Title: Multiple Criteria Analysis for Evaluation of Information System Risk
1Multiple Criteria Analysis for Evaluation of
Information System Risk
- David L. Olson
- University of Nebraska
- Desheng Wu
- University of Toronto
2Information Systems Risk
- Physical
- Flood, fire, etc.
- Intrusion
- Hackers, malicious invasion, disgruntled
employees - Function
- Inaccurate data
- Not providing needed data
- ERM contributions
- More anticipatory Focus on potential risks,
solutions - COSO process framework
3IT ERM
- Enterprise Risk Management
- IT perspectives
- Enterprise Risk Management, Olson Wu, World
Scientific (2008) - New Frontiers in Enterprise Risk Management,
Olson Wu, eds. (contributions from 27 others) - Includes three addressing IT
- Sarbanes-Oxley impact Chang, Choy, Cooper, Lin
- IT outsourcing evaluation Cao Leggio
- IT outsourcing risk in China Wu, Olson, Wu
- Enterprise Systems a major IT focus
4History of ERP
- Extension of materials resource planning,
accounting - Integrate a firms computing for reporting,
planning, control common architecture - Multifunctional, Integrated, Modular
- In 1990 industry about 1 billion
- SAP, Baan, PeopleSoft, JDEdwards, Oracle, others
- Rapid growth in late 1990s
- Some relation to Y2K fears, but not the main
reason - Mergers in early 2000s
- Peoplesoft bought JDEdwards
- Oracle bought Peoplesoft
5History of ERP
- SAP All-comprehensive in theory, apply
best-practices - Very intrusive, very expensive, require massive
changes in operations - If changes a core business competency, dont
- While theory centralized, many implementations
modular - PeopleSoft human resources
- Finance Accounting a common first module
6Reasons for Implementing ERPmeasured on 1-5
scale (5 best)Mabert, Soni Venkataramanan,
Production Inventory Management Journal 4120,
(2000) 52-58
7Implementation Time RequiredMabert et al. (2000)
- 6 months or less 9
- 7 to 12 months 25
- 13 to 18 months 24
- 19 to 24 months 21
- 25 to 36 months 11
- 37 to 48 months 6
- Over 48 months 2
- Rate of technology change makes 18 month IT
projects dubious - although ERP a major system, longer times
appropriate
8System Cost Mabert et al. (2000)
9Cost Component of total implementation Mabert
et al. (2000)
10Cost Impact Mabert et al. (2000)
- Also affects operations
- Intent was to lower operations cost
- Initially, often the reverse
- Often use data warehouse system
- Very efficient data storage
- Very expensive
11Alternative ERP Options
12Outsourcing RiskBryson Sullivan, Business
Process Management Journal 96, (2003), 705-721
13ERP System Risk AssessmentMcCarthy, Financial
Executive 174 (2001), 45-48
- Total life cycle costs
- Software upgrades (including hardware impact)
- Integration, implementation, testing, maintenance
- Providing users functionality, technical support
- Hardware (servers)
- Disaster recovery
- Electrical service (including building
modifications) - STAFFING
14Multiple Criteria Analysis
- measure value vj of alternative j
- identify what is important (hierarchy)
- identify RELATIVE importance (weights wk)
- identify how well each alternative does on each
criterion (score sjk) - can be linear vj ? wk sjk
- or nonlinear vj ?(1Kkjsjk) - 1/K
15Total Costs of Alternatives
16Relative Scores by Criteriacould be objectively,
subjectively based
17Worst Best Measures by Criteria
18Criterion Weight DevelopmentFirst sort Second
give best 100 Third give worst 10
19Value Calculation
20Conclusions
- ERM has become a paramount topic
- IT risk is important
- ERP is the most costly, recently most common form
of IT - We have reviewed some of the salient risks
- In IT
- In ERP
- Reviewed a methodology to select among options
21(No Transcript)
22Supply Chain Perspective of ERM
- Historical vertical integration
- Standard Oil, US Steel, Alcoa
- Traditional military
- Control all aspects of the supply chain
- Contemporary
- Cooperative effort
- Common standards
- High competition
- Specialization
- Internet
- Service oriented architecture
23Supply Chain Problems
- Land Rover
- Key supplier insolvent, laid off 1000
- Dole 1998
- Hurricane Mitch hit banana plantations
- Ford
- 9/11/2001 suspended air delivery, closed 5 plants
- 1997 Indonesian Rupiah devalued 50
- Blocked out of US supply chains
- Jakarta public transport reduced operations, high
repair parts - Li Fung shifted production from Indonesia to
other Asian sources
24More Problems
- Taiwan earthquake 1999
- Dell Apple supply chains short components a few
weeks - Apple had shortages
- Dell avoided problems through price incentives on
alternatives - Philips semiconductor plant in New Mexico burnt
2000 - Ericsson lost sales revenue
- Nokia had designed modular components, obtained
alternative chips
25Supply Chain Risk Sources
- Giunipero, Aly Eltantawy 2004
- Political events
- Product availability
- Distance from source
- Industry capacity
- Demand fluctuation
- Technology change
- Labor market change
- Financial instability
- Management turnover
26Robust StrategiesTang 2006
- Postponement standardization, commonality,
modular design - Strategic stock safety stock for strategic
items only - Flexible supply base avoid sole sourcing
- Economic supply incentives subsidize key items,
such as flu vaccine - Flexible transportation multi-carrier systems,
alliances - Dynamic pricing promotion yield management
- Dynamic assortment planning influence demand
- Silent product rollover slow product
introduction - Zara
27Supply Chain Risks Outsourcing
28Continued
29Early Supplier InvolvementRisk to Core
- Vertical cooperation design concept
- Reduce development time
- Better product quality
- Improved costs
- RISKS sequencing, shortages, incapable suppliers
- ROLLS ROYCE Aerospace
- New product development 3-4 years
- ESI 1999
- SUPPLY COST REDUCTION
- Reduced threat of excessive costs, easier to
handle changes - Reduced legal liabilities, fewer quality problems
- Less supplier capacity constraints, shorter
development time
30Vendor RiskRisk to Suppliers
- Disintermediation US gas stations
- Motokov UK Ltd.
- European importer/distributor in agricultural
market, tires - Selected by Italian agricultural machinery
manufacturer Landini to market Zetor tractors - For 3 ½ years, exclusive UK distributor
- Then Landini formed an internal distributor
- Tires
- Mid-1990s dropped Matador Tyres for a Czech tire
company - 1995 Czech company went under, back to Matador
- 2002 Matador dumped Motokov
- Zetor Tractors (Czech)
- Production halted after dropped Communism
31Risk Management Tools
- Simulation (Beneda 2005)
- Monte Carlo Crystal Ball
- Multiple criteria optimization (Dash Kajiji
2005) - Goal programming - tradeoffs
- SYSTEMS FAILURE METHOD
- Information Systems Project Management
- INFORMATION TECHNOLOGY
32Monte Carlo Simulation
33China vendor price distribution
34Taiwan vendor price distribution
35Simulation Output
36MCDM Weights
37Scores
38Values
39Balanced Scorecard
40Conclusions
- Outsourcing provides competitive access
- Broader opportunities
- Demonstrate 3 tools
- Monte Carlo simulation
- Evaluate probabilistic elements
- MCDM
- Consider multiple criteria
- Select vendor by decision maker preference
- Balanced Scorecard
- Measure effectiveness of selected vendor