Presented to the Interdisciplinary Studies Program: Applied Information Management and the Graduate School of the University of Oregon in partial fulfillment of the requirement for the degree of Master of Science R isk Mitigation for SMEs CAPSTONE REPORT I mplementing ERPs University of Oregon Applied Information Management Program T yler Stewart P rincipal, Senior Analyst G age Technology Group Continuing and Professional Education 1277 University of Oregon Eugene, OR 97403-1277 F all 2019 (800) 824-2714 Approved by ________________________________________________________ Dr. Kara McFall Director, AIM Program Running head: RISK MITIGATION FOR SMES ERPS 1 Risk Mitigation for SMEs Implementing ERPs Tyler Stewart Gage Technology Group RISK MITIGATION FOR SMES ERPS 2 RISK MITIGATION FOR SMES ERPS 3 Abstract ERP systems offer benefits to businesses through cost reductions, efficiencies, and building competitive advantages (Aversano, Di Brino, Guardabascio, Salerno, & Tortorella, 2015). However, research indicates ERP implementations have high failure rates (Saxena, Dempsey, & Mcdonagh, 2016; Iskanius, 2009). SMEs evaluating ERP adoption face risks different from larger enterprises (Stefanou, 2013). SMEs can make better decisions towards ERP implementations through risk management. This study presents information about ERP implementation risks for SMEs and risk mitigation approaches. Keywords: enterprise resource planning, ERP, small and medium enterprises, SME, small business, risk management, risk mitigation, open source ERP, ERP implementation failures, critical failure factors RISK MITIGATION FOR SMES ERPS 4 RISK MITIGATION FOR SMES ERPS 5 Table of Contents Abstract ........................................................................................................................................... 3 Table of Contents ............................................................................................................................ 5 Introduction to the Annotated Bibliography ................................................................................... 6 Problem ....................................................................................................................................... 6 Purpose ........................................................................................................................................ 9 Research Questions ..................................................................................................................... 9 Audience ..................................................................................................................................... 9 Search Report ............................................................................................................................ 10 Annotated Bibliography ................................................................................................................ 15 ERP Implementation Risks ....................................................................................................... 15 ERP Implementation Risks for SMEs....................................................................................... 24 Value of Free and Open Source Versus Commercial ERPs for SMEs ..................................... 37 Conclusion .................................................................................................................................... 51 Identification of ERP Implementation Risks and Failure and Success Factors ........................ 52 ERP Implementation Risks Identified in the Literature ............................................................ 54 ERP Implementation Risks in the Context of SMEs ................................................................ 56 Risk Mitigation Strategies for SMEs Implementing ERPs ....................................................... 57 Open Source ERPs as Risk Mitigators for SMEs ..................................................................... 59 Limitations of FOS ERPs and Future Research ........................................................................ 63 References ..................................................................................................................................... 64 RISK MITIGATION FOR SMES ERPS 6 Introduction to the Annotated Bibliography Problem The introduction of computers to business in the 1950s and 1960s brought automation to inventory management and control (Olhager, 2013, p. 6837). This function evolved in the 1970s to Material Requirements Planning (MRP) systems that created a new way to handle production and planning for manufacturing companies (Elragal & Haddara, 2012, p. 29), establishing a common logic that could be used for all value-add manufacturing operations to manage “purchase items, intermediate items, and end products” (Olhager, 2013, 6837). In the 1980s MRP system scope broadened to MRPII, which encompassed more of an organization’s functions, including accounting, procurement, and distribution (Elragal & Haddara, 2012, p. 29). In 1990 the Gartner Group introduced the concept of Enterprise Resource Planning (ERP) as these systems grew beyond production and manufacturing to integrate sales (Olhager, 2013, 6839), accounting, finance, human resources, and project management into a single system (Bahssas, Albar, & Hoque, 2015, p. 73). The 2000s saw ERP systems become internet-based while offering modular functionality to integrate more areas of the business value chain (Bahssas, Albar, & Hoque, 2015, p. 73). Enterprise resource planning systems “promise seamless integration of information flowing through an organization” (Iskanius, 2009, “Introduction”). Enterprise resource planning systems integrate an organization's resources across multiple functional areas, including “sourcing, storage, manufacturing, distribution, administration and financial management activities” (Groenewald & Okanga, 2019, p. a962). Enterprise resource planning systems centralize data management across separate units of the same enterprise (Estefania, Samir, Robert, Patrice, & Alexandre, 2018, p. 1212), connecting data with enterprise processes while eliminating silos of information (Sawyer, 2010). RISK MITIGATION FOR SMES ERPS 7 Recent developments in ERPs include cloud-based systems, removing the need for on- premise systems that are expensive to staff and scale (Bahssas, Albar, & Hoque, 2015). Cloud- based ERP systems can be software-as-a-service (SaaS) subscription models, or infrastructure- as-a-service (IaaS) models (Bahssas et al., 2015) that allow the scaling and cost-reduction benefits of the cloud while retaining private ownership of the system and customizations (Teach, 2016). Free or open source ERP systems are another recent trend (Aversano, Di Brino, Guardabascio, Salerno, & Tortorella, 2015) that allow for cost reductions through the elimination of expensive proprietary license fees (Olson, Johansson, & De Carvalho, 2018), with implementation costs “between one-sixth and one-third of the costs for typical proprietary ERPs” (Olson et al., 2018 p. 33). The lowered cost of open source ERP systems presents a trade-off, as these systems also lack support and the extensive functionality that is available with proprietary systems (Olson & Staley, 2012). For the purposes of this study, Free/Open Source (FOS) software is defined by The Open Source Initiative as “software that can be freely accessed, used, changed, and shared (in modified or unmodified form) by anyone” (“Basics of Open Source,” n.d.). The value of ERP systems, in particular for manufacturing organizations, includes the creation of operational cost savings by reducing inventory, lowering the spend for materials and reducing associated warehouse storage space (Zareshahi, 2015). Enterprise resource planning systems increase and support the effectiveness and efficiency of operations and management decision-making by producing cumulative reports of the latest organizational data (Zareshahi, 2015). These systems help an organization collaborate enterprise wide within and across departments, from senior leadership to the lowest levels, improving the productivity and overall health of the organization (Ruivo, Oliveira & Neto, 2015). These operational and managerial RISK MITIGATION FOR SMES ERPS 8 benefits also translate into improving customer satisfaction (Iskanius, 2009) as the organization is more effective and operationally efficient. Though the value of successful ERP implementations can be high and create significant competitive advantages (Ruivo et al., 2015), ERP implementations also have a high rate of failure, defined by implementations that do not meet the goals of on-time completion, implementation costs within budget, and fulfillment of the original requirements, with just 30% of ERP implementations successfully meeting all three goals (Iskanius, 2009, “Abstract”). Issues with ERP systems can continue beyond the implementation project; Ha and Ahn (2014) found that in “a survey of 64 Fortune 500 companies, 25% suffered from poor performance of ERP in the post implementation stage” (p. 1065). The risk of failure is of concern to leadership, as “65% of managers believe ERP project failure will damage a firm” (Dixit & Prakash, 2011, p. 78). Enterprise Resource Planning implementations at small- and medium-enterprises (SMEs) are also subject to low success rates; Iskanius (2009) found that 70% of ERP implementations at SMEs were unsuccessful. There are myriad reasons for the failure of ERP implementations at SMEs, including technological complexity beyond the capabilities of an SME’s information technology (IT) staff; complexity of the business process objective; lack of management support; incorrect ERP selection; lack of required integration to key external systems; and insufficient training (Safavi, Amini, Abdollahzadegan, & Zakaria, 2013). For the purposes of this study, small and medium-sized enterprises (SMEs) are defined using the World Trade Organization’s definition of a business consisting of 10-250 employees (Micro, small and medium-sized enterprises, n.d.). Despite the failure rates, ERPs deliver such high value to operations and overall competitive advantages that “large firms have implemented ERP systems intensively, and been followed by small and medium enterprises (SMEs)” (Ruivo et al., 2015, p. 105). However, RISK MITIGATION FOR SMES ERPS 9 compared to large enterprises, SMEs have limited budgets and resources and ERP implementations are therefore both risky and expensive for these organizations (Sadat, 2013). Purpose The purpose of this qualitative study is to present literature published within the past ten years that identifies and describes the risks SMEs should consider when evaluating whether they want to pursue ERP implementations. The design of the study is a literature review. The method of inquiry is the collection, sorting, review, annotation, and analysis of selected research articles. The study identifies risks of ERP implementations for SMEs that contribute to implementation failures. Through an understanding of risks, decision makers and implementers can determine if the risks of implementing ERPs are acceptable and align with their organizations’ tolerances for risk exposure (Poba-Nzaou, Louis, & Bruno, 2013), as well as pursue risk mitigation strategies. To minimize risks, “risk should be managed at the earliest possible opportunity in the system life cycle” (Poba-Nzaou et al., 2013, p. 479). Research Questions Main question. What are the risks an SME should consider when evaluating whether to pursue an ERP implementation? Sub-questions. How can risks be mitigated for SMEs wanting to implement ERP systems? Does FOS ERP software mitigate risk for SMEs compared with proprietary solutions? Audience This study is for SME stakeholders who want to understand risks and risk mitigation techniques for implementing ERPs, particularly for SMEs. The audience includes Chief Operations Officers (COOs), Chief Financial Officers (CFOs), and Chief Information Officers RISK MITIGATION FOR SMES ERPS 10 (CIOs) or equivalents at the director level who may be considering whether an ERP implementation is feasible for their enterprises. At the CFO level, financial risks imposed by an ERP implementation are considered, including costs and returns. The COO will learn the possible scope of the impact on operations. The CIO will want to know the scope and resources required to implement and maintain the system. Enterprise resource planning implementation service providers can also use the information in this study to help their clients understand the risks inherent in implementing ERPs at SMEs and for implementation planning. These implementation service providers will benefit from understanding the mitigation strategies and responses to the potential risks of implementing an ERP at a SME. While this review is focused on ERP implementation risks for SMEs, stakeholders in large enterprises may also find information within the study that applies to their organizations. Search Report Search strategy. My search strategy included the following goals: • Find seminal works across the general topic area of risk factors and mitigation strategies for ERP implementations at SMEs, • Find seminal works across a narrowly defined relevant topic area, specifically highly cited works that included the following subjects: ERP AND SME AND Risks, OR ERP AND SME AND Open Source, • Find current articles on my topic that cite seminal works, and • Find and review articles that fit the topic but may not directly cite seminal works. Seminal works included highly cited articles and books with content covering the core subjects of ERP, risks, SMEs, and free/open source software. These works were helpful to define the problem scope and common terms. I spent considerable time researching citations for sources RISK MITIGATION FOR SMES ERPS 11 of works that align with the