Disaster-Resource.com

Implementation of ERP Systems - A Significant Business Continuity Risk

In recent years the emphasis in business continuity has shifted from IT to the business. Whereas previously the IT executive tended to be the driving force behind disaster recovery / business continuity, this activity is now seen to embrace every aspect of an organization's activity and it is driven by the business. This is not to say that IT is less important. On the contrary, and in particular with an all-pervasive ERP (Enterprise Resource Planning) system, computer systems and technology infrastructures must feature significantly in business continuity management.

The business world has experienced more than its fair share of ERP implementation failures. And these failures are only the instances where projects were abandoned or where budgets and projected timeframes were significantly exceeded. They do not include the projects, which came in on time and on budget but in reality, were less than successful. Meeting these targets does not presume that the organizations experienced the benefits that were envisaged when management initiated the project - if indeed there was ever a realistic expectation and quantification of what the benefits would be. Research indicates that less than 10 per cent of companies consider their ERP systems to be effective.

The reasons for failure may include -

  • unrealistic expectations and the absence of clear specification of requirements
  • use of an inappropriate system
  • inability to manage a large project involving complex organization cultures and intricate people and change management issues
  • system complexity
  • the extent of customization required
  • unrealistic and inappropriate deadlines
  • difficulty adapting to new, and perhaps inappropriate, processes and procedures
  • inadequate education and training of all parties involved
  • the implications of introducing new information technology platforms and infrastructure to support the application software.
Probably the most important contribution to the success of a business continuity programme is the unswerving support of top management and having an effective sponsor at that level. The same is true for an ERP project.

From a business continuity perspective the implementation process is a risk which must be considered but there is also a number of issues which must be considered in relation to the ongoing operation of an ERP system.

This article examines some of the risks and emphasises the importance of business continuity being an active consideration right from the start of the project.

An ERP system is a multi-module computer application which is designed to support all of the key activities of an enterprise in an integrated fashion. This includes managing the key elements of the supply chain operation - product planning, purchasing, production control, inventory control, interaction with suppliers and customers, delivery of customer service and keeping track of orders. It may also include HR modules which maintain a central database of the organisation's people, which is critical to production and staff scheduling functions, and to staff payments.

An ERP is regarded as central to an organisation's ambition to survive and prosper in today's business environment. It often replaces a myriad of individual systems including accounting systems, and production planning and inventory control systems. Its predecessor systems were often a mix of custom-built systems and package software. They frequently were based on a variety of computer hardware and software platforms and database management systems where significant work had been put into developing and managing the interfaces between them.

The use of ERP allows for greater efficiencies in many ways. It can be a much more effective way of providing computer support to the business functions. It is particularly relevant in the case of large complex businesses or where it is necessary to rationalise and integrate systems and operations in situations where mergers and acquisitions have given rise to disparate systems and computer platforms. It also allows for significantly greater efficiencies in managing the supply chain. Safety stocks can almost disappear and JIT (just-in-time) philosophies dominate. In effect ERP has the effect of making an enterprise more time-sensitive and consequently more vulnerable to the impact of time delays.

Prior to ERP a business tended to have multiple points of failure of computer-based systems and technologies. There were potential breakdowns with individual systems and with the many interfaces between systems. However, there tended to be workarounds available and in some cases it was even possible to revert to manual procedures. With ERP there may be fewer points of failure but if there is a failure the impact can be very significant. If it takes time to recover the implications can be very serious and business may grind to a halt. Production may stop. Selling, inventory management and other key functions may find it impossible to continue. Time and production records may be unavailable and it may not even be possible to pay staff on schedule.

Hershey Foods - Implications of ERP Problems

Hershey Foods Corporation, the leading chocolate manufacturer, experienced difficulties with the $115 million ERP it was implementing. Among other things its ability to ship product during the peak Halloween season in 1999 was hampered.

The ERP project was a major one, designed to replace scores of legacy systems that had been running everything from inventory and order processing to human resource information systems. It was expected to impact on virtually every facet of the company's operations.

Hershey had spent up to three years implementing the system, supported by a number of teams of consultants. There were problems as they went along.

During the busiest season of the year, customers such as Wal-Mart and Kmart, had no option but to start topping up their orders with product from Hershey's competitors. Meanwhile, Hershey's warehouses were filling up with stock.

It is reported that third-quarter sales in 1999 dropped by 12.4 per cent compared with the previous year and that earnings were down 18.6 per cent.

During the period of difficulties with the system -

  • typical delivery times went from five to twelve days;
  • there was a 29 per cent increase in inventory costs;
  • relationships with customers became strained;
  • customers replaced usual supplies with other brands;
  • rivals boosted their sales considerably.

In the systems environment that tended to exist before ERP, a company's IT disaster recovery plan might allow for the recovery of different systems and databases at different times. Some could be recovered in parallel using different teams of computer support personnel working to a priority sequence which aimed to restore the key systems and computer platforms first. With ERP the usual approach to recovery is to restore the environment as a whole and to have all systems modules available simultaneously.

