MULTIPLE CRITERIA ANALYSIS FOR EVALUATION OF INFORMATION SYSTEM RISK

Information technology (IT) involve a wide set of risks. Enterprise information systems are a major developing form of information technology involving their own set of risks, thus creating potential blind spots. This paper describes risk management issues involved in enterprise resource planning systems (ERP) which have high impact on organizations due to their high cost, and their pervasive impact on organizational operations. Alternative means of acquiring ERP systems, to include outsourcing to application service providers (ASPs) are available. But outsourcing ERP involves many risks that are often overlooked. After identification of typical risks involved with representative alternative forms of ERP, multiple criteria analysis is proposed as a useful tool for tradeoff analysis in this selection decision. SMART is compared with popular approaches such as DEA and PCA-based DEA. A demonstration of how multiple criteria analysis can be applied in the international ERP alternative selection decision is given by including outsourcing to China and South Korea.