specific research problem in this paper, which was of critical value. The method I used to find sources involved citation mining, also known as “Pearl Growing" or “Snowballing” (Icahn School of Medicine, 2019, para. 1). This method involves reviewing the list of articles cited within an article, as well as articles citing the current article. Another aspect of Pearl Growing includes reviewing related works and related subjects in the results detail pages of search tools. By combining key terms in searches and following citation trails of relevant articles, I found seminal works that align with the subject of this paper, which led to finding lesser-cited works that are on topic that may not themselves be highly cited. I also targeted orphan works that were not found in citation trails from other found works but came up in search results, as they may contain a perspective or information not found in the majority of the citation trails. Key terms. I searched for the following topics for this study: • ERP for SME, • ERP integration risks, • SME IT risk tolerance, • ERP Trends, and • Free/Open Source (FOS) ERP. I searched using key terms both individually and in combination; key terms included: • Enterprise resource planning systems OR ERP, • Small and medium enterprises OR SME OR small business OR small companies OR small organizations, • Implementation, • Integration, • Risk, RISK MITIGATION FOR SMES ERPS 12 • Risk management, • Success factors, • Failures, • Value, • Business process, • Decision, • Decisions, • Best practices, • Strategies, • Factors, • Trends, • Case studies, • Open Source, • FOS, • Odoo, • Literature review, and • Investment. Search engines and databases. I chose the search tools in consultation with a UO Business Librarian who communicated that the UO LibrarySearch and Google Scholar, configured for the University of Oregon (UO) licenses, would do a thorough job of searching article databases without the need to duplicate searches across individual databases. Both LibrarySearch and Google Scholar include Cited and Cited By lists for each article returned in a search. The libriarian indicated that clicking through to articles on the Elsevier site will display a different list of Recommended Articles from LibrarySearch’s Related reading RISK MITIGATION FOR SMES ERPS 13 results, providing further sources, which she indicated come from differences in cataloging in both platforms. Individual databases I searched include: • WorldCat - Returns the largest number of results for books, and • Web of Science - Quickly locates highly-cited articles and was the most useful for citation mining. Documentation method. I managed the bibliography for this study with EndNote Online. LibrarySearch includes a link in the article detail page that adds the reference to my EndNote account. From EndNote I can group each article into customizable groups; for my study, groups included subject and a numeric ranking I gave to each source. The numeric ranking of 1-3 indicated relevancy of the source, with highest priority (1) given to more highly cited articles according to Elsevier and UO LibrarySearch, the most recent sources, and sources with strong subject relevance. I tracked search terms and notes in a Google Docs cloud document. Reference evaluation criteria. I evaluated references using the five characteristics described in the Evaluating Information Sources guide by the University of Florida’s Center for Public Issues Education (CPIE) (2014). Authority: I limited sources for this literature review to peer-reviewed publications found in scholarly or industry-specific journals and books. I did not include self-published articles. Timeliness: I gave precedence to findings in more recent publications over older findings, with the exception of seminal works. I conducted the primary searches for articles published in the previous ten years (2009-2019). Quality: I selected works that do not contain errors in grammar, spelling, and punctuation; I made exceptions only if the sources were in peer-reviewed, scholarly journals and I could infer that English is not the first language of the author(s). RISK MITIGATION FOR SMES ERPS 14 Relevancy: I selected works that are focused directly on one or more of the topics of my study, namely ERP for SME, ERP implementation risks, SME IT risk tolerance, ERP Trends, and Free and Open Source (FOS) ERPs. [Lack of] Bias: I selected sources from peer-reviewed, scholarly journals; government agency sources; or books published by established authorities. I took special care to avoid marketing material from ERP vendors. RISK MITIGATION FOR SMES ERPS 15 Annotated Bibliography The annotated bibliography for this study contains sources for the purpose of understanding risk mitigation for SMEs implementing ERPs, in particular the potential of Free and Open Source ERPs to mitigate risks for SMEs. The references are organized and presented below within three categories: (a) ERP Implementation Risks, (b) ERP Implementation Risks for SMEs, and (c) the Value of Free and Open Source Versus Commercial ERPs for SMEs. In the event a reference applies to multiple themes, the most prominent theme was utilized for categorization. Each source includes a citation, published abstract, and summary written by the author of this annotated bibliography. ERP Implementation Risks Hakim, Amin, & Hakim, Hamid. (2010). A practical model on controlling the ERP implementation risks. Information Systems, 35(2), 204-214. doi: 10.1016/j.is.2009.06.002 Abstract. Although ERP systems were already introduced many years back and were implemented in different organizations, there are still companies who hesitate to decide about establishing ERP systems in their structure. This hesitation will itself result in the projects to go in vain. On the other hand, taking into account the Iranian organizations, the unfamiliarity with these systems is obviously comprehended, something that stems from the lack of information in decision-makers and managers concerning the above- mentioned issue, together with the feeling of fear and inconvenience with this novel technology. Taking into account the lack of successful prior experience of ERP implementation in Iranian automotive industry, these failures have acted as obstacles for the decision-makers to move towards establishment of the system. Bearing in mind all the above, this article, through reviewing the intra- and extra-organizational limitations, has tried to provide a suitable and practical model for decision-makers to take precise steps in RISK MITIGATION FOR SMES ERPS 16 implementing ERP systems in Iran. This model has been operationally tested and simulated in Bahman motor company. The overall schema of the model and also the evaluation results in the aforementioned company have been incorporated in the results of this essay with the intention to decrease the decision-making risks and, therefore, success of these types of projects. This would per se lead to further related investigations, and managers and decision-makers in companies can take advantage of the results. Summary. The authors conducted a literature review for the purpose of creating a decision-making process for companies to use when deciding to pursue ERP systems. The Iranian authors indicate that companies in their country are unfamiliar with ERP systems and are resistant to changing their existing ways of operating. By developing a model for evaluating readiness and assess risk, the authors believed that management can make more informed decisions for implementing ERP systems. The authors then implemented and tested the model at Bahman Motor. Of particular relevance to my research is the section titled “Phase IV: evaluation of ERP risk and success factor” (p. 211). The authors developed a framework of six categories of risk, including: (a) Organizational risks, (b) Technical skills’ risks, (c) Project management risks, (d) System risks, (e) User risks, and (f) Technology risks. Each of these categories was assigned a subset of between five and six itemized risks. The authors developed a questionnaire to identify risks from these six categories related to the factors that impact ERP implementation, the AS-IS status of company entities that have a direct impact on the implementation, and the AS-IS status of other companies and their internal and external entities involved with ERP implementation. RISK MITIGATION FOR SMES ERPS 17 The authors also conducted a SWOT analysis (strengths, weaknesses, opportunities, threats) with stakeholders to identify the strengths and weaknesses of the organization with regard to the implementation of ERP. This paper outlines a practical approach to ERP risk planning and mitigation. The six categories of risks the authors provide, as well as the detailed list of risks within these categories, form a solid basis for consideration for other organizations who are considering ERP implementations and want to evaluate the risks beforehand. The suggestion to conduct a SWOT analysis also provides another tool for consideration in identifying the strengths and weaknesses of an organization that help to inform the overall risk profile of the organization with regard to the implementation of an ERP system. Hustad, E., Haddara, M., & Kalvenes, B. (2016). ERP and organizational misfits: An ERP customization journey. Procedia Computer Science, 100, 429-439. doi: 10.1016/j.procs.2016.09.179 Abstract. Enterprise resource planning (ERP) projects are complex and resource demanding. Some ERP projects fail due to what is called between the adopting organization's business requirements and the ERP's functionalities. Existing literature has studied how ERP systems match to different organizations and have argued that there always exists a gap between the business rules embedded in the system, and the practices and processes that exist in organizations. Thus, tailoring might be an important procedure during ERP implementations, in which the ERP customization takes place in order to ensure the compliance with the organizations’ critical business processes and requirements. Via an in-depth case study, this research investigates how the different ERP tailoring types defined in literature correspond to different types of misfits identified RISK MITIGATION FOR SMES ERPS 18 in an ERP implementation project at a large public organization. The study results suggest that there is a correlation between tailoring types and categories of misfits. In other words, different categories of misfits can be decisive for the type of customization being used. These categories can be organized into four main influences that affect tailoring; strategy, project, system and institution. Moreover, internal institutional factors that are linked to system acceptance, such as culture and resistance could affect tailoring. Summary. The authors examine the lessons learned in the process of selecting and customizing an ERP system to fit the needs of a large Norwegian public organization. The authors acknowledge the high rates of ERP implementation failure, and propose that reasons for these failures include a lack of knowledge on how to conform the new system to an organization’s business processes and lack of ability to adopt the organization’s processes to the new system, as there will always be gaps between off-the-shelf ERP products and the actual business process requirements of an organization. They propose that organizations can approach this gap by deciding one of four paths: 1. Organizations may choose to adapt their processes to the ERP system, 2. Organizations may choose to remove some of their previous requirements and adapt to the ERP system as-is, 3. Organizations can find workarounds to the missing functionality, or 4. Organizations may customize the ERP system to implement the missing functional requirements. To determine the proper path to address the gaps, the authors propose characterizing types of misfits into a matrix of imposed and voluntary constraints, each with surface or deep levels. The authors identify imposed misfits, which can be external constraints such as industry norms, and voluntary misfits such as a choice to pursue RISK MITIGATION FOR SMES ERPS 19 market differentiation. The authors further broke the imposed and voluntary misfits into deep misfits, characterized by operations of which the system is incapable; and surface misfits, which are areas the system does not have out-of-the-box but can be developed with customization. The authors assert that all of the customizations need effective project management to measure customization value, provide governance, track the introduction of complexity, and manage change resistance. This source is relevant for my study because it focuses on the need for ERP customizations as a part of a successful implementation and the associated risks. The authors provide a framework for characterizing customizations to help in mitigating the risks as well as providing a path for least complexity in meeting system requirements. As a study of a single large public organization, some of the context of difficulty in changing business processes to fit the ERP system may not be as much of a factor for more flexible small and medium enterprises; however, the content provides a starting point for considering an approach to mitigate the risk of ERP implementations. Ravasan, A., & Mansouri, T. (2014). A FCM-based dynamic modeling of ERP implementation critical failure factors. International Journal of Enterprise Information Systems, 10(1), 32-52. doi: 10.4018/ijeis.2014010103 Abstract. Implementation of Enterprise Resource Planning systems (ERPs) is a complex and costly process which usually results in serious failures. Numerous factors affect these projects implementation due to their size, complexity and high chance of failure. Therefore, identifying these factors in ERP projects is a critical issue. The majority of previous studies and research projects