Risk is inherent in procurement, and more so for e-procurement. There are wide-ranging repercussions to linked systems, information and even the reputation of the organization. So far the mainstream information system risk literature has identified a wide range of risks. These risks apply specifically in the context of e-procurement systems. As a developing and unique form of information system, e-procurement will carry new concerns and risks which would be different to traditional systems. However, there is a lack of understanding of the key risks involved and how they are different from other forms of information systems. Procurement managers must understand the risks before implementing procurement technologies. Then they can devise strategies to mitigate or prevent these risks before they turn disastrous for the organization.
Table of Contents
Security and Breaches
Security is a consistently growing issue for e-commerce and procurement solutions. Due to continued increase security violations, there is a corresponding dependence on information technology to drive the value of businesses. This will increase the importance and the criticality of transaction data. Thereby resulting in an increase in the demand for secure e-procurement transactions. At the same time, this will also ensure confidentiality, integrity and availability of data.
Many organizations may not have realized the depth of the sensitive information involved in the procurement process. They may also not realized the extensive reach of the data breach risk. Nowadays, ERP solutions are collecting, storing and transmitting far more information than before. Organizations who use cloud-based ERP solutions, have to consider the potential impact. Those not only of their own financial data but customers and vendors data as well.
Procurement agreements will mostly provide that the supplier will have no limitation of liability. Either that or a liability cap that is way beyond the value of the contract. As a consequence, the contract may be rendered an uncommercial option for a supplier. Hence there is a risk of contract breaching. Suppliers should instead consider limiting their liability to the value of the contract in the aggregate for all claims. Otherwise, they can limit their liability to the services and products which gives rise to their liability. At the same time to exclude the liability for indirect losses, loss of data and loss of profits. However they are dependent on the scope of services.
The five types of authentication attacks are borrowing of credentials or cloning, sniffing the credential, trial and error, denial of service (Dos) and back-up retrieval. Borrowing or cloning is an attack that is done by finding the login credentials and subsequently using them to login. Sniffing the credentials, a method whereby the login credentials are captured while being transmitted in the login process. Trial and error is an attack whereby the attackers tried different combinations until finally getting the right one to login. The Denial of Service (Dos) attack, where attacker damages the system while blocking others from assessing the system. Backup retrieval is to access an account using information obtained from the backup on the hard drive.