Surfacing ERP exploitation risks through a risk ontology

Purpose – The purpose of this paper is to develop a risk identification checklist for facilitating user companies to surface, organise and manage potential risks associated with the post-adoption of Enterprise Resource Planning (ERP) systems. Design/methodology/approach – A desktop study, based on the process of a critical literature review, was conducted by the researchers. The critical review focused on IS and business research papers, books, case studies and theoretical articles, etc. Findings – By systematically and critically analysing and synthesising the literature reviewed, the researchers identified and proposed a total of 40 ERP post-implementation risks related to diverse operational, analytical, organisation-wide and technical aspects. A risk ontology was subsequently established to highlight these ERP risks, as well as to present their potential causal relationships. Research limitations/implications – For researchers, the established ERP risk ontology represents a starting point for further research, and provides early insights into a research field that will become increasingly important as more and more companies progress from implementation to exploitation of ERPs. Practical implications – For practitioners, the risk ontology is an important tool and checklist to support risk identification, prevention, management and control, as well as to facilitate strategic planning and decision making. Originality/value – There is a scarcity of studies focusing on ERP post-implementation in contrast with an over abundance of studies focusing on system implementation and project management aspects. This paper aims to fill this significant research gap by presenting a risk ontology of ERP post-adoption. It represents a first attempt in producing a comprehensive model in its area. No other such models could be found from the literature reviewed.