PRATIWI W/3MBIA/4.51.17.0.

22

CHAPTER 7
RISK ANALYSIS
1. Sebut kan critical success factor dr ERP? Jelaskan!

1. Top Management Support for The Project.

1. It can be arranged by measures like periodical explicit approval for next steps in the implementation,
and the corresponding approval for budgets. As top management support is considered one of the critical
success factors in project management, effective executive involvement can significantly improve project
success
2. The Presence of a So-Called Champion (A Top Management Executive Who Owns the Project)
2. It takes ownership for it and promotes it, can be realized by the appointment of a member of the top
management team for this role. A project champion helps to convey the strategic vision and value of
the project across the organization. They help other senior management roles understand how
the successful completion of the project will benefit their department and the company as a whole.
3. Continuous Communication with All Stakeholders.
3. It can be realized by the design and rigorous execution of a communication strategy for the ERP
implementation. Communicating regularly with stakeholders and creating a positive understanding can help
you build effective long-term relationships with key groups. A strong relationship brings a range of
benefits. Communicating with customers can put you in a strong position when customers are making
purchasing decisions.

2. Sebut kan risk yg terkait dg ERP! Jelaskan!

- Cost Overruns for Implementation Partner Costs and Software Modifications

- No or only partial realization of projected benefits, due to functional mismatch between the organization’s
processes and the functionality of the ERP system
- No Improvement in Financial Performance

JDSKF• For small companies that were financially unhealthy when they started the ERP implementation (they
may not have enough resources to complete the implementation successfully)

JDSKF• For large companies that were financially healthy when they started the ERP implementation (they may
not have enough improvement potential)

- Operational Problems in The Go Live Phase

3. Ada brp langkah dlm melakukan risk analisis? Jelaskan masing2!

1. The objective of the first step in the risk analysis, the so-called risk identification, is the creation of a list of
potential events that could negatively influence the attainment of the objectives of the ERP implementation.
This list should at least contain the four above-mentioned risks of ERP implementations: implementation cost
overruns, limited benefits realization, no financial improvement and operational problems during go live. The
list should be supplemented with other project- or company-specific potential events.
4.
2. The second step in a risk analysis, the risk assessment, aims to determine to which extent each of the
identified risks is a threat for the attainment of the objectives of the ERP implementation. The extent to which
the risk is a threat is called the severity of the risk. For each identified risk, the impact it would have on the
 costs and benefits during the ERP life cycle has to be estimated, as well as the probability that the event will
actually occur. The impact is preferably measured in financial terms, while the probability is a number
between zero and one.
5. In a formula this becomes:
6. (7.1) Severity uncontrolled = Probability uncontrolled × Impact uncontrolled
7.
3. The third and last step in the risk analysis consists of the design of control measures, or briefly controls.
The objective of a control is the reduction of the severity of a risk. A control for a risk reduces the probability
that an event occurs, the impact that the event has when it occurs, or both. It is easy to see in the formula that
with lower probability or impact the severity also becomes lower. Controls generally come at a cost, which
means that their side effect is decreased benefits of the ERP implementation or increased costs. For a
controlled risk the following formula can be used:
8. (7.2) Severity controlled = Probability controlled × Impact controlled + Cost control
9.
10. A control is economically worthwhile when:
11. (7.3) Severity controlled < Severity uncontrolled
PRATIWI W/3MBIA/4.51.17.0.22

4. Ada brp level utk control? Jelaskan masing"!

Four classes of controls can be distinguished: evasion, reduction, transfer, and acceptance

1. The Evasion

It means not carrying out the activities that enable the risk to occur. An example could be a company that plans to
implement the Available to Promise (ATP) method for production planning in ten factories. One of the identified
risks of the implementation is the required skill level of the planners: a successful implementation of ATP in a
factory requires a planner with skills at university graduate level. In the smallest three of the factories, no such
planners are available. As the expected benefits of ATP in these factories are small, they do not outweigh the
costs of hiring extra planners. The company decides not to implement ATP in the three smallest factories. This
control measure avoids the risk: it reduces the probability of the risk to zero.

2. Risk Reduction.

A well-known risk in ERP implementations is operational problems during the go live. In a manufacturing
company, this could lead to production interruptions, which in turn could interrupt order delivery to customers. A
control measure that reduces the probability of this risk to occur is an additional investment in user training
before the go live; a control measure that reduces the impact is building extra safety stock just before the go live.
Both controls have associated costs: more training means more time of the planners and costs for the trainers, and
safety stocks means more working capital.

3. Transfer

When a risk is transferred, a third party partially or fully takes the risk. The best-known example of risk transfer
is insurance. In an ERP implementation the contracting of an ERP implementation partner on a fixed price basis
is a control measure for the risk of cost overrun. The cost of this control measure is the risk margin that the
implementation partner will add on top of the hourly rates that would be applicable for a time material contract.

4. Acceptance

Simply taking the risk. In this case both the probability and the impact of the risk remain unchanged. It is clear
that this is a suitable control only if the severity of the risk is low or the control measures are extremely
expensive.
5. Bgm pendekatan yg hrs dilakukan dlm melaksanakan risk analysis?jelaskan!

The two main approaches to risk analysis are qualitative and quantitative.

Qualitative risk analysis typically means assessing the likelihood that a risk will occur based on subjective
qualities and the impact it could have on an organization using predefined ranking scales. The impact of risks is
often categorized into three levels: low, medium or high. The probability that a risk will occur can also be
expressed the same way or categorized as the likelihood it will occur, ranging from 0% to 100%.

Quantitative risk analysis, on the other hand, attempts to assign a specific financial amount to adverse events,
representing the potential cost to an organization if that event actually occurs, as well as the likelihood that the
event will occur in a given year. In other words, if the anticipated cost of a significant cyberattack is $10 million
and the likelihood of the attack occurring during the current year is 10%, the cost of that risk would be $1 million
for the current year.