ERP implementation risks

Lower risk and reduce the cost of compliance

A proven methodology to manage risk and improve security and controls ROI when implementing your ERP system

RSM US LLP can help you avoid these pitfalls. Our implementation risk professionals have decades of experience managing program risk; designing regulatory compliant security that also reduces user license costs; managing automated control enablement within various ERPs and applications; and enabling emerging technologies or ERP governance, risk and compliance (GRC) technologies during implementations. Our proven methodology focuses on the risk of key program success factors and is designed to help you realize the full return on your investment.

Our team has deep experience with large custom software implementations, as well as in risk, security and controls with a variety of leading ERP solutions including:

  • SAP
  • Oracle
  • Microsoft Dynamics 
  • NetSuite
  • Workday

RSM not only has deep experience in the configuration of these ERPs with regard to security and automated controls design, but we can also provide risk oversight during your ERP implementation. Whether you need program risk oversight, or an independent verification and validation (IV&V) or the U.S. Food and Drug Administration (FDA) computer system validation (CSV), our knowledge, experience and flexible methodology and approach help us craft a solution tailored to your unique circumstances.

We help you evaluate all strategic options, being especially mindful of the selected system integrator and type of regulations applicable to your business environment, including Sarbanes-Oxley Act, FDA, General Data Protection Regulation (GDPR) and other global regulations, data privacy concerns and tax structures. We also evaluate your internal organizational structure and culture regarding its adaptability to change, the bandwidth of internal employees and other critical companywide initiatives.

For software being implemented in FDA-regulated industries, our FDA CSV services assess your system for software verification and validation and process validation, to meet FDA CSV requirements from installation qualification (IQ), to operational qualification (OQ) and performance qualification (PQ).


RSM’s ERP implementation risk service team’s capabilities:

RSM’s IV&V assessment methodology is based on the Institute of Electrical and Electronics Engineers (IEEE) standards for software verification and validation, but is enhanced with several frameworks including ISO2700, PMBOK/PMP, COBIT5, ITILv3, PROSCI, COSI, C-SOX, NIST, PCI and HIPAA. Our IV&V approach determines if the software, hardware, documentation and user requirements have been designed completely, accurately and consistently.

Our methodology is flexible to align with any ERP and any industry, with any type of project methodology (i.e., agile, waterfall or hybrid), upon which we then bring in ERP subject matter professionals when a deeper understanding of system functionality and options is needed. Our methodology is flexible; we work with many customers to customize our IV&V assessments to contain the specific areas of high risk that our customers would like us to focus on.

Additional insight

Additional solutions to achieve your organization’s goals

Experience the power of being understood
Connect with our risk, fraud and cybersecurity professionals today.

Stay up to date on what matters most to your business.

Let us know your personal preferences for topics, industries and services to start receiving RSM updates in your inbox. Get the most from insights, events and offers from our team of first-choice advisors.