have been conducted in identifying ERP Critical Success Factors (CSFs) rather than Critical Failure Factors (CFFs). In order to help practitioners, this paper studies the CFFs in this kind of projects. Unfortunately, the RISK MITIGATION FOR SMES ERPS 20 implications of interdependency among failure factors are usually underestimated by project managers and decision makers since they are difficult to model and analyze. With this in mind, the authors have built Fuzzy Cognitive Maps (FCMs) of failure factors in ERP implementation projects. The main advantage of FCM lies in them being capable of modeling complex phenomena based on the experts 'perceptions. This tool models uncertainty and related events, imitating human reasoning. Moreover, FCMs enable the developing of forecasting exercises through simulations. Practitioners would thus assess the joint influence of ERP implementation failure factors on project outcomes. The results make known to practitioners which problems will arise if the failure factors are not treated, and how these will impact on the outcomes of projects. Therefore, the tool proposed would help them to manage ERP implementation projects in a more effective and proactive way. Summary. The authors identify interrelated critical failure factors (CFF) of ERP implementations using a Fuzzy Cognitive Map (FCM) technique based on a case study from an Iranian automotive company. The FCM model uses fuzzy logic and neural networks, a kind of artificial intelligence; in this study FCM is used to map perceived failure factors that in turn create failure factor effects. The authors collected data from a panel of experts, defined as having at least seven years of ERP experience. The authors discuss failure as falling within two types: (a) complete failure, where the project is never put into operations, and (b) partial failure, where a system is put in place but exceeds estimated costs, timeline, or features or does not achieve estimated return on investment. The authors perform a literature review to identify ERP CFFs, then develop a model for grouping ERP CFFs with 23 individual failure factors divided into the RISK MITIGATION FOR SMES ERPS 21 categories Environmental, Human Resources, Organizational, Project Management, and Technical. The initial 23 failure factors can cascade into ten failure factor effects: (a) budget exceeded, (b) time exceeded, (c) project stop, (d) poor business performance, (e), inadequate system stability, (f) low fit, (g) low usability, (h) low integration and flexibility, (i) low alignment to strategic goals, and (j) poor economic performance. In turn, these failure factors can result in one of four project failure modes: (a) process failure, (b) expectation failure, (c) interaction failure, and (d) correspondence failure. The authors note that the results of their FCM analysis are unique due to the context of a single Iranian company in a unique context, including managing a business in Iran, which is subject to international sanctions that highly limit industry-leading ERP vendors and consultants from participating in Iranian ERP projects. However, their model and technique provide a starting point for analyzing critical failure factors of ERP implementations outside of Iran. This well-organized CFF model for ERP implementations, with its detailed list of failure categories and factors, makes this source relevant for my study. In addition, the FCM technique could serve as a tool for organizations that want to study failure factor paths for ERP implementations, such as ERP consulting companies attempting to learn from specific failures. Shirouyehzad, Hadi, Dabestani, Reza, & Badakhshian, Mostafa. (2011). The FMEA approach to identification of critical failure factors in ERP implementation. International Business Research, 4(3), 254. doi: 10.5539/ibr.v4n3p254 Abstract. Enterprise resource planning implementation has been one of challenges of organizations during the last decade; and there have been many barriers in implementing ERP successfully. Organizations can reduce the effect of failure through identifying their RISK MITIGATION FOR SMES ERPS 22 strengths and weaknesses. One of the most applicable methods which may prevent occurring defects in organizations is failure mode and effect analysis (FMEA). FMEA has been used for many applications as a quality management instrument. In FMEA, risks of failure modes are identified through the estimation of severity and occurrence values. In this paper, the proposed FMEA identifies major failure causes and effect of potential defects in ERP implementation. Furthermore, critical failure factors are characterized by the severity, occurrence and detection values by using the adopted FMEA table. A case study is also presented to prove the applicability of the proposed method. Summary. The authors explore failure mode and effect analysis (FMEA) in identifying critical failure factors (CFF) for ERP implementation. The authors advocate for this systematic approach to estimate potential weaknesses and loss probability for different failure factors, which will support risk mitigation through the identification, prioritization, and addressing of each failure factor. Their method is to examine each CFF in order to identify, prioritize, and address each resulting potential failure effect. The authors provide a taxonomy of twelve critical failure factors. The twelve failure factors are: • Poor project management, • Issues with software system design, • Poor user involvement and training, • Poor teamwork, • Insufficient technology planning, • Communication failures, • Issues with information technology and legacy system transition, • Inadequate change management, RISK MITIGATION FOR SMES ERPS 23 • Lack of business process reengineering, • Lack of top management support, and • Underfunding. The five-step method for identifying the magnitude and ranking of critical failure factors includes: Step 1: Potential Failure Modes Specification, which entails identifying the factors that prevent successful ERP implementations. Step 2: Potential Failure Effects Specification, which entails identifying the consequence of the failure mode. Step 3 Potential Failure Causes Specification, which entails identifying the system design issues that result in the failure mode in ERP implementations. Shirouyehzad et al. (2011) identify this step as the most significant in the analysis. Step 4: Control of Failure Modes, which entails identifying the methods that will be used to identify and prevent failure in the ERP implementation process. Step 5: Failure Mode Risk Prioritizing, which involves analyzing the risk severity, occurrence, and detection to assign a risk priority number. Shirouyehzad et al. (2011) applied the approach to a case study of a manufacturer and found that the top two reasons for exceeding the timeline were failures in project management and a lack of top management support; the top two reasons for cost overruns were underfunding and lack of top management support; and the top two reasons for customer and employee dissatisfaction were poor user involvement and training and poor teamwork. RISK MITIGATION FOR SMES ERPS 24 The authors recommend this approach to understand the intangible factors that go into ERP implementations. They present the FEMA method as a way to consider the relationship between failure factors and the resulting failure effects. Their findings from their case study emphasize the importance of project management to drive success and manage changes, and teamwork to develop skills, expertise, and decision making, although they recommend that this analysis should be completed on more case studies in other organizations to apply findings to other organizations. This article is relevant for my study as it provides both a detailed taxonomy of critical failure factors for ERP implementations, as well as a resulting causal relationship to failure areas. ERP Implementation Risks for SMEs Ahmad, M., & Pinedo Cuenca, R. (2013). Critical success factors for ERP implementation in SMEs. Robotics and Computer Integrated Manufacturing, 29(3), 104-111. doi: 10.1016/j.rcim.2012.04.019 Abstract. ERP implementation is regarded as complex, cumbersome and costly, and, very often, it exceeds the initial estimated resources. The process involves a thorough examination of the business processes in the organisation; selection of the best available software solution that matches the requirements of the enterprise; configuration of the selected systems;, training of staff; and customisation of the selected software solutions including development of required interfaces. Finally, the existing MIS of the organisation is replaced totally or partially by the new system. All the implementation processes should be carried out without affecting the daily operations across the whole enterprise. This can only be achieved by having an understanding of the key elements forming the infrastructure of the organisation, an effective plan for the implementation RISK MITIGATION FOR SMES ERPS 25 and an effective procedure to measure and evaluate the project throughout the implementation process. This paper presents the results of a study to identify and analyse the interrelationships of the critical issues involved in the implementation of ERP in small and medium sized enterprises (SMEs). Three basic research questions were addressed. First, what are the main critical success factors? Second, how do these factors interact throughout the implementation process? Third, which factors have their highest impact and in what stages? In order to answer these questions, over 50 relevant papers were critically reviewed to identify the main critical success factors (CSFs) for ERP implementation in large organisations. Then, the applicability of the identified CSFs to SMEs was investigated. Next, an industrial survey was also undertaken to identify which CSF has highest impact in what stages. The findings on relationships of the critical success factors have been utilised to develop a tool to monitor, and eventually improve, ERP implementations for SMEs. In the development of the tool, eight people from industry and academia with experience of ERP implementations were interviewed with the aim of validating the model being developed. The overall results provide useful pointers to the interplay of organisational and operational factors for the successful implementation of ERP. Summary. The authors develop a methodology to measure the performance of interrelated critical success factors (CSFs) for ERP implementations through a literature review and from surveys of managers in eight SMEs in the UK. The authors identified thirty-three separate success factors and their frequency in the literature and ranked and organized them by organizational factors; operational factors; and neutral factors, which cannot be defined as organizational or operational. Organizational factors include formalized project plan and schedule, project management, cultural change or political RISK MITIGATION FOR SMES ERPS 26 issues, and business process reengineering. Examples of operational factors include effective project scope management, management expectations, employment of steering committee, and adequate resources. The authors list two neutral factors, interdepartmental cooperation and software customization. The authors also analyzed the most frequently occurring success factors and grouped them into three categories of interaction: (a) Basic, or independent factors; (b) Critical factors dependent on basic factors; and (c) Dependent factors that are highly impacted by many other factors. The most frequently occurring basic success factors include resources, data analysis, experienced project manager, and project team skills. Critical success factors include cultural change, management support, and use of consultants. The dependent factors include evaluation progress, communication, and cooperation. This article is relevant to my study because the taxonomy of critical success factors and subsequent analysis ranking success factors can be used to identify and prioritize potential implementation risks. Although the eight organizations that were surveyed were SMEs, the findings are not limited to ERP implementations for SMEs. Beijsterveld, J., & Groenendaal, W. (2016). Solving misfits in ERP implementations by SMEs. Information Systems Journal, 26(4), 369-393. doi: 10.1111/isj.12090 Abstract. The gap between the organizational needs and the extent to which an ‘off‐the‐ shelf’ enterprise resource planning (ERP) system can meet these is called a misfit. A framework is developed to distinguish actual from perceived misfits. This is used to analyse the ERP implementation at four small‐sized and medium‐sized enterprises. The results show that they prefer to adjust the ERP system to their business processes when RISK MITIGATION FOR SMES ERPS 27 needed but often unnecessarily change the system to solve perceived misfits. The framework is a first step to prevent this unnecessary work in the future. Summary. The authors conduct a literature review on the topic of ERP system misfits for SMEs and present a framework for adjusting to misfits. The authors define misfits as the difference between the functionality of an existing off-the-shelf ERP system and an organization’s functional requirements. Though they find that there is no common understanding of ERP implementation misfits, they identify a number of ways misfits can be characterized in order to create a framework for decision making about how to resolve misfits. Their research identifies Imposed Misfits, which they define as unchangeable structures and external demands, contrasted to Voluntary Misfits, where the organization can choose to change its processes to fit the ERP system. The authors developed a table of 15 misfit types they identified from the literature along with consequences and the organizational level of the