Surfacing ERP exploitation risks through a risk ontology

Purpose - The purpose of this paper is to develop a risk identification checklist for facilitating user companies to surface, organise and manage potential risks associated with the post-adoption of enterprise resource planning (ERP) systems. Design/methodology/approach - A desktop study, based on the process of a critical literature review, is conducted by the researchers. The critical review focuses on information systems and business research papers, books, case studies and theoretical articles, etc. Findings - By systematically and critically analysing and synthesising the literature review, the researchers identify and propose a total of 40 ERP post-implementation risks related to diverse operational, analytical, organisation-wide and technical aspects. A risk ontology is subsequently established to highlight these ERP risks, as well as to present their potential causal relationships. Research limitations/implications - For researchers, the established ERP risk ontology represents a starting point for further research, and provides early insights into a research field that will become increasingly important as more and more companies progress from implementation to exploitation of ERPs. Practical implications - For practitioners, the risk ontology is an important tool and checklist to support risk identification, prevention, management and control, as well as to facilitate strategic planning and decision making. Originality/value - There is a scarcity of studies focusing on ERP post-implementation in contrast with an over abundance of studies focusing on system implementation and project management aspects. This paper aims to fill this significant research gap by presenting a risk ontology of ERP post-adoption. It represents a first attempt in producing a comprehensive model in its area. No other such models can be found from the literature review.