ERP risk and controls automation

RSM’s experienced team can design controls, do security assessments and establish ongoing monitoring for your ERP system.

Contact our risk team

Lowering the cost of ERP security and controls while mitigating risk

When organizations integrate new enterprise resource planning (ERP) systems, the primary challenge to solve is connecting multiple business units with fundamental automation that maximizes efficiency while replacing manual controls. The end goal is to reduce the need for reconciliations and decrease the possibility of human error. However, without proper security and controls, these new systems can leave an organization vulnerable to financial, operational and strategic risks.

RSM’s ERP professionals have many years of experience identifying and designing ERP controls in a variety of industries with varying degrees of complexity, combined with knowledge around automation software like integrated governance risk and compliance (GRC) technologies, analytics and bots. Staying current with leading-edge software and security developments, our team has developed efficient ways to test and remediate ERP control failures. Our extensive controls knowledge embodies the most popular ERP systems including:

SAP
Oracle
Microsoft Dynamics
NetSuite
PeopleSoft
JDE
Workday

Following a holistic review of your business controls framework, RSM can work to identify automated control design gaps, assess pre-implementation controls design and post-implementation controls to determine potential automated control failures. If your organization lacks security and controls monitoring tools, our team can also perform annual or periodic ERP security and controls monitoring and testing with our automated tools.;

RSM’s ERP risk and controls automation team offers extensive capabilities:

Rely on our proven methodology and industry-leading practices to help with governance, risk and compliance (GRC) tools, including GRC tool selection, rule-set implementations, assessments and designing GRC programs to maximize your GRC tool investment.

If you have a governance, risk management and compliance tool, we can:

Perform GRC rules checkups with your tool. Following organizational or system functionality changes, RSM can test for GRC rule changes.
Increase current tool’s value. We’ll help to identify ways to obtain maximum value of your current tool with RSM’s operational GRC tool assessment.

Considering purchasing a GRC tool? RSM can provide:

Guidance. We’ve worked with numerous tools and our "scorecard" approach helps you identify the best GRC tool to purchase for your ERP based on risk appetite, regulatory requirements and budget.
GRC rule implementation assistance. When it’s time to design and implement GRC rules to satisfy your regulatory compliance needs, we can provide practical advice to make the process easier.

If you don’t have security and controls monitoring tools, RSM can perform annual or periodic ERP security controls monitoring (ESCM) to quickly detect:

ERP segregation of duty (SOD) conflicts and unrestricted access. We can identify and remediate security conflicts or identify mitigating controls in your ERP system. Also, we can help prevent over-analysis of false positive/false negative results by customizing rules for future use to meet your needs.
SAP security vulnerabilities. RSM uses tools and methodologies to assess your SAP system, perform scans of configurations, secure authorizations and uncover critical security-related OSS notes. Also, we help to identify potential risk exposure to internal and/or external hackers with reports based on NIST and/or SOX.

Designing ERP controls and optimal controls testing for complex ERPs are daunting tasks. Our professionals deliver superior risk controls services including:

Conducting comprehensive review of business controls framework to identify and fix automated control design gaps
Assessing extent of controls failure during pre-implementation controls design or post-implementation controls
Determining extent of automated controls failures using “look-back” testing to identify fraud, business issues or other failure, such as duplicate posting of manual journal entries or duplicate payments
Assessing or monitoring ERP security controls using RSM’s automated tools

Additional insights from our risk professionals

Additional insights and solutions to achieve your organization’s goals

Contact our disaster preparedness and response professionals

Contact our disaster preparedness and response specialists

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.

Strategic technology alliances

Featured topics

Real Economy publications

Platform user insights and resources

About us

Experience RSM

Spotlight on culture

Work with us