misfit. Based upon this analysis, the authors developed a framework for identifying misfits based on deep, surface, and latent structures. The authors define deep structures as core elements, the absence of which leads to major system deficiencies; surface structures as the interface between users and the system; and latent structures as secondary functionality arising from physical or deep structures. The authors then applied three possible sources of misfits, which they identified as country- specific, industry-specific, and company-specific. Using this framework to analyze misfits, the authors present a resolution strategy where an organization chooses to customize the ERP system, adapt its organizational structures to fit the system, accept a shortfall of ERP functionality, or create a workaround. RISK MITIGATION FOR SMES ERPS 28 The case study involves four organizations, including company A, a manufacturer with 50 employees; company B, a water processor with 170 employees; company C, a valuation firm with 210 employees; and company D, a waste processor with 330 employees. Though company D does not qualify as an SME, it was included because the number of ERP users is 60. Key findings from the case study include a gap between perceived and actual misfits, with only 54 percent of misfits identified as actual, while one out of three misfits, though important to address, were determined to not be actual misfits. Of actual misfits, 59 percent are deep structure, 34 percent are surface, and 7 percent are latent. They found that the preferred method to solve deep structure misfits is customization (65 percent), followed by a workaround (31 percent). For surface misfits, preferred solutions include customization (46 percent), followed by acceptance (40 percent). However, results show that the resolution strategies vary between organizations. The authors note studies advocating that ERP systems for large organizations should not be customized due to cost and limited maintainability. In contrast to large enterprises, the authors note that SMEs gain strength by distinguishing themselves from competitors. To achieve differentiation, SMES may need to employ unique business processes and structures that are not supported by standard ERP systems. This article is relevant for my study because it provides methods for understanding misfits related to ERP systems and models to support decision making about misfits. In addition, the authors discuss misfit resolutions practices from case studies. The authors articulate how misfits for SMEs may not lead to the same resolution strategy as misfits for a large enterprise due to the need for competitive differentiation. RISK MITIGATION FOR SMES ERPS 29 Dixit, A., Prakash, O. (2011). A study of issues affecting ERP implementation in SMEs. Journal of Arts, Science & Commerce, 2(2). Retrieved from https://pdfs.semanticscholar.org/4d86/e637795b7743a99fc4f1609b910f78b58f58.pdf Abstract. Companies implement ERP systems to integrate the business processes of a company, and help organizations obtain a competitive advantage. Enterprise Resource Planning (ERP) is one of the solutions for the Small and Medium Enterprises (SMEs) in order to face the global challenges. This paper attempts to explore and identify issues affecting Enterprise Resource Planning (ERP) implementation in context to Indian Small and Medium Enterprises (SMEs) and challenges in front of SMEs. This paper attempts to highlight those specific issues where a different factors needs to be addressed while implementing the ERP system in this the four issues are proved to be crucial for SMEs such as proper system implementation, clearly defined scope of implementation procedure, proper project planning and minimal customization of the system selected for implementation. Summary. The authors outline general problematic areas for SMEs implementing ERPs based on a review of the literature. For SMEs in particular they identify six major challenges including: (a) low awareness of ERP vendors and capabilities, (b) perception that ERPs are for large enterprises and not needed for SMEs, (c) high-profile ERP failures, (d) approach to implementation that would lead to disruptive change, (e) high cost, and (f) lack of change management throughout the organization. The authors also identify factors that lead to challenges for SMEs in the implementation process, including lack of support from top management, problematic goals and objectives, training, poor change management, and over customization. The authors state that customizations for an RISK MITIGATION FOR SMES ERPS 30 out-of-the-box ERP system should be limited to less than 30 percent, but do not provide any citations for this number. This article is relevant to my study because it is focused on the perspective and concerns SMEs have towards ERP systems in decision making and challenges they face during the implementation process. Though their data is based on Indian SMEs, the general challenges for SMEs implementing ERP are not limited to any specific country. Ganesh, L., & Mehta, A. (2011). Critical failure factors in enterprise resource planning implementation at Indian SMEs. Asian Journal of Management Research, 1(1). Retrieved from https://ssrn.com/abstract=1862837 Abstract. Many companies in developing countries have implemented Enterprise Resource Planning (ERP), to capture its benefits; still there is a lack in examining Critical Failure Factors (CFFs) that influence failure of ERP implementation at Indian Small and Medium-size Enterprises (SMEs). This paper develops an ERP implementation failure model by identifying and ranking the twenty CFFs that differs from existing models in that it has a broader and more holistic focus. It proposes a framework in terms of recommendations for managing these CFFs. A quantitative survey based method was used to collect the data from the Indian ERP consultants. The data collected were analyzed using statistical techniques. This paper argues that Indian consultants often fail in recognizing the technology, vendor, employee, project etc. related influence to the ERP implementation, as a consequence for the evaluation of ERP, instead of choosing a system supporting specific business functions. ERP is not just a technological work; it’s a socio-technological challenge, which mandates modifying existing applications and redesigning processes that may put Indian SMEs on the competitive position. Findings RISK MITIGATION FOR SMES ERPS 31 are discussed along with the implications of the research for the future work to bridge the current literature gap and provide practical advice for both academics and practitioners. Summary. The authors conducted a literature review and subsequent study of 50 SMEs in India to understand critical failure factors (CFFs) for ERP implementations in SMEs. They state that Indian SMEs are compelled to adopt ERP systems to retain a cutting edge over competitors. The authors identified a list of twenty CFFs from the literature and sent the list as a survey to 50 Indian SMEs in order to rank and gain insights into the failure factors. Their method consists of: (a) listing factors, (b) developing an evaluative framework, and (c) evaluating factors for the organization based on the framework. The authors provide a ranking of the top factors attributed to ERP implementation failure based on the survey results, with poor consultant effectiveness, software misfit, unrealistic expectations, and over-reliance on customizations listed as the most frequently occurring failure factors, respectively. This study is relevant to my research because it includes the results of a literature review and survey on failure factors for ERP implementations for SMEs, as well as a method for evaluating and ranking the factors for a specific organization. Iskanius, P. (2009). Risk management in ERP project in the context of SMEs. Engineering Letters, 17(4). Retrieved from https://www.researchgate.net/publication/40422652_Risk_management_in_ERP_project _in_the_context_of_SMEs Abstract. This paper contributes to the discussion on Enterprise Resource Planning (ERP) implementations in the context of small and medium size enterprises (SMEs). Fewer than 30 % of ERP implementations have been successful, meaning the projects RISK MITIGATION FOR SMES ERPS 32 were completed on time, within budget, and with all required characteristics. The principal reason for failure has often been associated with the poor management of ERP implementation projects. Several standardized methods and techniques have been developed to help enterprises to better manage their ERP projects. The purpose of this paper is to identify and assess the main risks in the ERP projects through the case study of three manufacturing SMEs. By using company-specific risk analysis method (RAM), the critical risks of the ERP projects have been identified and assessed. Then, by using characteristics analysis method (CAM), the recommendations of how to divide the ERP projects into manageable sub projects have been given. Summary. The author discusses the problem of high failure rates of ERP implementations, emphasizing the context of SMEs and noting their unique characteristics from large enterprises. The author conducts a literature review to identify risks for SMEs implementing ERPs and develops a methodology to manage these risks. The author then applies the risk management method to two SMEs with differing results. The author discusses common risk factors and ways of addressing them. The author explains that ERP implementations are not standard IT software projects but can be viewed as an organizational change project. Enterprise resource planning projects involve the development of significant business processes and extensive business process reengineering, which requires significant planning, change management and project management. The author notes that SMEs face unique challenges compared to large enterprises that impact their ERP implementations, in particular due to typically lower levels of resources and low IT skills. Other unique characteristics of SMEs are a “lack of information systems management, frequent concentration of information-gathering RISK MITIGATION FOR SMES ERPS 33 responsibilities into a small number of individuals, lower level of resources available for information-gathering, and quantity and quality of available environmental information” (Introduction). The author identified several risk factors and categorizations through a literature review that can be grouped by the following factors: (a) organizational business processes, (b) management support, (c) technological capabilities, (d) personnel resources and competence, (e) training and adoption, and (f) financial constraints. The author notes that organizations should create their own company-specific lists of risks in addition to risk lists found in the literature. From a list of risks, an organization can conduct a risk analysis using a risk analysis method (RAM) to identify and assess its most critical risk factors. The risk assessment process includes risk identification, risk analysis, and risk prioritization. The author recommends that an organization next use a characteristics analysis method (CAM), which provides recommendations of areas of the project that require more management attention: (a) management of a project as a whole, (b) management of integration, (c) project scope management, (d) time management, (e) cost management, (f) quality management, (g) human resource management, (h) management of communication, (i) risk management, and (j) management of purchase. The results of the CAM can be used to divide the ERP project into manageable sub-projects. The author recommends that this risk management approach should be performed early in the ERP project process as “many risks can be eliminated before the ERP project system starts” (Discussion). The author offers several risk mitigation techniques for SMEs and divides risks into three categories: (a) ERP vendors, (b) the ERP system, and (c) the organization RISK MITIGATION FOR SMES ERPS 34 implementing the ERP system. The author describes multiple critical vendor risks, including the difference between a customer organization that wants a unique business solution and a vendor that prefers to fit the customer into their generic solution. In addition, the wrong vendor may not understand the company’s special wants and needs or may not be incentivized enough to dedicate resources to support the ERP project of small customers. There is also the potential risk that the ERP vendor ends the development or support of the system prematurely. The author notes that it is critical for an SME to identify an ERP system that best aligns with their business processes due to their limited resources. Most potential risks an SME faces related to ERP systems are dependent on technical and functional performance and features and challenges with implementation, configuration, parameterization, and integration. For the organization, the author states that top management support is the most important critical success factor for an ERP implementation, followed by the assignment of a skilled, fulltime project manager. Organizational risks can be mitigated by not underestimating the need for communication and training; the author notes that both can help reduce resistance to change in the organization and communicate short term successes to keep personnel engaged and using the systems in a disciplined manner. Risk management planning should also be conducted at different phases of the implementation process. This paper is highly relevant to my study for its closely aligned subjects and resulting methodologies and analysis for risk mitigation for SMEs implementing ERPs. Sternad, S., Bobek, S., Dezelak, Z., & Lampret, A. (2009). Critical success factors (CSFs) for enterprise resource planning (ERP) solution implementation in SMEs: What does matter RISK