Risk Management in Oracle Upgrade

Abstract

With the internet accelerating the sharing and collecting of information of all types, concerns about the accuracy and protection of the collected data have grown drastically. In this document an attempt will be made to describe risks will be managed during the process of "Upgrading the existing Oracle Financials ERP implementation to 11.5.10 version". This document defines roles and responsibilities for participants in the risk processes, the risk management activities that will be carried out, the schedule and budget for risk management activities, and any tools and techniques that will be used.

Introduction

The risk management process attempts to identify what could prevent or limit the upgrade of the existing oracle applications (11.5.9) and achieve the targeted functional and performance objectives within cost and schedule constraints. This is a very essential component of delivering the upgrade project, and any other project, to the altar of success. The competition among the software vendors drives them to deliver the new versions to their customers without thorough testing and fixing the loop holes in their product. In addition, every new version calls for stronger hardware requirement, more skilled and trained individuals, more clarity in the expectations from the software/upgrade, and faster implementation and/or upgrade - because the obsolescence of software takes place before the new version is released. Therefore, the planning of an upgrade process of any software needs to be planned very careful.

Risk Classification

An applications upgrade delivers the organization a tool which acts as a catalyst for business change, by delivering - new functionalities, better performance, new applications, etc. The effective migration/upgrade of the application ensures that the management enjoys the fruit of the efforts put/invested in this project. Thus it is the responsibility of the project team to ensure that all the risks are mitigated effectively so that the time frames are met, appropriate skill levels are available, all hardware resources are within hands reach, and the project team has clear and specific goals.

On broad guidelines, the upgrade process of Oracle Applications can be classified into three categories:

1) Project Risks

2) Technical Risks

After playing the simulation "Managing Project Risks", we can list down the following risks under these two headers.

Project Risks:

In general, project risks are which do not involve any involvement of technology. These are generic risks factors which are common to most of the projects. The leading risks to the upgrade process, relating to our case scenario, are:

- Change in management priorities

- Skill and competency gaps

- Lack of team synergy and Commitment

- Poor selection of team

- Lack of clarity of objective

- Nature or Manmade disasters

Any change in the following parameters does not increase the percentage of risk and does not endanger the project any further. The list of parameters is:

- the number of application/database users,

- the commitment from the management,

- the corporate culture,

- the number of people on the upgrade team,

Technical Risks:

Technical risks comprise of risks relating to hardware, software, and network resources. The factors which can and/or will influence the technical risks are:

- Platform

- Applications Complexity

- Extent of functionality used

- Stability of the release

- Customizations in the Applications code

- New functionality

- Integration of modules

- New technology

- Network resources

- Legacy systems and standards

In Oracle Application upgrade project, the possible risks which can dampen the motivational level of the upgrade project are:

- Skill and Competency level of the upgrade team

- New issues coming into picture

- Availability of the network resources

- Legacy systems and standards

- Stability of the release

Risk Prioritization:

Once the risks have been listed and categorized, it is very important to prioritize it so that adequate resources can be allocated to monitor the possible risks and help the project sail through to success. The risk prioritization is done based on the following factors:

- Past experience

- Similar experience of other customers of Oracle Applications

- Post of experience in the forum of OAUG and support site of Oracle.

- Benchmarking data available on competitor's and vendor's website

- Gut feel/sixth sense

- Expert opinion of experienced staff, as was available from Sid, Rafael, and Viviane. Their past experience helped a lot in making right decision to mitigate the possible threats in the simulation.

- Impact of each risk factor on the outcome of the project.

During the process of prioritization of the risk factors, suitable Probability (P) and Impact (I) rating is given to each possible risk factor - Project and Technical. Based on the Exposure (E) reading (P x I) it becomes easy to prioritize the risk factors.

Risk Factor Probability Impact Exposure

Skill and Competency level of the 0.85 0.8 0.680

Availability of the network resources 0.80 0.80 0.640

New