Another factor, which can impact on the recovery of ERP systems, is the lack of sufficient in-house knowledge of the intricacies of the ERP. Because of the range of facilities available, and the resultant complexity inherent in an ERP, the detailed knowledge frequently resides with supplier personnel, consultants and freelance experts in the product who were involved in implementation and then moved on. Sometimes the knowledge transfer to in-house staff may be insufficient to provide adequate expertise when problems arise. In theory anyone should be able to effect a recovery from a business recovery plan regardless of who customised, built and implemented the system. With systems as complex and as integrated with the business processes as an ERP this may not always be the case. This should be considered early in the process of implementing an ERP and adequate time must be allowed in the implementation plan for documenting these aspects comprehensively.

The Hershey experience has been widely publicized. A number of other unhappy experiences are also in the public domain - and they continue to happen. Late last year a supermarket chain in Europe experienced problems with the implementation of its 100 million euro EPR system. This is reported to have caused significant warehousing / distribution problems and to have become a factor in the recent change of ownership of the company.

Business Continuity - a Consideration from the Start

ERP implementation is an expensive exercise. Apart from the cost of the application and the supporting hardware and software platforms a considerable amount of expensive input will be required from the suppliers and consultants in design, build, data loading, implementation and training activities. Despite the benefits that will be expected to accrue, the cost of installing such a system will be such that there may be a temptation to trim costs by omitting expenditure required to address the business continuity issues. The attitude may be ‘let's get it up and running and we can address the business continuity issues in the next phase'. The history of ERP implementations indicates that the budgets for this initial phase are often exceeded. Consequently it becomes more difficult to get money allocated to continuity aspects during subsequent phases.

Considering the vulnerability of the enterprise in the event of problems, this is false economy. If left till the ‘next phase' it will probably never happen. If planned and provided for from the start the costs are likely to be considerably less than when the facilities are provided later on.

Consequently there should be active involvement of the business continuity function from the planning stage onwards.

Some of the benefits of this approach and the issues to be addressed in these phases of the project include:

  • Potential outages can be considered and thought given to what alternative processes can be designed in at the same time.
  • Resilience can be considered more realistically at the point when keeping the costs to a minimum is not the overriding viewpoint.
  • How does the planned infrastructure meet the recovery requirements? For example, if a SAN (storage area network) is involved have the recovery and resilience aspects been fully thought through?
  • Should the computer facilities be split over multiple sites? If this is done does it overcome the need to have arrangements for access to a business recovery site from a recovery facilities vendor?
  • Sometimes the funding for recovery sites comes from a designated business continuity budget. This means that the project does not have to carry the costs but it can result in a greater overall cost. Like any other project the overall costs should include the cost of the continuity aspects.
  • If there is only a single-site computer system (or single server) how is it proposed to test and implement subsequent upgrades to the systems? Moving to new releases of an ERP system with significant new facilities can be a major issue.
Business continuity programmes place a lot of emphasis on the need to protect reputation or brand, and the organization's financial well being. A failed ERP implementation or operation is detrimental to an organization and can seriously impact the bottom line. While there is no panacea, which will guarantee success, the active involvement of the BC function from the start and the addressing of continuity and resilience issues in planning and operation will help to reduce the risk.

About the Author

Michael Gallagher is a founder member and Chairman of the Irish Branch of the Emergency Planning Society (EPS). In this position he promotes awareness of emergency planning and business continuity and of the need for professionals in the emergency services and in business continuity to work together and to understand their respective roles and perspectives. He chaired the EPS Working Group which produced a Report on Integrated Emergency Planning in Ireland and which was presented to the Irish Government.

He is a member of the Business Continuity Institute and a Fellow of the Institute of Chartered Management Accountants and of the Irish Computer Society.

Michael worked as a management consultant with Price Waterhouse & Co. - now PwC - before joining RTÉ (Radio Telefis Éireann - the Irish national broadcasting organization) where he was Head of Information Technology for many years. He managed a very successful Y2K project where he refused to follow the trend and invest millions of dollars on new hardware and software or on expensive remedial action. Instead he implemented a policy of "encapsulation" for the major systems - this effectively turned the clock back 28 years and achieved compliance at minimal cost and with no inconvenience or extensive testing requirement. During this process the need for business continuity arrangements which addressed every aspect of RTÉ's business (radio and television programmes, news, broadcasting transmission network, publishing, and all commercial and support activities) became apparent. As Head of Management Services he became responsible for initiating and implementing RTÉ's business continuity management programme. This also included responsibility for RTÉ's public service obligations in relation to the handling of major or national disasters.

It was the later which gave rise to his interest in issues such as national preparedness and integrated emergency planning.

Michael has written extensively on IT policy and management issues and more recently on business continuity matters.

His "BCM Self-Assessment Questionnaire", available at www.continuitycentral.com/feature062.htm is widely used as a measure of the status and progress of business continuity in organizations.

Michael's book "Business Continuity Management - How to Protect your Company from Danger" is published by Financial Times / Prentice Hall in their Executive Briefing series - details are at www.briefingzone.com

He is now providing consultancy services in the areas of Business Continuity and Risk Management and has worked on assignments throughout Europe.

He can be contacted at -

Gallagml@iol.ie

"Clonyn"
27 Greenville Road
Blackrock
Co Dublin
Ireland
Tel 353 87 2347788