A shadow system of an organization is a system or a program which is not a formal part of its centralized information system or ERP system. A shadow system can range from a simple spreadsheet or a database to full-blown system that replicates and manipulates the data of an organization’s central system. There can be various causes why shadow systems are being used despite all the threats it might impose to an organization; these aspects will be further discussed later in this article.

Some characteristics of shadow system are:

  1. Data for shadow system are replicated from centralized information system, taking the data out from the boundary of centralized IS.
  2. The data extracted are used for selected business functions.


An organization pays good amount of money to implement an ERP system to have an enterprise wide centralized system. Still, why would an organization need a shadow system? There can be various reasons why the need for shadow system arises:

  1. The gap between the requirements of the various stakeholders within an organisation and what the ERP system implementation provides. (Jones, D, Behrens, S, Jamieson, K & Tansley, E 2004)
  2. Complicated interface, lengthy work flow, incomplete features of newly implemented ERP system which makes the job more complex for user.
  3. Lack of proper training of new ERP system to the users.


However, applying shadow system imposes different threats to an organization. The major threat can be the threat of proper integration. The shadow system is not an integral part of ERP system and thus the shadow system only utilizes portion of the ERP’s data. Also, ERP doesn’t support input from external shadow systems. Thus, there is incomplete data in both the systems. This will cause problem while reporting, monitoring and also while performing other tasks as the complete data doesn’t exist wholly in any of the systems.

Further, shadow system can introduce other threats as well. A shadow system is usually developed by an individual or a small team in an ad-hoc basis, and is not well documented. In case the shadow system team stops their support, new support team or ERP provider will have a hard time finding out how the system actually functions. This will only add more expenses and time for new system. Also, because the shadow systems are poorly designed, it might not comply with the legal requirement exposing the existing data to the security risk. This increases the risk of legal liabilities to the company.


The Weblog of (a) David Jones 2004, “The rise and fall of a shadow system: Lessons for Enterprise System Implementation”, blog post, viewed 3 August 2013,