ERP Risk Advisory

When it comes to ERP security controls, experience matters.

Vulnerabilities exist in all enterprise resource planning (ERP) systems because out of the box, these systems don’t come with the controls enabled that regulators, management and internal auditors demand.

It takes years of experience to identify and design optimal ERP controls, develop efficient ways to test them and remediate ERP control failures. Staying on the “cutting edge” of ERP security controls is difficult. Rather than continually training your staff and using their time to perform ERP risk assessments, it makes sense to partner with experienced professionals who do this work every day. That gives your employees the freedom to work on higher-value projects.

RSM’s consultants have extensive knowledge of ERP systems, including:

  • SAP
  • Oracle
  • PeopleSoft
  • JDE
  • Microsoft Dynamics
  • NetSuite
  • Epicor, and more

GRC tools and controls

Our professionals can also help you with governance, risk and compliance (GRC) tools, including GRC tool selection, rule-set implementations, assessments, and designing GRC programs that maximize your GRC tool investment.

When it comes to ERP security controls, one size does not fit all. Our ERP risk advisory team uses RSM’s proven ERP methodology and automated assessment tools, based on industry-leading practices, and customizes our services to meet your needs.

Whether you need help designing controls during an ERP implementation, performing an ERP security assessment, establishing ongoing ERP controls monitoring or anything in between, RSM can help.

RSM’s consulting services for ERP systems include:

You’ve made a significant investment in your ERP system. When it comes to risk prevention, turn to an advisor you can trust―someone who understands compliance, your ERP system and your needs.

Recent Insights


Optimizing your ERP implementation: Understanding 7 key risk areas

Learn about how you can mitigate ERP project risks that can create vulnerabilities, cause regulatory concerns and derail an implementation.

  • Kari Sklenka-Gordon
  • |
  • April 17, 2017


As SOX costs persist, companies automate more controls

More companies are automating internal controls. Learn more as industry professionals offer insight into the reasoning behind the trend.

  • Kari Sklenka-Gordon
  • |
  • January 24, 2017


Effectively performing SoD and sensitive access assessments for ERPs

Performing automated SoD assessments with GRC tools can help you better manage ERP risks and fraud amid a stronger regulatory environment.

  • Kari Sklenka-Gordon
  • |
  • December 06, 2016


Minimizing fraud exposure with ERP segregation of duties controls

Companies must understand segregation of duties control risks that can result in fraud, and more effort and investment following ERP implementation.

  • Luke Leaon
  • |
  • January 19, 2016


Top 10 SAP audit and security risks

With hackers increasingly targeting ERP system vulnerabilities, companies must know and address potential risks to their SAP systems.

  • Luke Leaon

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Watch our Rapid Assessment video to learn more about this "quick-hit" diagnostic of your critical areas of operations.




Getting past the sound and fury of security

  • May 18, 2017


AML and regulatory compliance webcast series—Spring 2017

  • April 25, 2017


ERP implementation risks and their impact on your organization

  • March 29, 2017


2017 cybersecurity outlook and key considerations for nonprofits

  • January 31, 2017


2017 economic and risk outlook

  • January 09, 2017