ERP Implementation Risk Services

Your trusted ERP implementation risk advisor.

Implementing a new ERP system can mean new risks and potential challenges. What’s needed are experienced resources who’ve “been there, done that,” to serve as trusted risk advisors during your implementation.

Whether you’re looking for hands-on security and controls assistance or simply an advisor to help you navigate rough waters, RSM can assist by:

  • Helping you select an ERP vendor―Using our “scorecard” methodology and a thorough understanding of your ERP requirements, we’ll review vendor proposals and, using an independent perspective, identify which vendor best meets your requirements and budget
  • Serving as your PMO risk advisor during the implementation processOur job is to raise concerns, when appropriate; ensure ERP project methodology, such as ASAP for SAP or AIM for Oracle, is being followed; and/or to holistically assess your ERP program after implementation to assess risk and potential cost overruns. We can also perform a post-go-live project risk assessment to understand where unforeseen costs occurred or where approved methodology wasn’t followed
  • Designing controls and testing their effectiveness―Out of the box, security and control vulnerabilities exist, because the controls that regulators, management and internal audit demand aren’t enabled. ERP implementers aren’t responsible for controls design and testing effectiveness. Beginning with an understanding of your regulatory requirements (SOX, FDA, ISO, etc.) or your desired framework specific controls (COSO/COBIT), our job as your risk advisor is to evaluate your controls environment; review your design documentation, identifying control objectives and control design activities; and perform controls effectiveness testing, so your controls are in place at go-live
  • Updating controls during ERP upgrades―Controls change when you upgrade your ERP. Some controls from a prior version no longer work, some controls that were non-existent in a prior version, become available. Our services include reviewing your regulatory controls framework and existing ERP controls framework, then identifying optimal controls and document controls testing efficiencies for your new controls
  • Post-go-live controls review―While designing controls during an implementation is recommended, if your budget doesn’t allow that, or you have unexpected problems after your go-live, we can assess your controls post-go-live. Using our tools, we quickly assess your environment to identify automated or security controls and recommend specific improvements to remediate the control failures

RSM’s ERP risk professionals are ready to put their years of experience and knowledge at your disposal.

So whether it’s for one or all of the roles above, when you need a trusted advisor in your corner, call RSM.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Receive Risk Bulletin by Email


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.




RSM 2020 cybersecurity special report

  • July 14, 2020


Evolution of enterprise resource planning system cybersecurity

  • May 07, 2020