Risk is inevitable, its management is a choice
The deployment of an Enterprise Resource Planning (ERP) system is a complex and ambitious undertaking. Yet, beyond the technical and functional complexity, it is the management of its risks that often determines its success or failure. While project management manuals all insist on the theoretical importance of this activity, my concrete experience on several deployments has revealed a more essential truth.
This article does not simply reiterate the universal message that "risk management is necessary"; it is the fruit of capitalizing on my practical experiences which demonstrate the critical importance of its role. I have realised that neglecting a structured approach to risk identification, analysis, and treatment not only significantly reduces the chances of successful implementation but also deprives one of a powerful tool for simplifying and improving Lessons Learned (REX).
I will therefore explore here not only why proactive risk management is vital in this specific context (ranging from business impacts to technical and human stakes), but also how to apply it concretely, by relying on proven methods and facilitating the transmission of crucial knowledge for future projects.
Why is it important?
Risk management is essential for protecting project objectives by anticipating and mitigating threats likely to cause delays, budget overruns, and a drop in product quality. Unlike a reactive and costly approach, it allows for making decisions to concentrate resources where the impact is maximal, thus ensuring the team's resilience and flexibility in the face of the unexpected. Furthermore, this approach does not just secure the project outcome; it facilitates and structures Lessons Learned (REX) by documenting the threats encountered throughout the process and the solutions adopted, ensuring valuable knowledge capitalisation for the company.
What is a Risk in Project Management?
A risk is defined as an uncertain event that could affect project objectives, either negatively (threat) or positively (opportunity). In practice, a risk combines two dimensions: the probability of occurrence (low, medium, high) and the potential impact (financial, deadlines, quality, image, user adoption). Risk management involves identifying these events, evaluating their criticality, and implementing appropriate action plans.
Risk Identification and Anticipation
I believe that the project manager's experience is essential for identifying and preventing risks. It relies on their ability to observe, analyse, communicate, remain alert and imaginative, and above all, to consider future scenarios by assigning probabilities to them. It is this ability to anticipate threats that turns them into manageable alerts.
Anticipation is essential: it is too late to act when the risk becomes an incident. The key steps are:
- Mapping risks from the framing phase, with all stakeholders.
- Analysing known risks based on feedback (previous projects, benchmarks).
- Identifying weak signals during the design and deployment phases (technical, organisational, human dependencies).
- Regularly updating the risk register throughout the project, as new risks emerge at each stage.
In the case of a less experienced project manager:
- Relying on experts (business, technical, AMOA, integrator) to collect their alerts and anticipate sensitive areas.
- Organising brainstorming workshops with the project team to cross
- reference visions and enrich risk identification.
- Consulting project documentation (schedule, dependency analysis, critical milestones) to identify sensitive points.
- Requesting mentorship or an external review from an experienced project manager, to challenge their analyses and secure their approach.
- Implementing a periodic risk review with the team to prevent new risks from emerging unnoticed.
Thus, even without consolidated experience, a project manager can become a "signal detector," combining method, listening, curiosity, and imagination.
Risk Treatment Strategies
Once risks are identified and evaluated, several responses are possible:
- To avoid the risk, one can modify the scope or the approach to eliminate its cause (e.g., simplifying an overly complex interface).
- To reduce or mitigate the risk, one can implement measures (preventive or corrective) aimed at decreasing its probability or its impact (e.g., providing more training to key users).
- To transfer the risk, one outsources the responsibility by entrusting it to a service provider (e.g., engaging a certified vendor for feature development).
- Finally, one accepts the risk when the expected impact is deemed more tolerable than the cost of mitigating it (e.g., deciding to accept a minor delay in case of temporary overload).
The Main Risks of an ERP Project
ERP projects concentrate typical risks in several areas, each requiring specific action:
Organizational Risks
- User resistance to change
- Low management commitment
- Insufficient project governance
Functional Risks
- Incompatibility between the software and business procedures
- Excessive customisation leading to rigidity and extra costs
Technical Risks
- Complex integration with other systems
- Data migration problems (quality, volume, security)
Financial Risks
- Underestimation of costs (licences, services, training, TCO)
- Budget overruns due to uncontrolled changes
Scheduling Risks
- Unrealistic deadlines
- Key resources unavailable
Possible Actions against the Main Risks
Each risk category requires specific measures:
Organisational
- Develop a structured change management strategy (communication, training, involvement of key users).
- Obtain a strong and visible sponsor from top management.
- Establish a clear governance structure by assigning precise roles and responsibilities.
Functional
- Prior validation of compatibility between the ERP and processes, using detailed scoping workshops.
- Limit customisation to a minimum and opt for standardisation.
- Set up prototypes or pilot phases to evaluate real functionality.
Technical
- Conduct an audit of the target architecture and interfaces upstream.
- Anticipate data migration from the start of the project by creating mocks and representative data sets.
- Provide testing and pre
- production environments that reflect reality.
Financial
- Build a detailed budget including hidden costs (support, maintenance, training, additional licenses).
- Implement monthly budget tracking and deviation alerts.
- Contractually frame services to limit costly change orders.
Scheduling
- Define a realistic schedule that accounts for business constraints (accounting closures, activity peaks).
- Secure the availability of key resources through managerial commitment.
- Integrate safety margins (buffers) to absorb contingencies.
Risk Management and Documentation Tools
Effective risk management relies on concrete and active supports:
- Risk Register: The central document listing each risk, its probability, impact, owner, treatment strategy, and status.
- Risk Matrix (Probability x Impact): A visual representation allowing for the prioritization of critical risks.
- Mitigation Plan: A description of the concrete actions planned to reduce or transfer risks.
- Collaborative Tools: Solutions like MS Project, Jira, Confluence, or even Excel/SharePoint templates for centralization and tracking.
- Regular Reviews in Steering Committees: Every critical risk must be followed up as a permanent agenda item.
Risk management is not a bureaucratic exercise, but a governance lever to secure the trajectory of an ERP project. It enables anticipation of difficulties, stakeholder involvement, and significantly increases the chances of success.
An ERP project does not fail solely because of its technical complexity: it often fails due to a lack of anticipation and vigilance regarding risks.