MITIGATION FOR SMES ERPS 35 for business integration. International Journal of Enterprise Information Systems, 5(3), 27-46. doi: 10.4018/jeis.2009070103 Abstract. Enterprise resource planning (ERP) solution implementation is a complex process, that requires substantial resources and efforts, and yet the results are very uncertain. The ERP hype has already reached SMEs, so the authors have examined the strategies, methods and critical success factors from SMEs point of view. The results of our survey in SMEs in Slovenia have shown that SMEs have to pay attention to different critical success factors in different phases of the implementation process. Moreover, there are differences in implementation process as opposed to large companies. Case studies of two SMEs have shown similar results. Recommendations for future SME implementations and comments of our findings can be found in conclusion. Summary. The authors conducted a literature review followed by a survey to identify and rank critical success factors (CSFs) for SMEs implementing ERP systems. The authors identified critical success factors through their research that they then used in the survey. The authors then compared rankings of CSFs from the survey results to the frequency of mention of each factor in the literature. The literature review includes a discussion of different ERP implementation strategies, noting that there is no singular approach, and that the two ERP vendors selected for the survey, SAP and Microsoft, each have their own implementation methods. However, though there is no single implementation methodology, the authors note that different phases of implementation will have different critical success factors. The authors identified fourteen critical success factors from the literature that were mentioned more than five times. These CSFs are listed in the order of the number of times they were mentioned below, with the number of mentions in parentheses: RISK MITIGATION FOR SMES ERPS 36 1. Top management support and involvement (21), 2. Clear goals, objectives and scope (18), 3. Project team competence and organization (16), 4. User training (15), 5. Business process reengineering (BPB) (14), 6. Change management (13), 7. Project management (13), 8. Effective communication (10), 9. User involvement (10), 10. Data analysis and conversion (10), 11. Consultants (9), 12. Project champion (9), 13. Choice of ERP (9), and 14. Minimal customization (9). The authors sent the survey to 171 Slovenian companies implementing SAP or Microsoft Navision and received 26 responses from SMEs. The survey consisted of three parts: (a) organizational information, (b) process and success of ERP implementation, and (c) questions relating to the fourteen CSFs identified in the literature. The respondents ranked the CSFs in a different order than the frequency of the CSFs’ appearance in the literature. The ranking of the respondents was: 1. Clear goals, objectives and scope, 2. Project team competence and organization, 3. Top management support and involvement, 4. User involvement, RISK MITIGATION FOR SMES ERPS 37 5. Effective communication, 6. User training, 7. Communication within project team, 8. Business process reengineering, 9. Data analysis and conversion, 10. Project champion, 11. Minimal customization, 12. Consultants, 13. Project management, 14. Change management, and 15. Choice of ERP. The authors noted a key differentiating factor between large enterprises and SMEs in the context of ERP implementations is that SMEs often have employees covering multiple roles and responsibilities. The authors conclude that many ERP implementations are failures because organizations mistakenly view the ERP implementation as a technical task, not a management responsibility. Management needs to create the conditions in which the implementation team can implement the chosen solution in the expected time, with the specified scope, and on budget. Management support and involvement is the top CSF found in the literature and near the top from their survey results. This paper is relevant to my study because it develops a list of CSFs for SMEs implementing ERPs from the literature and ranks those factors using two methods. The authors also include information about the unique challenges SMEs face when implementing ERPs. Value of Free and Open Source Versus Commercial ERPs for SMEs RISK MITIGATION FOR SMES ERPS 38 Aversano, L., Di Brino, M., Guardabascio, D., Salerno, M., & Tortorella, M. (2015). Understanding Enterprise Open Source Software Evolution. Procedia Computer Science, 64, 924-931. doi: 10.1016/j.procs.2015.08.609 Abstract. Enterprise Open Source Software is continuously gaining acceptance in business organizations. This is essentially due to the understanding of the potential benefits deriving from the adoption of OSS project solution. Indeed, Open Source Software solutions offer great opportunities for cost reduction and quality improvement, especially for small and medium enterprises that typically have to address major difficulties due to the limited resources. In this direction it is relevant understand and gain knowledge regarding the evolution of such software over systems the time. This paper report results of an empirical study aimed at analyzing the evolution of most relevant ERP open source system during their lifetime. Summary. The authors used theories of software evolution found in literature to study the evolution of 15 different open source ERP and customer relationship management (CRM) software systems. The authors chose systems that had long release histories, were large applications, were actively maintained, and had a large number of downloads. Metrics used to measure the evolution of each system consisted of source lines of code, number of commits, contributors, and total downloads. The authors find that the number of lines of code does not directly correlate to increases in the number of contributors and commits over the previous 12 months. They noted that, at the time of publication, projects such as Adempiere had decreasing contributors and downloads over time while Dolibarr, a system that was one of the smallest in terms of source lines of code, WebERP and CiviCRM were seeing trends of RISK MITIGATION FOR SMES ERPS 39 increasing numbers of contributors and downloads. The authors conclude that the most successful projects are those with the most intense activity over the past 12 months. This paper is relevant to my study because it shows that there is a steady evolution of open source ERP systems. It also shows how a methodology can be used to evaluate trends of any particular open source ERP software, and as a decision aid in the ERP system selection process. Kowanda, D., Firdaus, M., & Pasaribu, R. (2015). Opportunity of free open source ERP system as a competitive advantage for small and medium enterprise. In 1st Unnes International Conference on Research Innovation & Commercialization for the Better Life 2015 (pp. 195 – 206), Semarang, Indonesia: Institute Semarang State University. doi: 10.13140/RG.2.1.1473.1281 Abstract. In today's world, IT is a source of differentiation from competitors. The tendency is to produce more, with the least possible cost and be reactive to the need to continue to change and the requirements of internal and external customers. That is why flexibility, adaptability and cost-cutting is the main reason that drives more and more companies to adopt Open-Source Enterprise Resource Planning (ERP). The main objective of this study was to investigate whether the Open Source ERP system can meet the needs of large organizations and SMEs. The study also attempts to answer the question whether Open-Source ERP vendors offer adequate levels of support to their clients. First, an explanation of research background and the motivation behind it. Then, the research hypothesis is presented. Last, discussion about Open Source concepts, history and advantages of Open Source ERP system. In order to verify research hypothesis, a comprehensive literature review focus on ERP selection criteria of large organizations and SMEs. This review resulted in a number of dimensions that served to RISK MITIGATION FOR SMES ERPS 40 build evaluation model. Another component of the evaluation is a "feature" offered from different ERP systems. This model became the principle when evaluating a selected Open Source ERP system. Three Open Source ERP system were chosen being evaluated, namely OpenERP, EpenBravo and Adempiere. Here are answers to the research hypothesis: we can say that the selected of Open Source ERP system offers an adequate level of support to their clients. In addition, they are suitable for SMEs as they can answer all the needs of most SMEs. However, the Open Source ERP which elected has limitation in large organizations: such limitations can be summarized regarding their scalability because there are still doubts the ability of these systems to handle large volumes of users or requests, and their ability to be improved as the cluster model. Other limitations that have an impact on large organizations are the lack of support for the international accounting rules which essential for public business organizations. Summary. The authors conducted a literature review to identify evaluation criteria of ERP systems used by large enterprises (LEs) and SMEs. Findings indicated that large enterprises rank ERP system selection criteria differently than SMEs, though with some overlap. Both LEs and SMEs identified functional upgradability, short implementations, integration capabilities, and good support as priorities. While LEs placed importance on internationalization, vendor history, and scalability, SMEs did not, instead placing more importance on lower costs, fit with business procedures, and ease of use. Using these criteria, the authors developed seven dimensions of evaluation criteria: (a) cost, (b) support availability, (c) stability and maturity, (d) customization, (e) scalability, (f) user interface, and (g) out-of-the-box features. Based on these dimensions, the authors evaluated three leading OS ERP systems- OpenERP, Openbravo and Adempiere. RISK MITIGATION FOR SMES ERPS 41 The authors found that all three of the OS ERP systems evaluated perform well in the seven dimensions except for scalability. Since scalability is more of a concern to larger enterprises than SMEs, the authors noted that the low score for this dimension should not present a barrier to SMEs. The authors also discovered sources through their literature review that support the statement that open source ERPs offer unique advantages that align well with the evaluation criteria identified for SMEs. Unlike proprietary ERP systems with high license and installation costs, OS ERP systems are more flexible and affordable. OS ERP systems can be readily downloaded and piloted. Particular advantages of OS ERPs from the literature include: • Flexibility: the source code is available for free and can be modified and developed. • Quality: Arguably, OS ERPs have better quality regarding solving technical challenges. • Ability to adapt to the business environment: OS ERPs can be customized to work for the business processes rather than requiring business process reengineering to fit the system. • Infrastructure Model in accordance with the SME: Proprietary ERP systems have a more expensive infrastructure model. • There are no hidden costs: While ERP vendors might propose affordable rates to attract customers, many features come at additional costs. With OS ERP, there are no hidden fees. RISK MITIGATION FOR SMES ERPS 42 • The possibility of certain developments: OS ERP systems can be customized without limitation, while proprietary ERP systems features are at the discretion of the vendor. • Vendor Independence: An OS ERP system does not depend on a single vendor relationship and instead has a community of developers upon which to draw. • Freedom to upgrade: the business can choose whether or not to upgrade based on its needs rather than forced upgrades from a proprietary system. This article is highly relevant to this study due to its focus on the evaluation of the leading OS ERP systems using criteria identified as important to SMEs. It also includes information supporting certain qualities of OS ERPs that are more advantageous compared with proprietary systems. Olson, D., Johansson, B., & De Carvalho, R. (2018). Open source ERP business model framework. Robotics and Computer Integrated Manufacturing, 50, 30-36. doi: 10.1016/j.rcim.2015.09.007 Abstract. ERP systems became popular with large organizations in the 1990s. In the 21st Century, these products were expanded by addition of supply chain management (SCM) and customer relationship management (CRM), as well as access through the Web, creating the ERP II concept. Efforts to increase the market led vendors to serve not only large organizations, but also focus more on small-to-medium sized enterprises (SMEs). Open source software has become a player in the field of enterprise resource planning (ERP) systems. While it is still unclear to what extent it has diffused among organizations, it is clear that opportunities exist. New ways of delivering ERP software, such as software as a service (SaaS) have appeared. Some smaller vendors utilized a free RISK MITIGATION FOR SMES ERPS 43 distribution system (Free/Open Source ERP, FOS-ERP) for their source code, relying on various business models for corporate success. There also have been attempts to generate FOS-ERP components found on sites such as SourceForge.com that are not only distributed freely, but also were developed through community participation much as Linux has been developed. Some ERP vendors use community developed components for various purposes to support their proprietorial software. Thus, one dimension of ERP systems is based upon who directs the development process. Proprietorial ERP refers to systems with closely held intellectual