ERP implementation risks

Lower risk and reduce the cost of compliance

A proven methodology to manage risk and improve security and controls ROI when implementing your ERP system

RSM US LLP can help you avoid these pitfalls. Our implementation risk professionals have decades of experience managing program risk; designing regulatory compliant security that also reduces user license costs; managing automated control enablement within various ERPs and applications; and enabling emerging technologies or ERP governance, risk and compliance (GRC) technologies during implementations. Our proven methodology focuses on the risk of key program success factors and is designed to help you realize the full return on your investment.

Our team has deep experience with large custom software implementations, as well as in risk, security and controls with a variety of leading ERP solutions including:

SAP
Oracle
Microsoft Dynamics
NetSuite
Workday

RSM not only has deep experience in the configuration of these ERPs with regard to security and automated controls design, but we can also provide risk oversight during your ERP implementation. Whether you need program risk oversight, or an independent verification and validation (IV&V) or the U.S. Food and Drug Administration (FDA) computer system validation (CSV), our knowledge, experience and flexible methodology and approach help us craft a solution tailored to your unique circumstances.

We help you evaluate all strategic options, being especially mindful of the selected system integrator and type of regulations applicable to your business environment, including Sarbanes-Oxley Act, FDA, General Data Protection Regulation (GDPR) and other global regulations, data privacy concerns and tax structures. We also evaluate your internal organizational structure and culture regarding its adaptability to change, the bandwidth of internal employees and other critical companywide initiatives.

For software being implemented in FDA-regulated industries, our FDA CSV services assess your system for software verification and validation and process validation, to meet FDA CSV requirements from installation qualification (IQ), to operational qualification (OQ) and performance qualification (PQ).

RSM’s ERP implementation risk service team’s capabilities:

: RSM’s IV&V assessment methodology is based on the Institute of Electrical and Electronics Engineers (IEEE) standards for software verification and validation, but is enhanced with several frameworks including ISO2700, PMBOK/PMP, COBIT5, ITILv3, PROSCI, COSI, C-SOX, NIST, PCI and HIPAA. Our IV&V approach determines if the software, hardware, documentation and user requirements have been designed completely, accurately and consistently.

Our methodology is flexible to align with any ERP and any industry, with any type of project methodology (i.e., agile, waterfall or hybrid), upon which we then bring in ERP subject matter professionals when a deeper understanding of system functionality and options is needed. Our methodology is flexible; we work with many customers to customize our IV&V assessments to contain the specific areas of high risk that our customers would like us to focus on.

: When choosing an out-of-the-box ERP solution, implementers are typically not responsible for compliant security or automated controls design or testing the effectiveness of controls before go-live. With an understanding of regulatory requirements such as C-SOX, JSOX and FDA, we can evaluate the controls environment, review design documentation and identify control objectives and control design activities. We can implement GRC technologies or utilize our own proprietary tool, RSM Guardian, to mitigate segregation of duties risk, or build bots to automate controls or test automated controls.

: If resources or timeline constraints didn’t allow design controls during implementation or there are unexpected problems after your go-live, we can assess both the design and operating effectiveness of your controls post-go-live. Using our tools, we quickly assess your environment to identify automated or security controls to recommend speciﬁc improvements for remediating any control failures.

Additional insight

See all risk, fraud and cybersecurity insights

Additional solutions to achieve your organization’s goals

Experience the power of being understood

Connect with our risk, fraud and cybersecurity professionals today.

Contact RSM today

Stay up to date on what matters most to your business.

Let us know your personal preferences for topics, industries and services to start receiving RSM updates in your inbox. Get the most from insights, events and offers from our team of first-choice advisors.

Subscribe now >

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent assurance, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.

Featured technologies

Platform user insights and resources

About RSM

Experience RSM

Spotlight on culture

Work with us