United States

Minimizing fraud exposure with effective ERP segregation of duties controls

Segregation of duties controls risks can result in more investment following ERP implementation


Download white paper

Fraud is a major concern within every organization, as control environments often fail to keep up with emerging threats. The strongest reviews and reconciliations simply cannot completely eliminate fraud, and significant exposures can occur at any company, regardless of size. With major enterprise resource planning (ERP) systems increasing functionality and complexity, companies must pay more attention to the design and monitoring of automated controls.

In particular, organizations must explore risks related to segregation of duties (SOD) controls that can enable fraudulent behavior. SOD vulnerabilities often occur due to a lack of awareness or concern during ERP design and implementation, as well as ineffective governance processes. Security and controls are frequently an afterthought during ERP implementation, and many implementation teams lack the right amount of experience with risk and controls.

Discovering a vulnerability or incident after implementation often requires the retrofit of a control framework into the system. This can result in the loss of key institutional knowledge, and more effort and investment than if appropriate controls were included in the initial design. However, companies can recover from an ineffective implementation by implementing proper automated controls and focusing on monitoring. 

Effective ERP SOD control is an ongoing process, requiring continuous maintenance and improvement. Companies should undergo a comprehensive risk assessment to understand threats and customize and validate existing rule sets. In addition, CCM/GRC tools can enhance SOD controls and fraud mitigation efforts, but strong governance processes are key, with processes and data more important than the tool itself.         


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




RSM Raleigh Technology Conference

  • October 26, 2016


Emerging risks seminar: 2016 cybersecurity executive forum

  • October 11, 2016


RSM’s 40th Annual National Credit Union Conference

  • October 06, 2016


Cybersecurity and cloud summit

  • September 27, 2016