PRATIWI W/3MBIA/4.51.17.0.
22
CHAPTER 7
RISK ANALYSIS
1. Sebut kan critical success factor dr ERP? Jelaskan!
1. Top Management Support for The Project.
1. It can be arranged by measures like periodical explicit approval for next
steps in the implementation, and the corresponding approval for budgets. As
top management support is considered one of the critical success factors in project
management, effective executive involvement can significantly improve project
success
2. The Presence of a So-Called Champion (A Top Management Executive Who
Owns the Project)
2. It takes ownership for it and promotes it, can be realized by the appointment
of a member of the top management team for this role. A project
champion helps to convey the strategic vision and value of the project across the
organization. They help other senior management roles understand how
the successful completion of the project will benefit their department and the
company as a whole.
3. Continuous Communication with All Stakeholders.
3. It can be realized by the design and rigorous execution of a communication
strategy for the ERP implementation. Communicating regularly
with stakeholders and creating a positive understanding can help you build effective
long-term relationships with key groups. A strong relationship brings a range of
benefits. Communicating with customers can put you in a strong position when
customers are making purchasing decisions.
2. Sebut kan risk yg terkait dg ERP! Jelaskan!
- Cost Overruns for Implementation Partner Costs and Software Modifications
- No or only partial realization of projected benefits, due to functional mismatch
between the organization’s processes and the functionality of the ERP system
- No Improvement in Financial Performance
JDSKF• For small companies that were financially unhealthy when they started the ERP
implementation (they may not have enough resources to complete the
implementation successfully)
JDSKF• For large companies that were financially healthy when they started the ERP
implementation (they may not have enough improvement potential)
- Operational Problems in The Go Live Phase
3. Ada brp langkah dlm melakukan risk analisis? Jelaskan masing2!
1. The objective of the first step in the risk analysis, the so-called risk identification, is
the creation of a list of potential events that could negatively influence the attainment
of the objectives of the ERP implementation. This list should at least contain the four
� above-mentioned risks of ERP implementations: implementation cost overruns, limited
benefits realization, no financial improvement and operational problems during go live.
The list should be supplemented with other project- or company-specific potential
events.
4.
2. The second step in a risk analysis, the risk assessment, aims to determine to which
extent each of the identified risks is a threat for the attainment of the objectives of the
ERP implementation. The extent to which the risk is a threat is called the severity of
the risk. For each identified risk, the impact it would have on the costs and benefits
during the ERP life cycle has to be estimated, as well as the probability that the event
will actually occur. The impact is preferably measured in financial terms, while the
probability is a number between zero and one.
5. In a formula this becomes:
6. (7.1) Severity uncontrolled = Probability uncontrolled × Impact uncontrolled
7.
3. The third and last step in the risk analysis consists of the design of control
measures, or briefly controls. The objective of a control is the reduction of the severity
of a risk. A control for a risk reduces the probability that an event occurs, the impact
that the event has when it occurs, or both. It is easy to see in the formula that with
lower probability or impact the severity also becomes lower. Controls generally come
at a cost, which means that their side effect is decreased benefits of the ERP
implementation or increased costs. For a controlled risk the following formula can be
used:
8. (7.2) Severity controlled = Probability controlled × Impact controlled + Cost
control
9.
10. A control is economically worthwhile when:
11. (7.3) Severity controlled < Severity uncontrolled
�PRATIWI W/3MBIA/4.51.17.0.22
4. Ada brp level utk control? Jelaskan masing"!
Four classes of controls can be distinguished: evasion, reduction, transfer, and
acceptance
1. The Evasion
It means not carrying out the activities that enable the risk to occur. An example could be
a company that plans to implement the Available to Promise (ATP) method for production
planning in ten factories. One of the identified risks of the implementation is the required
skill level of the planners: a successful implementation of ATP in a factory requires a
planner with skills at university graduate level. In the smallest three of the factories, no
such planners are available. As the expected benefits of ATP in these factories are small,
they do not outweigh the costs of hiring extra planners. The company decides not to
implement ATP in the three smallest factories. This control measure avoids the risk: it
reduces the probability of the risk to zero.
2. Risk Reduction.
A well-known risk in ERP implementations is operational problems during the go live. In a
manufacturing company, this could lead to production interruptions, which in turn could
interrupt order delivery to customers. A control measure that reduces the probability of
this risk to occur is an additional investment in user training before the go live; a control
measure that reduces the impact is building extra safety stock just before the go live.
Both controls have associated costs: more training means more time of the planners and
costs for the trainers, and safety stocks means more working capital.
3. Transfer
When a risk is transferred, a third party partially or fully takes the risk. The best-known
example of risk transfer is insurance. In an ERP implementation the contracting of an ERP
implementation partner on a fixed price basis is a control measure for the risk of cost
overrun. The cost of this control measure is the risk margin that the implementation
partner will add on top of the hourly rates that would be applicable for a time material
contract.
4. Acceptance
Simply taking the risk. In this case both the probability and the impact of the risk remain
unchanged. It is clear that this is a suitable control only if the severity of the risk is low or
the control measures are extremely expensive.
�5. Bgm pendekatan yg hrs dilakukan dlm melaksanakan risk analysis?jelaskan!
The two main approaches to risk analysis are qualitative and quantitative.
Qualitative risk analysis typically means assessing the likelihood that a risk will occur
based on subjective qualities and the impact it could have on an organization using
predefined ranking scales. The impact of risks is often categorized into three levels: low,
medium or high. The probability that a risk will occur can also be expressed the same way
or categorized as the likelihood it will occur, ranging from 0% to 100%.
Quantitative risk analysis, on the other hand, attempts to assign a specific financial
amount to adverse events, representing the potential cost to an organization if that event
actually occurs, as well as the likelihood that the event will occur in a given year. In other
words, if the anticipated cost of a significant cyberattack is $10 million and the likelihood
of the attack occurring during the current year is 10%, the cost of that risk would be $1
million for the current year.