property rights, such as the leading market products by SAP and Oracle as well as many smaller proprietorial competitors. FOS-ERP can be community based or sponsored by some organization. In this paper we present a framework that aims at analyzing FOS-ERP business models. Goals include discussing the differences between FOS-ERP and their proprietary equivalents (P-ERP) in terms of business models, selection, customization, and evolution. We will discuss challenges and opportunities that they offer to adopters and vendors. Summary. The authors develop a framework for evaluating free/open source (FOS) ERP business models. Through a review of literature, the authors report on the nature and advantages of open source enterprise software and ERP software in particular, compared with proprietary software solutions. The authors note that the high costs of ERPs have limited the use of ERPs in SMEs, although in an effort to attract SMEs by lowering up-front costs, proprietary vendors have created more-simplified web-based software as a service (SaaS) products. Free/open source ERP systems present a viable alternative to proprietary systems for SMEs through their increased flexibility and agility and can be run on the web or on a local area network, without the up-front costs. As an in-between solution, commercial RISK MITIGATION FOR SMES ERPS 44 FOS vendors offer the infrastructure and support of proprietary vendors while allowing firms to access the source code to develop their own customizations and realize the resulting competitive advantages. However, the authors note that some proprietary vendors such as SAP and Oracle have responded to this model by creating service- oriented architectures, making it easier for companies to program add-ons themselves. This article links differentiating factors of FOS ERP to open source enterprise software more generally. They cite Red Hat’s list of why open source software can save businesses money: 1. Enabling use of commodity hardware rather than proprietary machines, 2. Avoidance of expensive maintenance contracts, 3. Obtaining greater functionality, reliability, and performance, 4. Increasing productivity through a faster learning curve and availability of support tools, 5. Avoidance of vendor lock-in, and 6. Reduction of the need for specialized security consultants and tools. (p. 31) The authors discuss the cost advantages of FOS ERP systems, stating “average implementation costs are at between one-sixth and one-third of the costs for typical proprietary ERPs” (p. 33). They note that the total cost of ownership is not well understood, with a lack of empirical evidence in the literature. However, both proprietary and FOS systems require ownership costs of training and organizational process reengineering. Their findings indicate that proprietary software restricts competitive differentiation and has higher customization costs than FOS ERP systems. RISK MITIGATION FOR SMES ERPS 45 The authors discuss risks of FOS ERP, including higher levels of uncertainty when evaluating FOS ERP platforms relative to evaluating proprietary options. In addition, organizations cannot expect the same level of support with an FOS system than with a proprietary system, though this risk can be mitigated by finding a commercial vendor to provide support for the selected FOS ERP system. This article is relevant to my study because it outlines the reasons why FOS ERP systems can potentially mitigate risk and create value for SMEs implementing ERPs. Ruivo, P., Oliveira, T., & Neto, M. (2015). Using resource-based view theory to assess the value of ERP commercial-packages in SMEs. Computers in Industry, 73, 105-116. doi: 10.1016/j.compind.2015.06.001 Abstract. This study explores the enterprise resource planning (ERP) variations in value on small and medium enterprises (SMEs) across four commercial-packages (Microsoft NAV, SAP All-in-one, ORACLE JDE, and SAGE X3). Grounded on the resource-based view (RBV) theory of the firm, we assess a research model linking three determinants; ERP use, collaboration, and analytics to explain the ERP value in three effects (individual productivity, management control, and customer satisfaction). Using a survey data set of 883 firms across European SMEs we test the theoretical model through structural equation modelling. This study provides empirical evidence on how European SMEs find value from the top four commercial-packaged ERPs. Whereas for Dynamics and ORACLE the most important factor is analytics system capability, for SAP and SAGE it is greater collaboration system capability. Furthermore, for SAP and ORACLE greater ERP use is perceived as an important factor, but not for Dynamics and SAGE. In addition, the study finds that both collaboration and analytics capabilities are the greatest differentiators to ERP value, which is consistent with the RBV. The finding provide RISK MITIGATION FOR SMES ERPS 46 guidance to business implementation strategies and to software development. The limitations and future work of the study are noted. Summary. The authors examine the source of value of ERP systems in a survey of 883 SMEs in European countries. They first create a theoretical model of value from the literature along with four hypotheses on how ERP systems create value. They test their hypotheses through a survey of SMEs operating four major proprietary ERP systems: (a) Microsoft NAV, (b) SAP All-in-One, (c) Oracle JDE, and (d) SAGE X3. The authors measure value using a resource-based view (RBV), a method based on the premise that IT value in an organization comes from exploiting opportunities, neutralizing threats, and creating capabilities that other organizations find difficult to copy. In addition, the authors argue that RBV is a better measure of value over tangible IT resource value since it is better at measuring the intangible capabilities that create unique competitive differentiation. They therefore assume that ERP value is measured by the extent to which it supports IT capabilities in these areas. The authors’ hypotheses are: (a) ERP-enabled collaboration, defined as how much the ERP system increases worker collaboration, positively relates to ERP value; (b) ERP use is positively related to ERP value, meaning the more the ERP system is used, the higher the value it creates; (c) ERP-enabled analytics positively relate to ERP value, or the extent and usefulness of analytics provided by the ERP system; and (d) the antecedents of ERP value will differ across products, or ERP collaboration, uses, and capabilities will have differing importance across products. Results of the study support hypothesis (a) (collaboration), hypothesis (c) (analytics), and hypothesis (d) (differences) for all four ERP systems. Hypothesis (b) (use) was only supported for Oracle and SAP. RISK MITIGATION FOR SMES ERPS 47 The authors conclude that SMEs are not only getting value from ERPs as transactional tools, but also gain value by increasing collaboration, analytics, and creating differentiating capabilities that competitors find hard to imitate. This last point about differentiation stands in contrast to the common view that conforming to an ERP system’s processes, particularly for a large enterprise, represents best practice and that enterprises should avoid deviating from these standards. While conforming to the processes of ERP systems can reduce risks and time-consuming tasks such as configuration, documentation, testing, and training, having the customized use of an ERP system can be an important factor in creating competitive value through differentiation. This article is relevant to my study because the value framework it describes for the four proprietary systems can also be used to study the value of open source ERP systems. The context of measuring value for SMEs is also useful. The issue of the risks of system customization compared with best practices and non-deviation are important considerations. Stefanou, C. J. (2013). Adoption of free/open source ERP software by SMEs. In Information Systems for Small and Medium-sized Enterprises (pp. 157-166). Heidelberg, Germany: Springer. doi: https://doi.org/10.1007/978-3-642-38244-4_8 Abstract. Increasing competitive pressures due to globalization and the prevalence of the e-business model have changed dramatically the environment in which Small and Medium-sized Enterprises (SMEs) operate. To remain competitive, SMEs find that they need to invest in information and communication technologies and especially in modern integrated business software. However, state-of-the-art propriety Enterprise Resource Planning (ERP) systems are not only too expensive but also too complex to install for the majority of SMEs. Viable alternative options, such as Free and Open Source ERP RISK MITIGATION FOR SMES ERPS 48 (FOS/ERP) software, are increasingly gaining attention by SMEs worldwide. Considering the scarcity of research on non-commercial ERP systems, the objective of this chapter is to provide an insight regarding the adoption decision made by SMEs regarding FOS-ERP software. The chapter aims at informing scholars, students, researcher managers of the issues and the risks involved and the factors influencing the decision of SMEs to adopt FOS-ERP software. Summary. The author discusses issues and risks of SMEs adopting free/open source (FOS) ERP systems based on a review of literature. The author discusses characteristics of SMEs and FOS ERP software, including key factors for SMEs considering FOS ERP implementations. The author writes that findings from research on large enterprises cannot be generalized to fit SMEs due to key differences between the two. Specific key factors for SMEs include limited financial resources, lack of IT personnel, and lack of time for implementation activities. Findings in the literature indicate FOS ERP systems offer SMEs a viable alternative to proprietary systems. SMEs with limited financial resources are not required to make a large capital expenditure when implementing an FOS ERP compared with a proprietary system. Funds that would be spent for ongoing license fees and feature expenditures for proprietary systems can instead be invested in customizing the FOS ERP system to better align to the company’s business processes. Another characteristic of SMEs is their flexibility and agility, which the author states FOS ERP systems are particularly suited for. In addition, proprietary ERP vendors can have an organizational asymmetry compared to the customer, where the ERP vendor is more likely to influence the customer to do things their way rather than deeply understanding and responding to the SME’s unique business needs. RISK MITIGATION FOR SMES ERPS 49 This chapter includes a list of common SME characteristics that are compatible with FOS-ERP software: • Limited capital resources for initial capital spending on licenses, • Limited financial resources and restricted IT budgets, • Limited product lines, • Limited geographical sales area, • National rather than multinational company, • Organizational culture of openness and sharing of information, • Open-minded entrepreneurship, • Personnel who are informed about open source software philosophy, • New company without established rigid processes requiring reengineering, • ‘‘Small to medium’’ rather than ‘‘medium to large’’ sized company, • Outsourced functions, such as payroll, are not critical for company integration, and • Few extensive customizations needed to support core business processes. This chapter includes a discussion of risks and ways that SMEs can mitigate them. The lack of centralized leadership in FOS products can lead to project abandonment; however, the author notes that there is no reliance on a single vendor, as multiple service providers exist for FOS ERP systems. These vendors do contribute to the total cost of ownership through their services, which include implementation, maintenance, training, and support, but the funds that would be spent on the ongoing costs for proprietary user licenses can instead be used to extensively customize the software in an effort to gain a unique competitive advantage. In addition, the author notes several qualities SMEs have to mitigate common ERP implementation risks, such as more intimate communications RISK MITIGATION FOR SMES ERPS 50 between employees, managers, leadership, and the implementation team, which are more difficult to achieve in larger contexts. The content of this chapter is relevant to this study through its discussion of the special characteristics that make FOS ERP systems an attractive and viable alternative for SMEs and the ways that SMEs can mitigate and change the risk profile associated with implementing proprietary systems. RISK MITIGATION FOR SMES ERPS 51 Conclusion The value of ERP systems can be high and they can create significant competitive advantages (Ruivo et al., 2015). Enterprise resource planning systems can help an organization improve its overall productivity and health by supporting organizational-wide, cross department collaboration and communications, from senior leadership to the lowest levels (Ruivo et al., 2015). Valuable capabilities include creating operational cost savings by reducing inventory, lowering the spend for materials, reducing associated warehouse storage space, and producing cumulative reports of the latest organizational data (Zareshahi, 2015). However, ERP implementations also have a high rate of failure, from partial failure, where a system is implemented but exceeds estimated costs, exceeds the projected timeline, is lacking in expected features; or does not achieve the estimated return on investment; to complete failure, where the project is never put into operations (Ravasan & Mansouri, 2014). For small and medium enterprises, proprietary ERP systems can be not only too expensive, but also too complex to install (Dixit & Prakash, 2011; Iskanius, 2009; Stefanou, 2013 ). Compared to large enterprises, SMEs have