the more important that firms focus on ways to maximize the chances for successful adoption of ERP. Several studies of ERP imple- mentations, combined with findings from earlier work on reengineering and change management, point to some of the areas where critical impediments to success are likely to occur [43]: human resources and capabilities manage- ment, cross-functional coordination, ERP software config- uration and features, change management, organizational leadership [10], systems development and project manage- ment. With reference to the last factor, brand-spanking new combinations of hardware and software, as well as the wide range of organizational, human and political issues, make ERP projects inherently complex and the lack of skills and proven approaches to project management and Risk Management (RM) represents a critical risk factor [29]. Contents lists available at SciVerse ScienceDirect journal homepage: www.elsevier.com/locate/infosys Information Systems 0306-4379/$ - see front matter & 2011 Elsevier Ltd. All rights reserved. doi:10.1016/j.is.2011.10.001 n Corresponding author. Tel.: þ39 050 2217347; fax: þ39 050 2217333. E-mail addresses: davide.aloini@dsea.unipi.it (D. Aloini), riccardo.dulmin@dsea.unipi.it (R. Dulmin), valeria.mininno@dsea.unipi.it (V. Mininno). Information Systems 37 (2012) 183–199