United States

Minimizing fraud exposure with effective ERP segregation of duties controls

Segregation of duties controls risks can result in more investment following ERP implementation

WHITE PAPER  | 

Download white paper

Fraud is a major concern within every organization, as control environments often fail to keep up with emerging threats. The strongest reviews and reconciliations simply cannot completely eliminate fraud, and significant exposures can occur at any company, regardless of size. With major enterprise resource planning (ERP) systems increasing functionality and complexity, companies must pay more attention to the design and monitoring of automated controls.

In particular, organizations must explore risks related to segregation of duties (SOD) controls that can enable fraudulent behavior. SOD vulnerabilities often occur due to a lack of awareness or concern during ERP design and implementation, as well as ineffective governance processes. Security and controls are frequently an afterthought during ERP implementation, and many implementation teams lack the right amount of experience with risk and controls.

Discovering a vulnerability or incident after implementation often requires the retrofit of a control framework into the system. This can result in the loss of key institutional knowledge, and more effort and investment than if appropriate controls were included in the initial design. However, companies can recover from an ineffective implementation by implementing proper automated controls and focusing on monitoring. 

Effective ERP SOD control is an ongoing process, requiring continuous maintenance and improvement. Companies should undergo a comprehensive risk assessment to understand threats and customize and validate existing rule sets. In addition, CCM/GRC tools can enhance SOD controls and fraud mitigation efforts, but strong governance processes are key, with processes and data more important than the tool itself.         

AUTHORS


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.

LEARN MORE



Events/Webcasts

LIVE WEBCAST

Cybersecurity risks for employee benefit plans

  • January 11, 2018

RECORDED WEBCAST

Understanding cybersecurity and operational risks of cryptocurrency

  • November 09, 2017

RECORDED WEBCAST

Cybersecurity best practices and considerations for the public sector

  • October 26, 2017

LIVE WEBCAST

Learn the real cost of a data breach

  • October 17, 2017

RECORDED WEBCAST

AML and regulatory compliance webcast series—Fall 2017

  • September 28, 2017