Risk management in ERP projects: reconciling rigor and flexibility Suzanne Rivard Holder of the Chair in Strategic Management of Information Technology HEC Montréal Nottingham University School of Business April 19 th 2005

Rivard - Nottingham University Business School – April 19 th 2005 Outline Foreword – the practice of relevance The Hydro-Quebec Distribution (HQD) project Definitions A two-tier risk management approach Reconciling rigor and flexibilility

Rivard - Nottingham University Business School – April 19 th 2005 Foreword - the practice of relevance The topic: enduring or current organizational problems The implications: have to be implementable 1 The results: have to be implemented 2 We shall use the term implementation to refer to the manner in which the manager may come to use the results of scientific effort 2 1 Benbasat, I., Zmud, R.W., « Empirical Research in Information Systems: The Practice of Relevance, » MIS Quarterly, March Churchman, C.W., Schainblatt, A.H., «The Researcher and the Manager: A Dialectic of Implementation,» Management Science, Vol.11, No.4, February 1965.

Rivard - Nottingham University Business School – April 19 th 2005 The HQD project - objectives Transforming HQD sales and customer service processes Replacing 200 legacy applications with an enterprise system

Rivard - Nottingham University Business School – April 19 th 2005 The HQD project - size 370 M $CDN Approximately 250 team members Four years Sixteen « work packages » 3600 employes 3 Million customers

Rivard - Nottingham University Business School – April 19 th 2005 Project director HQD Board of directors Board of directors Auditing committee President HQ-Distribution Project Steering committee Tactical committee Vice-president Sales & customer services Mgnt committee S&CS Auditor Risk mgnt advisor Capgemini Reporting twice a year Every 6-8 weeks. Every other week Monthly report Leader IT Director IT The HQD project - structure Leader Training Leader Development Leader Project office Leader Change management Monthly report

Rivard - Nottingham University Business School – April 19 th 2005 Definitions: Risk Exposure Where: UR i : Undesirable results i P(UR i ): Probability associated with UR i L(UR i ): Loss associated with UR i Barki, Rivard, Talbot, 1993, 2001; Bernard, Rivard, Aubert, 2003

Rivard - Nottingham University Business School – April 19 th 2005 Definitions: Risk Management Probability of UR Loss due to occurrence of UR : Budget overrun 2: Not respecting schedule 3: Poor technical quality 4: Poor process/systemquality 5: User dissatisfaction with process or system 6: Unser dissatisfaction with project 7: Not obtaining benefits 8: Inability to institutionalize change 8 1

Rivard - Nottingham University Business School – April 19 th 2005 UR 1 UR 2 UR 3 F1 F2 F3 F4 F5 F6 X1X1 X2X2 X3X3 The issue of estimating probabilities

Rivard - Nottingham University Business School – April 19 th 2005 Second tier - work package risk exposure : short term horizon (4 months); UR particular to a work package ; risk factors have to be identified Top tier - project risk exposure 1 : «long term horizon»; ultimate and generic UR; generic risk factors A two-tier method for software project risk management 1 Barki, H., Rivard, S., Talbot, J., « An Integrative Contingency Model of Software Project Risk Management», JMIS, vol. 17, no 4, 2001 p Barki, H., Rivard, S., Talbot, J., « Toward an Assessment of Software Development Risk», JMIS, vol. 10, no 2, 1993 p Bernard, J.G., Rivard, S., Aubert, B.A., « Mesure du risque de ERP, » SIM, vol.9, no.2, pp.25-50, 2004.

Rivard - Nottingham University Business School – April 19 th 2005 Undesirable results Risk factors ~Budget~Schedule~Technical quality ~Process - system quality ~User satisfaction /product ~User satisfaction /project Technological newness XXX Project sizeXX Lack of internal expertise XXXXXX Technological complexity XX Process complexityXXXX Organisational environment XXXX Software qualityXXXXX Process/software fit XXX Software vendor quality XX Lack of expertise integrator XXXXXX Lack of cultural fit with integrator XX Bernard, J.G., Rivard, S., Aubert, B.A., « Mesure du risque de ERP, » Systèmes dinformation et management, 2004

Rivard - Nottingham University Business School – April 19 th 2005 May 2003 May 2004 Likelihood 1.~Budget 2.~Schedule 3.~Technical adequacy 4.~Functional adequacy 5.~User satisfaction with system 6.~User satisfaction with project 7.~Tangible benefits 8.~Harmonious implementation of change Tier 1 - Risk map

Rivard - Nottingham University Business School – April 19 th 2005 Tier 1 – risk mitigation ledger

Rivard - Nottingham University Business School – April 19 th 2005 TIER 1 TIER 2

Rivard - Nottingham University Business School – April 19 th 2005 January 2003 April 2003 Tier 2 – Risk map

Rivard - Nottingham University Business School – April 19 th 2005 Reconciling rigor and flexibility The risk management process « in vivo » Prior to a new work package (tier 1) Update risk assessment of global project Update risk mitigation mechanisms in ledger Validation by management committee Report to steering committee At mid-work package (tier 1) Update risk mitigation ledger Every other week (tier 2) Update risk assessment of work package Update risk mitigation ledger Report during management committee meeting The project management office Every other week, report on budget, schedule, output

Rivard - Nottingham University Business School – April 19 th 2005 Reconciling rigor and flexibility « Laisser-aller » Project leaders adopting the behavior of the « grizzly man » of Northern Rodhesia ore mines 1 Courtenay, B., The Power of One, Mandarin, « Rigidity » « Absurd decisions » 2 Morel, C. Les décisions absurdes. Éditions Gallimard, Paris, Rigorous method, flexible use

Rivard - Nottingham University Business School – April 19 th 2005 Researching the reconciliation issue A process analysis of the pendulum movement ? Ethical issue : the external expert and the researcher