Risk governance framework for enterprise-wide application implementations

Enterprise Application Systems (EAS) are strategic enablers for businesses impacting multiple business areas such as financials, accounting, supply chain, customer services, and human resources. EAS implementations are highly complex implementations that automate several business functions, involving several internal and external resources. EAS create value for the adopter if the implemented solution is sustainable. Due to the complex nature of multi-party, multi-level risk association during different phases of the project life cycle all EAS projects require proper risk governance framework to empower proper risk identification, evaluation and mitigation authority within the project organization to execute. The concept of risk governance - referring to the risk governance of a single project - has remained ambiguous in existing studies. In the research, we review literature from multiple viewpoints to a novel definition and interpretation about inclusive risk governance concept. Inclusive risk governance provides a multi-phase, multi-step process with a set of principles, checks, and balances that govern risk-related decision making in an effort to reduce the odds of project failure that may result from a set of identifiable risks that involves project ecology risks. That is why it is important to know how relevant risk information is collected, analyzed, and communicated, and management decisions are taken involving all the stakeholders. When these questions go beyond the conventional risk management, the involvement of all stakeholders is required; therefore, in such a situation there is a need of inclusive governance. Inclusive risk governance is based on the assumption that all stakeholders have something to contribute to the process of risk governance and that mutual communication and exchange of ideas, assessments, and evaluations improve the final decisions rather than impede the decision-making process or compromise the quality of scientific input and the l- - egitimacy of legal requirements. Therefore, we have developed a theoretical approach to the inclusive risk governance process. This article develops a framework of risk governance by discussing a range of institutional possibilities for participation from the implementation ecosystem.