 Hello and welcome to the session in which we will discuss change management risks. There are two terms that we need to be familiar with in this session. First is what is change management and the second one is risks. What is risk? Risk is any potential negative outcome or any unexpected outcome. Now what is a change management? Change management is when you are moving from one state to another state, whatever that state is, implementing new processes, installing a new IT system, installing new software, hardware, you are going through some sort of restructuring. All of those are called change management. And as a result of this change management, we can face few risks. So in this session, we're going to discuss those risks and look at how they can be mitigated. So just to review, change management is typically used in the context of organizational change such as implementing a new IT system, restructuring the organization, introducing new business processes. As you're going through this, you might face some changes and this is what change management risk is. You're going from a current state to a desired, hopefully a better state. So the goal of change management, again, this is a review because we have a whole session about change management is to ensure that the changes are implemented smoothly and effectively with minimal to no disruption to the organization. Before we proceed any further, I have a public announcement about my company, farhatlectures.com. Farhat accounting lectures is a supplemental educational tool that's going to help you with your CPA exam preparation, as well as your accounting courses. My CPA material is aligned with your CPA review course such as Becker, Roger, Wiley, Gleam, Miles. My accounting courses are aligned with your accounting courses broken down by chapter and topics. My resources consist of lectures, multiple choice questions, true-false questions, as well as exercises. Go ahead, start your free trial today, no obligation, no credit card required. Now, what are the risks that you're going to be facing? I'm going to break them into three types of risks when it comes to change management risks. I'm going to discuss general risks, risk that goes with any sort of change management, whether that change management is IT or non-IT, I'm going to be looking specifically at IT risks, then I'm going to be looking at outsourcing risks is when the company decides to outsource this change management because they don't want to do it, they'll bring a third party, there's risks involved with this. And I will discuss mitigation options. We also have a whole session, not a whole session, but a lot about outsourcing that will apply to this session as well. First, let's start with the general risks. Those risks apply to any change, whether that IT or non-IT and the first one, resistance to change. This is the most common risk associated with any type of change. And you are facing this resistance from the employees, also from customers, could be also from vendors. So employee may resist changes in their work processes, system, organizational structure, they don't want to learn the new system. They're happy with the IT system that they're using, but they're happy with the processes that they are performing. And if you have those resistance, that could lead to delays, reduction in productivity, even failure to achieve desired outcome if the resistance is very strong. Also lack of communication could be a risk when you are implementing any changes. So poor communication about the changes can lead to confusion and misunderstanding among employees. So you want to let them know what's happening, what's that change management? You want to show them the benefit. Otherwise, the change will be delayed, you'll have more cost and decreased morale because they don't know. People don't like when they don't know what's going on, lack of communication because they don't know, am I going to be losing my job or not? What's happening? Why are they changing this? You know, am I going to be replaced? So on and so forth. Also a general risk will be lack of stakeholder buy-in. Well, what does that mean? It means people who are involved in this process, whether those employees, vendors, managers, anyone that's involved in this process, sometimes it could be customers are not fully committed to the changes. It can be difficult to implement them successfully. Again, this resistance could delay and increase the cost. Also implementation failure, you know, even if you went through proper planning, proper preparation, proper communication, there's always the risk, there's always the risk that the change will not be implemented as intended. And believe me, you're always going to have unintended consequences. Some will be positive, some will be negative. Hopefully you'll have more positive than negative consequences. This is going to increase the cost, increase productivity, and hopefully you will not get a hit on your reputational change because of this implementation failure. You could not implement the change that you wanted to implement. It means execute, means actually put it to work. So unintended consequences is the result of that. Changes can have unexpected outcome here that are not anticipated during the planning phase. Why? Because a failure in implementation failure. And this could, again, could affect employees, customers, vendors, any stakeholder. It could be the community. Who knows? Okay, maybe you have some environmental issue that's