ERP implementation risks

Lower risk and reduce the cost of compliance

Contact our risk team

A proven methodology to manage risk and improve security and controls ROI when implementing your ERP system

Implementing or upgrading a new enterprise resource planning (ERP) system or large customized software implementation is laden with potential pitfalls as these platforms affect nearly all primary operations of your organization. Many times, we see companies go live without knowing if all business requirements were met. Sometimes companies don’t know if their new ERP system will meet global regulatory requirements. Sometimes data migration or security access issues create business operation problems at go-live. Often companies find they are overpaying for security licenses because their application security was not appropriately customized to meet organizational needs.

RSM US LLP can help you avoid these pitfalls. Our implementation risk professionals have decades of experience managing program risk; designing regulatory compliant security that also reduces user license costs; managing automated control enablement within various ERPs and applications; and enabling emerging technologies or ERP governance, risk and compliance (GRC) technologies during implementations. Our proven methodology focuses on the risk of key program success factors and is designed to help you realize the full return on your investment.

Our team has deep experience with large custom software implementations, as well as in risk, security and controls with a variety of leading ERP solutions including:

SAP
Oracle
Microsoft Dynamics
NetSuite
Workday

RSM not only has deep experience in the configuration of these ERPs with regard to security and automated controls design, but we can also provide risk oversight during your ERP implementation. Whether you need program risk oversight, or an independent verification and validation (IV&V) or the U.S. Food and Drug Administration (FDA) computer system validation (CSV), our knowledge, experience and flexible methodology and approach help us craft a solution tailored to your unique circumstances.

We help you evaluate all strategic options, being especially mindful of the selected system integrator and type of regulations applicable to your business environment, including Sarbanes-Oxley Act, FDA, General Data Protection Regulation (GDPR) and other global regulations, data privacy concerns and tax structures. We also evaluate your internal organizational structure and culture regarding its adaptability to change, the bandwidth of internal employees and other critical companywide initiatives.

For software being implemented in FDA-regulated industries, our FDA CSV services assess your system for software verification and validation and process validation, to meet FDA CSV requirements from installation qualification (IQ), to operational qualification (OQ) and performance qualification (PQ).

RSM’s ERP implementation risk service team’s capabilities:

: RSM’s IV&V assessment methodology is based on the Institute of Electrical and Electronics Engineers (IEEE) standards for software verification and validation, but is enhanced with several frameworks including ISO2700, PMBOK/PMP, COBIT5, ITILv3, PROSCI, COSI, SOX, NIST, PCI and HIPAA. Our IV&V approach determines if the software, hardware, documentation and user requirements have been designed completely, accurately and consistently.

Our methodology is flexible to align with any ERP and any industry, with any type of project methodology (i.e., agile, waterfall or hybrid), upon which we then bring in ERP subject matter professionals when a deeper understanding of system functionality and options is needed. Our methodology is flexible; we work with many customers to customize our IV&V assessments to contain the specific areas of high risk that our customers would like us to focus on.

: If resources or timeline constraints didn’t allow design controls during implementation or there are unexpected problems after your go-live, we can assess both the design and operating effectiveness of your controls post-go-live. Using our tools, we quickly assess your environment to identify automated or security controls to recommend speciﬁc improvements for remediating any control failures.

: When choosing an out-of-the-box ERP solution, implementers are typically not responsible for compliant security or automated controls design or testing the effectiveness of controls before go-live. With an understanding of regulatory requirements such as SOX, JSOX and FDA, we can evaluate the controls environment, review design documentation and identify control objectives and control design activities. We can implement GRC technologies or utilize our own proprietary tool, RSM Guardian, to mitigate segregation of duties risk, or build bots to automate controls or test automated controls.

Additional insights

Recorded webinar

Best practices for global implementation of a NetSuite ERP system

Join RSM US LLP’s webcast to learn how to effectively implement NetSuite for your global business.

Watch

Technology consultingNetSuite

e-book

Managing third-party risks across your life sciences business

Life sciences companies: Learn the importance of anticipating and managing key risks when working with third parties.

Life sciencesInternal audit

Article

Optimizing your ERP implementation: Understanding 7 key risk areas

Learn about how you can mitigate ERP project risks that can create vulnerabilities, cause regulatory concerns and derail an implementation.

Business risk consultingERP services

Recorded webinar

Best practices for global implementation of a NetSuite ERP system

Join RSM US LLP’s webcast to learn how to effectively implement NetSuite for your global business.

Watch

Technology consultingNetSuite

e-book

Managing third-party risks across your life sciences business

Life sciences companies: Learn the importance of anticipating and managing key risks when working with third parties.

Life sciencesInternal audit

Article

Optimizing your ERP implementation: Understanding 7 key risk areas

Learn about how you can mitigate ERP project risks that can create vulnerabilities, cause regulatory concerns and derail an implementation.

Business risk consultingERP services

See all risk, fraud and cybersecurity insights

Additional solutions to achieve your organization’s goals

NetSuite industry solutions

Oracle risk advisory capabilities

SAP risk advisory capabilities

NetSuite industry solutions

Oracle risk advisory capabilities

SAP risk advisory capabilities

Contact our risk professionals

Complete this form and an RSM representative will be in touch shortly

RSM Catamaran

RSM’s suite of integrated, outsourced solutions has the power to transform and strategically evolve your finance, IT, risk and HR functions for the future. Through RSM Catamaran, we add value without adding overhead costs, by giving you access to a deep knowledge base and cutting-edge technology.

Explore RSM Catamaran

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.

Technology alliance platforms

Featured topics

Real Economy publications

Platform user insights and resources

About us

Experience RSM

Spotlight on culture

Work with us