P E T E R  S. C O H A N  &  A S S O C I A T E S
TECHNOLOGY RISK EVALUATION FRAMEWORK

The risks of introducing new technology can -- if not properly managed -- exceed the technology's benefits.  For example, in February 2001 Nike CEO Phil Knight blamed a 28% earnings miss on a poorly implemented $400 mm supply chain software installation.  In fact, new technology introduces a variety of risks into a company and executives must be aware of these potential risks and take steps to manage them. 

The table below illustrates some of the more common risks that different technologies may introduce and highlights measures that may be taken to control these risks.











While these examples are not exhaustive, they form the basis for a more comprehensive thinking process that executives should follow to protect their companies from the risks of new technology.  These examples, described below, should help executives kick off this thinking process.

E-Procurement  -- Electronic procurement can open up new risks such as employee theft.  Specifically, unless appropriate controls are embedded in the electronic procurement system, employees could use these systems to facilitate stealing items such as personal computers.  Fortunately many electronic procurement software packages include the ability to incorporate a company's business rules -- for example, requiring a manager to approve transactions above a specific value threshold -- that can prevent such abuse.  Nevertheless, executives should be attuned to the potential for abuse of electronic procurement systems and take appropriate preventative measures before putting such systems into operation.   E-procurement can open up a company to other risks, such as hacking which is described below.. 

E-Selling --
Selling over the Internet can open up a company to a variety of significant risks.  Two particularly dangerous risks are hacking and fraud.  Hacking refers here to the risk that unauthorized persons -- both inside and outside the company -- will find a way to access and abuse confidential data such as customer lists, credit cards, and social security numbers.  While there are no completely secure technologies for protecting against hackers, tools such as firewalls and encryption have proved useful in this ongoing battle between hackers and network managers.  Executives should anticipate the threat of hackers and take appropriate preventative measures before putting any e-selling capability into service.

The risk of fraud here refers to online entities who appear to be paying customers, but ultimately prove to be thieves.  One way to protect a company from such fraudulent entities is to employ trust services which authenticate the identity of online entities prior to issuing digital certificates.  If an e-seller works with a reputable issuer of digital certificates, the risk of loss through such fraud can be significantly reduced.


Enterprise Software  --
Whenever a firm embarks on a major software initiative such as installing an enterprise resource planning (ERP), customer relationship management (CRM) or supply chain management (SCM) system, the firm becomes subject to significant risks.  One of the most common risks of such systems is cost and time overruns.  Simply put, enterprise software projects tend to cost more and take longer to install then originally anticipated.  Furthermore, companies must typically spend two or three times the cost of software on consulting services.

Enterprise software projects are very difficult to manage because they require intimate and sustained cooperation from corporate departments -- such as accounting, manufacturing, information technology, and purchasing -- that in many companies are often at odds with each other.  When new ways of working and new technologies are introduced into such a challenging organizational environment, much time is often spent trying to overcome resistance to change -- time which is generally underestimated when initial budgets are being established.

Furthermore, enterprise software projects typically depend on data from a variety of new sources -- some of which may not be completely reliable.  As a result, managers may end up using bad data to make important decisions unless significant resources are dedicated to checking the quality of data before it enters the system.

Unfortunately, there are no silver bullets to address these problems.  In general, enterprise software projects work more effectively if they satisfy five tests:

 
they are actively supported by senior management;
  the project leaders have an extensive record of success with similar projects;
  all departments that will use the system are involved in its design and implementation;
  software and service vendors are paid based on the achievement of important milestones; and
  the system is installed and tested in modules rather than all at once.


H
OME
S
ERVICES
C
ORE CONCEPTS
P
UBLICATIONS AND EXPERIENCE
TV
, RADIO AND CONFERENCES
P
RESS
N
EW VENTURE DEVELOPMENT
CONTACT
Technology
e-procurement                            employee theft                        embedded control rules
Risk(s)
Control Measures
e-selling                                      fraud, hacking                         authentication, firewalls
enterprise software              slow installation, bad data              tight management