affecting the community in which you operate. Also, this will increase your cost, decrease your productivity, even give you some legal or compliance issues. Also lack of financial and moral support by appra-management hinders any sort of change management, whatever that change management IT or not IT. Now let's take a look at few risks for change management when it comes to IT information system. The first thing is, it didn't work. Technical issues. Changes in IT system can introduce technical problems. System crashes, data corruption. The software is not integrated properly with the new system. The issue can result in lost productivity, increased cost, and reputational changes. Security risk, that's always a problem with IT. Changes to the system could introduce new security risks such as vulnerabilities and breaches that we are not familiar with. Why? Because the system is new. We thought we had a good protection system. We had good firewalls. But this new software is not under the umbrella of our security system. So the new system, the system could be more vulnerable to security breaches because it might be incompatible. Why? You're having some technical issues. Again, these risks are very high because they could result in data loss, legal liabilities, and rapid loss of reputation. So the security risk, I would say, is one of the highest always risk. User adoption, well, changes to the IT system now, specifically IT, may require users to adopt new processes or software. Well, people can be resistant. We talked about this. They do not, you know, or they did not receive enough training. And this could result in decreased productivity, increased cost. Other IT risks will be comparabilities. Kind of we touch upon that. The system to IT system can create comparability issues with other system or software within the organization. For example, you had a software and your inventory was a separate component. Now you change the software, it doesn't communicate with your inventory, with your inventory module. I saw this in the real world at some point. One company was keeping their inventory in a separate software and everything else in a separate accounting information system. So when they updated their accounting information system, they kept relying on the old inventory and the system was not compatible. Again, this could be a lot of frustration for everyone. And this is including vendors because now the inventory is not communicating with billing. It could be a problem with sales, with customers because we don't know how much inventory we have. The system is not updating to date. So comparability issues is also a major issue. Regulatory compliance or compliance issues is when the system is under some sort of an authority, regulatory authority, and you need to comply with those regulatory authority, mainly banking and health care. When you think about regulatory compliance, among others, but banking and health care because of the privacy and security. Failure to comply with the regulation can result in legal liabilities fines by the government and the most important is reputational change. Reputational loss, because you don't want to lose your reputation in the market. Also an IT risk will be the lack of experience in selecting or interviewing or purchasing the system. Simply put, you wanted to buy a system, implement the system, but you don't have enough experience to ask all the questions. Well, this could be an IT risk by itself. So let's assume you don't want to do this. You want to outsource this process to someone else. While outsourcing IT change management, what does that mean? It means transferring those responsibility for planning, implementing and managing the change to someone else. Well, the first thing you could have is the same problem. You selected the wrong company. They don't have enough people. They don't have enough expertise or experience in this. That's what could be one of the risks. Also loss of control. Once you outsource, and we talked about this in the outsourcing session, once you outsource, you lose control. How comfortable are you? Okay, outsourcing can result in a loss of control over planning and implementation. And this can result in unexpected outcomes, delays or even failure, because you are at the mercy of the other company. Communication issues, same thing. Outsourcing can create communication issues between service provider and organization, especially if the outsourcing is in a different country, a different culture, a different attitude toward quality, a different attitude toward deadlines. So you're gonna have a lot of issues. So poor communication can result in misunderstanding, delays and even conflict. Outsourcing could also result in security risks. And again, once we talk about security, it's like the most important one. Why? Because you are given the outsourcing company access to your software, access to your data. They may not have adequate security measures in place. And this could result in data breaches, maybe the hackers can find a way through their system, loss of intellectual property and the most important, reputational damage. Because once your reputation is damaged, it's very difficult or costly to rebuild. Compliance issues, outsourcing also can result in this because you are relying on the compliance ethical standard of the outsourcing company because they're building your system. They are managing the whole process. So outsourcing change management can create a compliance issue of