limited budgets and resources (Stefanou, 2013). Dixit and Prakash (2011) identify six major challenges for SMEs implementing ERPs: (a) low awareness of ERP vendors and capabilities, (b) perception that ERPs are for large enterprises and not needed for SMEs, (c) high-profile ERP failures, (d) approach to implementation that would lead to disruptive change, (e) high cost, and (f) lack of change management throughout the organization. Small and medium enterprises face a number of challenges when adopting and implementing ERPs that pose risks and are expensive (Sadat, 2013). However, SMEs do have unique characteristics in their favor when implementing ERPs, such as organizational simplicity (Ahmad & Pinedo, 2013) and flexibility (Hustad et al., 2016). RISK MITIGATION FOR SMES ERPS 52 This study identifies the risks of ERP implementations for SMEs that contribute to implementation failures. Through an understanding of the risks, failure factors, and success factors, SME decision makers and implementers can determine if the risks of implementing ERPs are acceptable and align with their organizations’ tolerances for risk exposure (Poba- Nzaou et al., 2013), as well as pursue risk mitigation strategies (Hustad et al., 2016; Iskanius, 2009; Shirouyehzad et al., 2011). Identification of ERP Implementation Risks and Failure and Success Factors Conducting risk analysis enables the identification and assessment of the probability and magnitude of individual risk items, while conducting risk prioritization enables the development of a ranked order of these risk items (Iskanius, 2009). Several models of risk analysis and prioritization for ERP implementation appeared in the literature (Hakim & Hakim, 2010). Hakim and Hakim (2010) propose conducting a SWOT analysis (strengths, weaknesses, opportunities, threats) with stakeholders to identify the strengths and weaknesses of the organization with regard to the implementation of an ERP system. They developed a framework of six categories of risk, including: (a) organizational, (b) technical skills, (c) project management, (d) system, (e) user, and (f) technology (Hakim & Hakim, 2010). From this list, Hakim and Hakim (2010) surveyed organizational stakeholders to identify specific risks within each category. This risk analysis enabled management to identify and address the risk factors early to improve the likelihood of ERP implementation success (Hakim & Hakim, 2010). Ravasan and Mansouri (2014) also identified risk categories for ERP implementations: (a) environmental, (b) human resources, (c) organizational, (d) project management, and (e) technical. From these categories, Ravasan and Mansouri (2014) then identified ten critical failure factor (CFF) effects for ERP implementations: (a) budget exceeded, (b) time exceeded, (c) project stop, (d) poor business performance, (e), inadequate system stability, (f) low fit, (g) low RISK MITIGATION FOR SMES ERPS 53 usability, (h) low integration and flexibility, (i) low alignment to strategic goals, and (j) poor economic performance. In turn, Ravasan and Mansouri (2014) note that these failure factors can result in one of four project failure modes: (a) process failure, (b) expectation failure, (c) interaction failure, and (d) correspondence failure. In a related exercise, Shirouyehzad et al. (2011) propose a five-step method for identifying the magnitude and ranking of critical failure factors for ERP implementations: Step 1: Potential Failure Modes Specification, which entails identifying the factors that prevent successful ERP implementations. Step 2: Potential Failure Effects Specification, which entails identifying the consequence of the failure mode. Step 3 Potential Failure Causes Specification, which entails identifying the system design issues that result in the failure mode in ERP implementations. Shirouyehzad et al. (2011) identify this step as the most significant in the analysis. Step 4: Control of Failure Modes, which entails identifying the methods that will be used to identify and prevent failure in the ERP implementation process. Step 5: Failure Mode Risk Prioritizing, which involves analyzing the risk severity, occurrence, and detection to assign a risk priority number. (p. 258). Ahmad and Pinedo (2013) propose grouping success factors for ERP implementations into categories based on dependencies, including: (a) basic, or independent factors; (b) critical factors dependent on basic factors; and (c) dependent factors that are highly impacted by many other factors. Through a literature review and survey of eight SMEs in the UK, Ahmad and Pinedo (2013) noted the most frequently occurring basic success factors included adequate resources, performing data analysis, experienced project manager, and strong project team skills; RISK MITIGATION FOR SMES ERPS 54 critical success factors included cultural change, management support, and use of consultants; and the dependent factors included evaluating progress, strong communication, and cooperation. Iskanius (2009) identified several risk factors through a literature review and categorized them as follows: (a) organizational, or the environment of the organization in which the system is implemented; (b) business-related, or the consistency of the processes, models, and other artefacts after the implementation; (c) technological capabilities required to operate the new ERP system; (d) entrepreneurial, or the attitude of the management team; (e) contractual risk arising from relationships with partners; and (f) financial risks that arise from new costs associated with the ERP system. Iskanius (2009) recommends that an organization use a characteristics analysis method (CAM), which uses the project proposition document, the knowledge and experience gained from prior projects, and the requirements of the organization’s project portfolio to provide recommendations for areas of the project that require more management attention to increase the successful management of the project as a whole. Potential areas on which to focus are: (a) management of a project as a whole, (b) management of integration, (c) project scope management, (d) time management, (e) cost management, (f) quality management, (g) human resource management, (h) management of communication, (i) risk management, and (j) management of purchase (Iskanius, 2009). ERP Implementation Risks Identified in the Literature Risks in the literature, often described as critical failure factors (CFFs) or inversely derived from critical success factors (CSF), are widely documented (Ahmad & Pinedo, 2013; Dixit & Prakash, 2011; Ganesh & Mehta, 2011; Hakim & Hakim, 2010; Iskanius, 2009; Ravasan & Mansouri, 2014; Shirouyehzad et al., 2011; Sternad et al., 2009). The top CFFs from sources in this bibliography are ranked in order of the number of articles in which they appear. Each was considered a top failure factor by the respective authors. RISK MITIGATION FOR SMES ERPS 55 1. Lack of top management support (Ahmad & Pinedo, 2013; Dixit & Prakash, 2011; Hakim & Hakim, 2010; Iskanius, 2009; Ravasan & Mansouri, 2014; Shirouyehzad et al., 2011; Sternad et al., 2009), 2. Poor training (Dixit & Prakash, 2011; Hakim & Hakim, 2010; Iskanius, 2009; Ravasan & Mansouri, 2014; Shirouyehzad et al., 2011; Sternad et al., 2009), 3. Problematic goals and objectives (Dixit & Prakash, 2011; Ganesh & Mehta, 2011; Hakim & Hakim, 2010; Shirouyehzad et al., 2011; Sternad et al., 2009), 4. Failures in project management (Ahmad & Pinedo, 2013; Hakim & Hakim, 2010; Ravasan & Mansouri, 2014; Shirouyehzad et al., 2011; Sternad et al., 2009), 5. Poor change management (Ahmad & Pinedo, 2013; Dixit & Prakash, 2011; Shirouyehzad et al., 2011; Sternad et al., 2009), 6. Ineffective project team (Ahmad & Pinedo, 2013; Hakim & Hakim, 2010; Iskanius, 2009; Sternad et al., 2009), 7. Underfunding (Iskanius, 2009; Ravasan & Mansouri, 2014; Shirouyehzad et al., 2011), and 8. Insufficient business process reengineering (Hakim & Hakim, 2010; Iskanius, 2009; Shirouyehzad et al., 2011; Sternad et al., 2009). It is noteworthy that none of the top critical failure factors are strictly technical. As Iskanius (2009) explains, ERP implementations are not standard IT software projects, but can be viewed as an organizational change project. Enterprise resource planning projects involve the development of significant business processes and extensive business process reengineering, which requires significant planning, change management and project management (Iskanius, 2009). A collection of additional risk factors from the literature include: RISK MITIGATION FOR SMES ERPS 56 • System misfit (Hustad et al., 2016; Beijsterveld & Groenendaal, 2016), • Over customization(Dixit & Prakash, 2011), • Poor communication(Dixit & Prakash, 2011; Shirouyehzad et al, 2011), • Data migration challenges and legacy system transition(Sternad et al., 2009), • Ineffective use of consultants (Ravasan & Mansouri, 2014), • Internal department conflicts (Ravasan & Mansouri, 2014), • Lack of performance measurements (Ravasan & Mansouri, 2014), • Insufficient risk management (Ravasan & Mansouri, 2014), and • Insufficient testing (Ravasan & Mansouri, 2014). Iskanius (2009) notes that organizations should create their own lists of risks in addition to common items from the literature. ERP Implementation Risks in the Context of SMEs Iskanius (2009) notes that SMEs face unique challenges compared to large enterprises that impact their ERP implementations, such as low IT skills. Additional characteristics of SMEs that impact ERP implementations can include a “lack of information systems management, frequent concentration of information-gathering responsibilities into a small number of individuals, lower level of resources available for information-gathering, and quantity and quality of available environmental information” (Introduction). Sternad et al. (2009) propose that a key differentiating factor between large enterprises and SMEs in the context of ERP implementations is that SMEs often have employees covering multiple roles and responsibilities; they conclude that many ERP implementations are failures because organizations mistakenly view the ERP implementation as a technical task, not a management responsibility. Stefanou (2013) also describes problems arising from the asymmetry of a large ERP vendor and an SME, including the difference between a customer organization that wants a RISK MITIGATION FOR SMES ERPS 57 unique business solution and a vendor that prefers to fit the customer into their generic solution. In addition, the wrong vendor may not understand the company’s special wants and needs or may not be incentivized enough to dedicate resources to support the ERP project of small customers (Stefanou, 2013).There is also the potential risk that the ERP vendor ends the development or support of the system prematurely (Iskanius, 2009). Risk Mitigation Strategies for SMEs Implementing ERPs A number of mitigation strategies for SMEs implementing ERPs emerged through a review of the literature (Ahmad & Pinedo, 2013; Beijsterveld & Groenendaal, 2016; Dixit & Prakash, 2011; Hakim & Hakim, 2010; Hustad et al., 2016; Iskanius, 2009; Kowanda et al., 2015; Ravasan & Mansouri, 2014; Shirouyehzad et al., 2011; Sternad et al., 2009). Start risk management early. Iskanius (2009) recommends that risk management should be performed early in the ERP project process as “many risks can be eliminated before the ERP project system starts” (V. Discussion). Iskanius (2009) argues that risk management is more efficient at the planning stages and when selecting criteria for system selection: The success of an ERP project also largely depends on how well SMEs can manage changes in their business and how well personnel can adopt new way of operations. This change process is best to start already in the early phase of the ERP project, because many risks can be eliminated before the ERP project system starts. The SMEs can e.g. hire temporary staff to perform the routine operations so the key persons get more time to concentrate on the ERP system characteristics and new work practices. (V. Discussion) Careful system selection. System selection is an important critical success factor in order to align the best possible fit between ERP system functionality and the organization’s business processes (Iskanius, 2009). Small and medium enterprises should be aware that large enterprises (LEs) rank ERP system selection criteria differently than SMEs, though with some RISK MITIGATION FOR SMES ERPS 58 overlap (Kowanda et al., 2015). Large enterprises and SMEs both identified functional upgradability, short implementations, integration capabilities, and good support as priorities, while SMEs also place particular importance on lower costs, fit with business procedures, and ease of use (Kowanda et al., 2015). Identify and assess misfits. Iskanius (2009) notes that it is critical for an SME to identify an ERP system that best aligns with their business processes due to their limited resources. Hustad et al. (2016) and Beijsterveld and Groenendaal (2016) define the gap between system functionality and business processes as a misfit. Beijsterveld and Groenendaal (2016) point out that in order to achieve differentiation, which is more characteristic of SMEs than LEs, SMEs may need to employ unique business processes and structures that are not supported by standard ERP systems (2016). Hustad et al. (2016) distinguish between imposed misfits, which can be external constraints such as industry norms, and voluntary misfits such as a choice to pursue market differentiation. Hustad et al. (2016) further broke the imposed and voluntary misfits into deep misfits, characterized by operations of which the system is incapable; and surface misfits, which are areas the system does not have out-of-the-box but that can be developed with customization. Hustad et al. (2016) propose four paths for handling misfits: (a) Organizations may