Compare the leading ERP products at 1 event

Dealing with ERP Implementation Project Challenges - Risk Management

An ERP project by its nature brings about change and change leads to risk. Like any other project, an ERP implementation requires a methodology to help identify, track, and manage the potential risks. The techniques proposed by PRINCE2 [1] are very applicable in an ERP implementation and an overview of the methodology and its application are described below.

Risk Management Strategy

A Risk Management Strategy should be agreed at the start of the project. The PRINCE2 methodology identifies numerous points in a project where risk management needs to be carried out, but the specific approach and techniques used will vary from project to project, depending on the nature of the project and the level of business risk involved.

Risk Categorisation and Identification

In PRINCE2, risks are first of all categorised into business risks or project risks. This helps determine who has responsibility for managing each risk. Business risks, i.e., those risks concerned with the impact if benefits are not delivered, are usually managed by the steering team. Project risks are those that impact the management of the project and will usually be managed by the project manager.

Project risks are broadly categorised as supplier issues (dependent on 3rd Party), organisational factors (relating to people, culture, etc.), and specialist issues (relating to the type of project being implemented). As well as determining who owns the management of a risk, these categories are useful at the risk identification stage.

In Lumenia’s whitepaper “ERP Projects: 5 Risk Factors and How to Manage Them” the five risks described in that paper can be categorised as follows:

Dealing with ERP Implementation Project Challenges - Risk Management

Sample Categorisation of High Level Risks

The project manager is responsible for ensuring that risks are identified, recorded and regularly reviewed. The steering team should make sure that the project manager is notified of any external risks to the project and should make decisions on the project manager’s recommended reactions to risk, striking a balance between the level of risk and the potential benefits that may be achieved.

The two disciplines described by PRINCE2 for containing risk during a project are:

  1. Risk Analysis (identification and evaluation of risks; identification and selection of appropriate response)
  2. Risk Management (planning, monitoring, controlling and resourcing to address the risks identified)
Figure 6 The Risk Management Cycle

The Risk Management Cycle (source: adapted from [1])

Risk Analysis

Risk analysis involves four main activities:

  • Identifying the potential risks that may be encountered
  • Evaluating the importance of each risk based on the probability of its occurrence and its potential impact
  • Identifying possible responses for each risk
  • Selecting appropriate actions as necessary

There are five possible responses for each risk, although it’s possible that each individual risk may require multiple actions:

  • Prevention

Put measures in place to prevent the risk from occurring, or from having any impact if it does occur

  • Reduction

Reduce the likelihood or impact of the risk

  • Transference

Pass on the risk to another party (e.g., an insurance policy or a penalty clause)

  • Contingency

Plan the actions to be taken should the risk occur

  • Acceptance

Ignore the risk on the basis that it’s either very unlikely to occur or it’s too expensive to implement countermeasures.

The risk analysis results are captured in a risk log. A major risk analysis exercise should be carried out at the start of the project, but the PRINCE2 methodology stresses that further analysis should be conducted continuously as the project develops and new information becomes available.

Risk Management

Risk management involves planning and executing the various actions identified as part of the risk analysis exercise. There are four main activities, all of which are standard project management activities and require no further explanation:

  • Planning
  • Resourcing
  • Monitoring
  • Controlling


Risk is inherent in any ERP implementation project and therefore risk management plays a critical role in ensuring the project achieves its objectives. Identifying risks and putting in place appropriate risk management plans should be one of the project manager’s central responsibilities.

ERP Risk Management White PaperExperienced project managers will be familiar with the typical risks that surface during an ERP implementation. They will also have experience using a risk management methodology such as the one described above. Most organisations will have little in-house experience of ERP implementations and may have limited project management capability. The role of the project manager is central to the success of an ERP implementation, so outsourcing this role is worth considering.

For more information and recommendations, you can download the Lumenia White PaperERP Projects: 5 Risk Factors and How to Manage Them.



[1] Managing Successful Projects with PRINCE2, CCTA

This blog was written by Ursula Browne, Consulting Manager at Lumenia. For further information please send an email to Ursula Browne.