SAP, Oracle, Navision

The implementation of an ERP system such as SAP, Oracle, Navision, involves changing to a highly integrated environment, which can be complex. It can also entail significant adjustments to existing processes and your organisation’s set-up. These changes therefore do not just impact the IT organisation and controls but also primary business processes and the organisation itself.

However, the reliability and continuity of (automated) processes and the provision of management information is not guaranteed by implementing ERP software alone. During the project, adequate attention should also be paid to the business benefits that the new system is to deliver and to developing and embedding control measures.

Most organisations focus only on ensuring that the required functionality will be implemented in the new environment. Failure to properly implement and maintain the controls increases the risk with regards to:

• the continuity and reliability of your ERP environment, which can result in operational problems as well as financial losses;
• the reliability of financial and management information, making optimal steering of your business processes impossible;
• the effectiveness and efficiency of your business processes, raising the costs of running your business;
• unauthorised use of business resources by means of ERP-functionality access. This can be the result of non-respect of the organisational segregation of duties;
• statutory and regulatory compliance. Shortfalls could be incurred relative to statutory and regulatory requirements.

The implementation of an ERP system is also an opportunity to implement improved controls & security. A number of control measures can be configured directly in the ERP software, whilst others have to be embedded into the administrative organisation surrounding the system. In addition to the control rules needing to be configured, logical access security constitutes one of the most important control measures in an ERP environment. In particular, one of the main concerns is to allocate rights that are commensurate with user functions within the organisation.

To support the implementation of control measures, we have various internationally developed and maintained security analysis tools available for the main ERP packages, as well as our World Class Controls database, containing best-practice standards for (automated) control measures for each business process. Our security analysis tools comprise internally developed security software that inventories and simulates the complex structure of (desired) sensitive access and segregation of duties access rights. In addition to assessing these control measures, it is also possible to inventory and assess automated controls in an automated manner. With the aid of these tools, we are able to define and design control measures in a very efficient and effective manner.

How we can help you

Our team have extensive experience in evaluating business & process control measures in an ERP environment. Besides having good knowledge of the ERP software, many of them are certified IT auditors.

For the evaluation of ERP controls, we have an extensive set of tools and knowledge databases. These include tools like PwC SAP ACE (Automated Controls Evaluator) for SAP and GATE for Oracle