the service provider does not adhere to regulatory requirement or don't understand the regulatory environments under which you operate. For example, you outsources to a company in Argentina and they're not familiar with the SEC requirement. Well, or EPA or whatever regulatory agency we are dealing with, that's a bad idea. Because this result in legal liability is fine, damages and organization reputation. Also quality, quality could take a hit. Why? Because again, your quality is as good as the outsourcing company. And that's why the first risk is that you select the proper outsourcing company. So if the service provider does not meet the organizational standard for quality, there's any discrepancies and expectation. Well, that's a problem too. This could result in decrease in production, increase costs again, we go back to reputational damage, reputational damage. So what we're gonna do now discuss what can we do? What can we do to mitigate those IT change management? The first step is plan thoroughly. Take your time. If you're gonna make those changes, plan them well. Plan them well. So well planned change management strategy is essential in identifying mitigating potential risks. This include risk assessment. Look at all your potential risks. Who are the stakeholders from this change? Define your goals and objective. What are you doing? And develop a detailed plan for implementing those changes. Simply put, have policies and procedures specifically for any change management. It's not like haphazardly we're gonna do this. What we plan this properly. Two, communicate clearly. Remember, that's a risk. So how do you mitigate this risk? You have clear communication to do what? To ensure that everyone involved, all the stakeholders that you identified in step one are aware of what's happening. Understand the roles, the responsibilities, the scope of the change and the potential impact on them, the unintended consequences possibly as well. Communicate should be ongoing. You should not just communicate at the beginning and put them in the dark. They should be ongoing throughout the change process and stakeholders should be kept informed of progress of any change in the plan. Involve the stakeholders. How? Including end users. If employees, are you gonna be using this? Make sure they are involved in this. Even customers, you can maybe have a sandbox for customers to try. IT staff, senior management, anyone that's gonna be using the system. See if they can be involved somehow to ensure a buy in and support for the change because those are the people that are gonna be using it day in and day out later on. And this could mitigate a lot. That resistance that we talked about said this is, people don't like change, but if you involve them, if they buy into the process, the resistance level will go down and increase the likelihood of a successful outcome. You want to be successful in this. To mitigate IT risks, you wanna test and validate changes. So before implementing the changes, what you do is you test. And we're gonna talk about testing later on. We're gonna have a whole session about testing. It's important to thoroughly test and validate in a non-production environment. And sometime you might have to do it in a live environment, but it's preferable if you can do it in a non-production or if you can run two system. If you're implementing a new system, run the new system and run the old system at the same time or run all the transaction through the old system, see the results, run them through the new system, make sure they get you the same results. This is what you test. And we'll talk about that later. This could help identify and mitigate potential issues before the changes are implemented in a live environment. Sometime you may not have that leisure, but if you do, you should use it. Also another way to mitigate those risks is to do the changes in phases. We got to phase one. We have five phases. We got to phase one. Stop, let's review. Don't finish everything all at once, okay? So implementing changes in smaller phased increment can help mitigate the risk of unexpected consequences or failure. So after step one, you gotta stop, see is everything going as expected? Then we move on to step two. This allow the issues to be addressed before moving on to the next step. You also want to monitor and evaluate the changes after implementation. That's always a good practice. Always, always a good practice. As you go back, you monitor and see what's going on after you implemented. You know, just don't implement it and let it go. That's not a good idea, okay? This can help ensure that the changes are achieving the desired outcome. Because you remember you had the goal at the beginning. Are they achieving the desired outcome? Okay, I understand you want to update your IT system, but you did the update. Is it getting you what you need to get? And can provide valuable feedback for future change management effort? Because if you learn from your mistakes, you may have several change management project in the next five years. You want to learn from your mistakes so you can do better in the next session. And learning from your mistakes is going to far hat lectures and working MCQs to make mistakes, to make sure you understand those in and out. So you can answer multiple choice questions, whether it's a CPA exam, CMA exam, or any other accounting certification for accounting information system course. Good luck, study hard, invest in yourself, and stay safe.