choose to adapt their processes to the ERP system, (b) Organizations may choose to remove some of their previous requirements and adapt to the ERP system as-is, (c) Organizations can find workarounds to the missing functionality, or (d) Organizations may customize the ERP system to implement the missing functional requirements. Beijsterveld and Groenendaal (2016) note that misfit resolution strategies vary between organizations. In a case study of four small-sized and medium-sized enterprises, Beijsterveld and Groenendaal (2016)found that of all the misfits initially identified, only 54 percent were actual RISK MITIGATION FOR SMES ERPS 59 misfits, with the rest being perceived misfits. Beijsterveld and Groenendaal (2016) concluded that organizations prefer to adjust the ERP system to their business processes when needed, but often unnecessarily change the system to solve perceived misfits. Dixit and Prakash (2011) claim that customizations for an out-of-the-box ERP system should be limited to less than 30 percent, but do not provide any citations for this number. Phased implementation with risk analysis repeated each phase. Iskanius (2019) proposes separating an ERP implementation into phases and repeating the risk assessment and prioritization for each phase and notes that the change process can best be managed with this approach. Iskanius (2009) recommends conducting a characteristics analysis method, as the results of the CAM can be used to divide the ERP project into manageable sub-projects. However, Sternad et al. (2009) note that there is no single best implementation methodology, and different phases of implementation will have different critical success factors. Communicate and provide training. Iskanius (2009) proposes that organizational risks can be mitigated by not underestimating the need for communication and training; he notes that both can help reduce resistance to change in the organization and communicate short term successes to keep personnel engaged and using the systems in a disciplined manner. Open Source ERPs as Risk Mitigators for SMEs Findings in the literature indicate free/open source (FOS) ERP systems offer SMEs a viable alternative to proprietary systems (Stefanou, 2013). In 2015, Aversano et al. found a steady evolution of open source ERP systems identifiable by trends of increasing contributors, code commits, and downloads. Kowanda et al. (2015) evaluated three FOS ERP systems and found they performed well in six of seven dimensions of their criteria, including: (a) cost, (b) support availability, (c) stability and maturity, (d) customization, (f) user interface, and (g) out-of-the-box features. Only RISK MITIGATION FOR SMES ERPS 60 scalability was an outlier, although they noted that scalability is more of a concern to larger enterprises than SMEs and therefore the low score for this dimension should not present a barrier to SMEs (Kowanda et al., 2015). Unlike proprietary ERP systems with high license and installation costs, FOS ERP systems offer unique advantages that align well with the evaluation criteria identified for SMEs (Kowanda et al., 2015). Open source ERP systems are more flexible and affordable and can be readily downloaded and piloted (Kowanda et al., 2015). Particular advantages of OS ERPs noted by Kowanda (2015) include: • Flexibility: The source code is available for free and can be modified and developed; • Quality: Arguably, OS ERPs have better quality regarding solving technical challenges; • Ability to adapt to the business environment: OS ERPs can be customized to work for the business processes rather than requiring business process reengineering to fit the system; • Infrastructure model in accordance with the SME: Proprietary ERP systems have a more expensive infrastructure model, • No hidden costs: While ERP vendors might propose affordable rates to attract customers, many features come at additional costs. With OS ERP, there are no hidden fees; • The possibility of certain features: Open source ERP systems can be customized without limitation, while proprietary ERP systems features are at the discretion of the vendor; • Vendor independence: An OS ERP system does not depend on a single vendor relationship and instead has a community of developers upon which to draw; and RISK MITIGATION FOR SMES ERPS 61 • Freedom to upgrade: The business can choose whether to upgrade based on its needs rather than enduring forced upgrades from a proprietary system. (p. 196) Olsen et al. (2018) note that the high costs of ERPs have limited their use in SMEs, although in an effort to attract SMEs by lowering up-front costs, proprietary vendors have created more-simplified, web-based software as a service (SaaS) products. By their nature, however, FOS systems present a fully customizable alternative to proprietary systems without the up-front costs (Olsen et al., 2018). Olson et al. (2018) cite Red Hat’s list of why open source software can save businesses money: • Enabling use of commodity hardware rather than proprietary machines; • Avoidance of expensive maintenance contracts; • Obtaining greater functionality, reliability, and performance; • Increasing productivity through a faster learning curve and availability of support tools; • Avoidance of vendor lock-in; and • Reduction of the need for specialized security consultants and tools. (p. 31) Stefanou (2013) argues that costs for ongoing license fees and feature expenditures for proprietary systems can instead be invested in customizing the FOS ERP system to better align to the company’s business processes. Stefanou (2013) lists common SME characteristics that are compatible with FOS-ERP software, including: • Limited capital resources for initial capital spending on licenses, • Limited financial resources and restricted IT budgets, • Limited product lines, • Limited geographical sales area, • National rather than multinational company, RISK MITIGATION FOR SMES ERPS 62 • Organizational culture of openness and sharing of information, • Open-minded entrepreneurship, • Personnel who are informed about open source software philosophy, • New company without established rigid processes requiring reengineering, • ‘‘Small to medium’’ rather than ‘‘medium to large’’ sized company, • Outsourced functions, such as payroll, are not critical for company integration, and • Few extensive customizations needed to support core business processes. (p. 163) RISK MITIGATION FOR SMES ERPS 63 Limitations of FOS ERPs and Future Research Olson et al. (2018) discuss risks of FOS ERP, including higher levels of uncertainty when evaluating FOS ERP platforms relative to evaluating proprietary options. In addition, Olson et al. (2018) note organizations cannot expect the same level of support with a FOS system as with a proprietary system, although this risk can be mitigated by finding a commercial vendor to provide support for the selected FOS ERP system. While FOS ERP implementation costs are significantly lower, Olson et al. (2018) note that total cost of ownership is not well understood, with a lack of empirical evidence in the literature. Comparative studies of value for SMEs implementing proprietary ERP systems and those that are implementing FOS ERP systems would provide further insight. Free/open source ERP systems have evolved considerably since the evaluations performed by Kowanda et al. (2015), Ruvio et al. (2015), and Stefanou (2015). A framework for comparing proprietary and FOS ERP systems would be useful, especially as offerings continue to evolve. RISK MITIGATION FOR SMES ERPS 64 References Ahmad, M., & Pinedo Cuenca, R. (2013). Critical success factors for ERP implementation in SMEs. Robotics and Computer Integrated Manufacturing, 29(3), 104-111. doi: 10.1016/j.rcim.2012.04.019 Aversano, L., Di Brino, M., Guardabascio, D., Salerno, M., & Tortorella, M. (2015). Understanding enterprise open source software evolution. Procedia Computer Science, 64, 924-931. doi: 10.1016/j.procs.2015.08.609 Bahssas, D., Albar, A., & Hoque, M. (2015). Enterprise Resource Planning (ERP) systems: design, trends and deployment. The International Technology Management Review, 5(2), 72. doi: http://dx.doi.org/10.2991/itmr.2015.5.2.2 Beijsterveld, J., & Groenendaal, W. (2016). Solving misfits in ERP implementations by SMEs. Information Systems Journal, 26(4), 369-393. doi: 10.1111/isj.12090 Dixit, A., Prakash, O. (2011). A study of issues affecting ERP implementation in SMEs. Journal of Arts, Science & Commerce, 2(2). Retrieved from https://www.semanticscholar.org/paper/A-STUDY-OF-ISSUES-AFFECTING-ERP- IMPLEMENTATION-IN-Kr-Prakash/4d86e637795b7743a99fc4f1609b910f78b58f58 Elragal, A., & Haddara, M. (2012). The Future of ERP Systems: Look backward before moving forward. Procedia Technology, 5(C), 21-30. doi: 10.1016/j.protcy.2012.09.003 Ganesh, L., & Mehta, A. (2011). Critical failure factors in enterprise resource planning implementation at Indian SMEs. Asian Journal of Management Research, 1(1). Retrieved from https://ssrn.com/abstract=1862837 Groenewald, D., & Okanga, B. (2019). Optimising enterprise resource planning system to leverage a firm's absorptive and adaptive capabilities. South African Journal of Information Management, 21(1), a962-a976. RISK MITIGATION FOR SMES ERPS 65 Ha, Y., & Ahn, H. (2014). Factors affecting the performance of enterprise resource planning (ERP) systems in the post-implementation stage. Behaviour & Information Technology, 33(10), 1065-1081. Hakim, A., & Hakim, H. (2010). A practical model on controlling the ERP implementation risks. Information Systems, 35(2), 204-214. doi: 10.1016/j.is.2009.06.002 Hustad, E., Haddara, M., & Kalvenes, B. (2016). ERP and organizational misfits: An ERP customization journey. Procedia Computer Science, 100, 429-439. doi: 10.1016/j.procs.2016.09.179 Icahn School of Medicine at Mount Sinai. (2019). Web of Science: Using a citation database: Pearl growing/citation mining and related records. Retrieved from https://libguides.mssm.edu/c.php?g=168555&p=1107625 Iskanius, Päivi. (2009). Risk management in ERP project in the context of SMEs. Engineering Letters, 17(4). Retrieved from https://www.researchgate.net/publication/40422652_Risk_management_in_ERP_project _in_the_context_of_SMEs Kowanda, D., Firdaus, M., & Pasaribu, R. (2015). Opportunity of free open source ERP system as a competitive advantage for small and medium enterprise. In 1st Unnes International Conference on Research Innovation & Commercialization for the Better Life 2015 (pp. 195 – 206), Semarang, Indonesia: Institute Semarang State University. doi: 10.13140/RG.2.1.1473.1281 Micro, small and medium-sized enterprises. (n.d.). Retrieved from https://www.wto.org/english/thewto_e/minist_e/mc11_e/briefing_notes_e/bfmsmes_e.ht m RISK MITIGATION FOR SMES ERPS 66 Olhager, J. (2013). Evolution of operations planning and control: From production to supply chains. International Journal of Production Research, 51(23-24), 6836-6843. doi: http://dx.doi.org/10.1080/00207543.2012.761363 Olson, D., Johansson, B., & De Carvalho, R. (2018). Open source ERP business model framework. Robotics and Computer Integrated Manufacturing, 50, 30-36. doi: 10.1016/j.rcim.2015.09.007 Olson, D., & Staley, J. (2012). Case study of open-source enterprise resource planning implementation in a small business. Enterprise Information Systems, 6(1), 79-94. doi: 10.1080/17517575.2011.566697 Poba-Nzaou, P. Louis, R., & Bruno, F. (2013). Risk of adopting mission-critical OSS applications: An interpretive case study. International Journal of Operations & Production Management. 34. 10.1108/IJOPM-03-2012-0117. Retrieved from https://www.researchgate.net/publication/263450779_Risk_of_adopting_mission- critical_OSS_applications_An_interpretive_case_study Ravasan, A., & Mansouri, T. (2014). A FCM-based dynamic modeling of ERP implementation critical failure factors. International Journal of Enterprise Information Systems, 10(1), 32-52. Ruivo, P., Oliveira, T., & Neto, M. (2015). Using resource-based view theory to assess the value of ERP commercial-packages in SMEs. Computers in Industry, 73, 105-116. doi: 10.1016/j.compind.2015.06.001 Safavi, N., Amini, M., Abdollahzadegan, A. & Zakaria, N. (2013). An effective model for evaluating organizational risk and cost in ERP implementation by SME. IOSR Journal of Business and Management (IOSR-JBM), 10(6), 70-75. Retrieved from RISK MITIGATION FOR SMES ERPS 67 https://www.researchgate.net/publication/244484646_An_Effective_Model_for_Evaluati ng_Organizational_Risk_and_Cost_in_ERP_Implementation_by_SME Saxena, D., Dempsey, B., & Mcdonagh, J., (2016). Beyond the One-dimensional Construct of Failure: The Curious Case of Enterprise System Failure Rates, presented at UKAIS Conference 2016, Oxford, 2016. Retrieved from https://www.researchgate.net/publication/301552340_Beyond_the_One- dimensional_Construct_of_Failure_The_Curious_Case_of_Enterprise_System_Failure_R ates Shirouyehzad, Hadi, Dabestani, Reza, & Badakhshian, Mostafa. (2011). The FMEA approach to identification of critical failure factors in ERP implementation. International Business Research, 4(3), 254. doi: 10.5539/ibr.v4n3p254 Stefanou, C. J. (2013). Adoption of Free/Open Source ERP software by SMEs. In Information Systems for Small and Medium-sized Enterprises (pp. 157-166). Heidelberg, Germany: Springer. doi: https://doi.org/10.1007/978-3-642-38244-4_8 Sternad, S., Bobek, S., Dezelak, Z., & Lampret, A. (2009). Critical success factors (CSFs) for enterprise resource planning (ERP) solution implementation in SMEs: What does matter for business integration.(small and medium-sized enterprises)(Case study). International Journal of Enterprise Information Systems, 5(3), 27-46. Teach, E. (2016). Trend spotting: ERP in 2016: A prominent consultant discusses some of the top trends and issues in the ERP software arena. 32(1), 40. Zareshahi, R., Nayebzadeh, S., & Heirany, F. (2015). The study of the benefits of using ERP from the accountants' perspectives. 213.