Risk Assessment Is Not Optional#
ERP implementations carry significant risk. A structured approach to risk assessment does not eliminate risk, but it makes risk visible and manageable. This framework provides a systematic approach to identifying, assessing, and mitigating ERP implementation risks.
The Risk Categories#
1. Organisational Risk#
Executive sponsorship: Is there sustained C-level commitment?
Change readiness: Has the organisation successfully implemented major changes before?
Resource availability: Can the organisation commit adequate internal resources?
Stakeholder alignment: Do key stakeholders agree on objectives and priorities?
2. Technical Risk#
Integration complexity: How many systems must integrate with ERP?
Data quality: What is the quality of data in legacy systems?
Customisation requirements: How much non-standard functionality is required?
Technical capability: Does internal IT have relevant ERP experience?
3. Vendor Risk#
Implementation partner: Does the partner have relevant experience and available resources?
Vendor stability: Is the ERP vendor financially stable and committed to the product?
Local support: Is adequate support available in your region?
Contract terms: Do contract terms protect your interests?
4. Project Risk#
Scope clarity: Is scope clearly defined and agreed?
Timeline realism: Is the timeline achievable given resources and complexity?
Budget adequacy: Is budget adequate including contingency?
Governance: Is there effective project governance?
Risk Assessment Matrix#
For each identified risk, assess:
| Factor | Low Risk | Medium Risk | High Risk |
|---|---|---|---|
| Executive sponsorship | CEO/COO actively engaged | CIO/COO engaged | IT-led initiative |
| Change history | Multiple successful changes | Mixed track record | History of failed changes |
| Integration scope | <5 integrations | 5-15 integrations | >15 integrations |
| Data quality | Clean, documented data | Some quality issues | Known significant issues |
| Customisation | Configuration only | Some extensions | Significant customisation |
| Partner experience | Multiple similar projects | Some relevant experience | Learning on your project |
Risk Mitigation Strategies#
Organisational Risk Mitigation#
- Establish executive steering committee with regular meetings
- Conduct change readiness assessment before project commitment
- Secure dedicated internal resources with backfill planning
- Document stakeholder agreement on objectives and scope
Technical Risk Mitigation#
- Conduct technical architecture review before implementation
- Perform data quality assessment early in the project
- Challenge customisation requests—push for standard processes
- Engage technical resources with relevant ERP experience
Vendor Risk Mitigation#
- Check references for similar implementations
- Review vendor financial stability
- Negotiate contract terms including exit provisions
- Establish escalation paths to vendor leadership
Project Risk Mitigation#
- Document scope explicitly with formal change control
- Build timeline bottom-up from tasks, not top-down from deadlines
- Include adequate contingency (15-20% minimum)
- Establish clear governance with decision rights
Early Warning Signs#
Watch for these indicators of project trouble:
Schedule compression: When timeline is shortened without reducing scope.
Budget concerns: When contingency is consumed early in the project.
Resource conflicts: When internal resources are pulled to other priorities.
Scope creep: When requirements grow without formal change control.
Vendor concerns: When vendor raises issues about timeline or resources.
Stakeholder disengagement: When key stakeholders stop attending meetings.
NZ/AU Risk Factors#
Partner availability: Limited local partners may mean less experienced resources.
Time zone: Support from overseas vendors may have timezone challenges.
Market size: Vendors may prioritise larger markets.
Conclusion: Make Risk Visible#
Risk assessment is not about avoiding all risk—it's about understanding the risks you face and making informed decisions. Use this framework to assess your implementation honestly and plan mitigations proactively.