Multiple Criteria Analysis for Evaluation of Information System Risk

Information technology (IT) involve a wide set of risks. Enterprise information systems are a major developing form of information technology involving their own set of risks, thus creating potential blind spots. This paper describes risk management issues involved in enterprise resource planning systems (ERP) which have high impact on organizations due to their high cost, and their pervasive impact on organizational operations. Alternative means of acquiring ERP systems, to include outsourcing to application service providers (ASPs) are available. But outsourcing ERP involves many risks that are often overlooked. After identification of typical risks involved with representative alternative forms of ERP, multiple criteria analysis is proposed as a useful tool for tradeoff analysis in this selection decision. SMART is compared with popular approaches such as DEA and PCA- based DEA. A demonstration of how multiple criteria analysis can be applied in the international ERP alternative selection decision is given by including outsourcing to China and South Korea.

[1]  W. Currie,et al.  Evaluating application service providers , 2003 .

[2]  Kent Anderson Convergence: Convergence: A holistic approach to risk management , 2007 .

[3]  Jos van Hillegersberg,et al.  Enterprise resource planning: ERP adoption by European midsize companies , 2000, CACM.

[4]  David L. Olson,et al.  Decision Aids for Selection Problems , 1995 .

[5]  Desheng Dash Wu,et al.  Supplier selection: A hybrid model using DEA, decision tree and neural network , 2009, Expert Syst. Appl..

[6]  T. L. Saaty A Scaling Method for Priorities in Hierarchical Structures , 1977 .

[7]  Jos van Hillegersberg,et al.  ERP Adoption by European Midsize Companies. , 2000 .

[8]  Heeseok Lee,et al.  Enterprise resource planning survey of Korean manufacturing firms , 2006 .

[9]  Ed O'Donnell,et al.  Enterprise risk management: A systems-thinking framework for the event identification phase , 2005, Int. J. Account. Inf. Syst..

[10]  Desheng Dash Wu,et al.  Performance evaluation: An integrated method using data envelopment analysis and fuzzy preference relations , 2009, Eur. J. Oper. Res..

[11]  Ward Edwards,et al.  How to Use Multiattribute Utility Measurement for Social Decisionmaking , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[12]  David L. Olson,et al.  Supply chain risk, simulation, and vendor selection , 2008 .

[13]  Kweku‐Muata Bryson,et al.  Designing effective incentive-oriented contracts for application service provider hosting of ERP systems , 2003, Bus. Process. Manag. J..

[14]  David L. Olson,et al.  A comparison of stochastic dominance and stochastic DEA for vendor evaluation , 2008 .

[15]  David L. Olson Managerial Issues of Enterprise Resource Planning Systems , 2003 .

[16]  R. L. Keeney,et al.  Decisions with Multiple Objectives: Preferences and Value Trade-Offs , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[17]  David L. Olson,et al.  Evaluation of ERP outsourcing , 2007, Comput. Oper. Res..

[18]  Jan Olhager,et al.  Enterprise resource planning survey of Swedish manufacturing firms , 2003, Eur. J. Oper. Res..