ERP Implementation Risk Services

Your trusted ERP implementation risk advisor.

Implementing a new ERP system is one of the most transformational initiatives an organization can undertake, as these complex programs engender changes in the way your company operates, innovates and synergizes. In short, a new ERP system means new rewards—but not without some risk.  Thus, experienced professionals who have “been there, done that” should serve as trusted risk advisors.

The journey to implementing a new ERP is fraught with challenges, so whether you’re looking for a targeted assessment to diagnose and remediate specific areas of elevated risk within your implementation or a risk advisor to partner with you along the full journey, RSM can assist in various capacities:

  • Serving as your risk management office (RMO) advisor during the implementation process. In this role, we can identify risk, raise concerns when appropriate, ensure ERP project methodology is being followed and holistically assess your ERP program post-implementation to assess risk and potential cost overruns. We can perform this continually integrated role with the project management office (PMO) as a point-in-time health-check assessment or as a post-go-live project risk assessment to understand where unforeseen costs occurred or where approved methodology wasn’t followed. Our team also has experience in performing specific types of health-check assessments such as independent validation and verification (IV&V) assessment or FDA validation assessments. RSM uses proprietary tools and systems in the analysis, reporting and management of these engagements. 
  • Designing controls and testing their effectiveness. Out-of-the box security and control vulnerabilities exist: do you take advantage of automation within your ERP? Did you enable controls that regulate management and internal audit demand? ERP implementers aren’t responsible for controls design and testing effectiveness. Beginning with an understanding of your regulatory requirements (SOX, FDA, ISO, etc.) or your desired framework specific controls (COSO or COBIT), our job as your risk advisor is to evaluate your controls environment, review your design documentation, identify control objectives and control design activities and perform controls effectiveness testing so that your controls are in place at go-live. 
  • Updating controls during ERP upgrades. Controls change when you upgrade your ERP. Some controls from a prior version no longer work, while some controls that were non-existent in a prior version become available. Our services include reviewing your regulatory controls framework and existing ERP controls framework, then identifying optimal controls and validating both the design and configuration of your new control set.
  • Post-go-live controls review. Designing controls during an implementation is recommended, but if your budget doesn’t allow for that or you have unexpected problems after your go-live, we can assess both the design and operating effectiveness of your controls post-go-live. Using our tools, we quickly assess your environment to identify automated or security controls to recommend specific improvements for remediating any control failures.

With combined decades of experience leading all major phases of an ERP implementation, RSM’s ERP risk professionals’ years of experience and knowledge are at your disposal. 

Whether it’s for one or all of the roles above, when you need a trusted advisor in your corner, call RSM.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more