Risk Assessment

                    Source: http://static6.depositphotos.com/1005990/612/v/950/depositphotos_6125410-Magnifying-Focus-on-IT-Security-Technology-Issues.jpg
              
       Although Microsoft Dynamics ERP offers companies benefits of managing different functions of their businesses through a single database thus facilitating communication between all business functions, implementation of ERP systems in general involves certain risks. As it is mentioned in an article published on InformationWeek.com, “corporate data is an asset that today is often placed outside an organization’s safekeeping… ”(Brittain-White, 2013). The risks and issues involved in implementing Microsoft Dynamics ERP system are:


  • Poor fit leading to losing a lot of money
  • Lack of experience leading to project failure
  • Privacy issues for the company, employees, vendors, and customers
  • Security risks (outdated software, delayed updates, access to the “soft code”)
      One of the biggest risks is that an ERP system may be a poor fit with a company's already existing processes and design; if it does not fit well enough, the company will lose a lot of money. Since IVK is using Microsoft products, their risk to implement it is minimal since it is based mostly on other Microsoft products. Another concern is the lack of experience or skills within a business; when company experts do not understand the system well enough or no one is being hired to control the systems, many issues could arise which will eventually bring to the project failure. Although IVK uses Microsoft products and can easily integrate to the system, they still need expertise in-house so that they can manage effectively, as Barton's team think (Austin, 2009). A lack of proper training is a big risk; if intended users do not know how to use the system, the company does not get the full benefits of the ERP system. IVK definitely needs to hire experts in Microsoft Dynamics GP to provide proper training for employees. As with many software products, ERP systems are also costly to both buy and implement and time-consuming; based on the company's needs, the price differences can result in the risk of underestimating future costs which is very common. This is a major risk to IVK, because IVK's project managers have always forgotten to include certain costs which were increasing IT overhead.
Source: http://www.dreamstime.com/royalty-free-stock-images-big-data-privacy-security-issues-versus-information-technology-image33195009

      Besides the risks mentioned above, companies which use ERP systems in general, face privacy and security issues. As ERP.com mentions, confidential information could cause more than a few headaches if it were not secure. In addition to avoiding headaches, securing private information is also required by law; companies are mandated to protect personal information (e.g. employee names, social security numbers, phone numbers) about its employees from getting into wrong hands. Since the company's HR, accounting and many other functions are linked together, there can be multiple points of access to confidential data thus increasing the risks for identity theft (“Consider Privacy Issues When Choosing Your ERP Software”).
            In addition to the privacy concerns for company employees there are also privacy issues related with the company especially when cloud deployment options are used. Although Microsoft cares deeply about privacy issues, all of the company’s sensitive information on business plans, financial data, forecasting, accounting, budgeting, important communication through company email or intranet, etc. is visible to a third party - Microsoft Dynamics ERP partners. Finally, another party that is facing privacy issues is the company’s vendors; sensitive information about the vendor, product offerings and prices, and other important documentation are all available in the system.
As with all ERP software, Microsoft Dynamics ERP also present certain security issues that companies need to be aware of. According to ERP SoftwareBlog, systems like Microsoft Dynamics ERP the following security risks companies should be concerned about (SoftwareBlog, 2013):
·       Outdated software can lead to crashes and integration issues; this security issue has both technical and behavioral features; outdated software has a potential of being incompatible with new systems, and these are technical issues. However, there is a behavioral aspect, since the technical issues would be avoided if the company representatives updated its software regularly.
·       Another major security issue which has both technical and behavioral features similar to the one described above is related to delayed updates which can lead to software vulnerabilities. According to ERP SoftwareBlog, 66% of companies are not running on the most current version of their ERP system because updating on-premise software is very hard. Although cloud deployment option offers automatic updates, for some companies it is not the best option to use.
·       Technical personnel and providers (e.g. Microsoft Dynamics GP partners) can make changes to program behavior and functions by accessing the “soft coded” system configuration settings, without traditional programming, which is a behavioral security issue.
·       Lack of compliance with security standards is another technical issue; in general, many ERP systems are not compliant.
As it was mentioned above, IVK can face general risks as well as security and privacy problems if they decide to use Microsoft Dynamics ERP system. However, in spite of these risks it is still beneficial for IVK to use Microsoft Dynamics GP; as it was indicated in the value assessment section, the software can help IVK save $27,503,085 yearly (about 23% of current year operating costs), making it worth the risks. Taking into consideration the estimates in the cost analysis section, IVK can minimize its risks by subscribing to the maintenance plan which constitutes about 2% ($574,900) of its IT budget.  Besides, as the report published on McKinsey&Company suggests, if IVK actively searches for likely sources of risk rather than waiting for input (McKinsey&Company, 2014) and has a proper project plan which includes procedures on how to mitigate ERP system implementation risks (e.g. data masking), it will avoid the risks as much as possible thus justifying the use of the system.
References
Austin, R. (2009). The Adventures of an IT Leader. Boston, Massachusetts. Harvard Business Press.
Brittain-White, M. (n.d.). Enterprise Mobility: Cost Vs. Risk - InformationWeek. InformationWeek. Retrieved June 9, 2014, from http://www.informationweek.com/it-leadership/enterprise-mobility-cost-vs-risk/d/d-id/1111928
Consider Privacy Issues When Choosing Your ERP Software. (n.d.). ERP Software Solutions and reviews, Compare best erp products. Retrieved June 9, 2014, from http://www.erp.com/section-layout/3-general/372-consider-privacy-issues-when-choosing-your-erp-software.html
McKinsey&Company (n.d.). . Retrieved June 9, 2014, from
http://www.mckinsey.com/Client_Service/Business_Technology/Case_studies/Delivering_a_public_sector_enterprise_resource_planning_implementation
SoftwareBlog, E. (2013, January 1). . . Retrieved June 9, 2014, from http://community.dynamics.com/gp/b/erpsoftwareblog/archive/2013/10/30/5-erp-security-risks-to-be-aware-of.aspx

No comments:

Post a Comment

Subscribe to: Posts (Atom)