Select Page

Is your organization at risk for these 6 common ERP system vulnerabilities?

Galvanize

Galvanize

ERP systems are meant to minimize risks, but they sometimes create risks of their own. If any of these sound familiar, you might want to consider new technology approaches.

The theory of an enterprise resource planning (ERP) system was that an integrated enterprise-wide system on a single platform would be more efficient, and have enough built-in controls to minimize the risks of bad things happening. But the reality has turned out differently.

“Many organizations are now actually facing more risks relating to ERP implementations themselves.”

Here are six common ERP-related vulnerabilities that may be letting revenue leakage and compliance risks fly under your radar:

1. You have more than one ERP platform

You might be a large organization that runs multiple ERPs and applications that link into those systems. Controls in standalone applications and at the point of connection to an ERP can hide weaknesses—creating additional risks.

2. There are multiple individual instances of ERPs

With multiple ERP instances spread across different physical business locations and business entities, it might happen that duplicate invoices and payments can be processed if the same vendor is set up in both the company’s corporate and branch entity.

3. Application control settings are not turned on

This seems like a simple one, but within any given ERP instance it’s often the case that control settings get turned off—a lot of the time to increase efficiency and minimize the time dealing with exceptions. Other times they are turned off unintentionally. But having them turned on is a must.

4. Implementation deadlines caused some controls to be overlooked

The pressure of implementing a new system can be stressful, and controls can easily get overlooked as a result of time pressures and distractions the implementation project itself can cause with so many moving parts and considerations. Teams can sometimes make deliberate decisions not to turn on certain controls for the sake of efficiency and flexibility.

5. Deliberate attempts to bypass controls

Even if activated, most control settings are subject to “workarounds”—people can get very creative. And of course, fraud and abuse also motivate many creative approaches to bypassing controls.

6. Data entry errors

Something as simple as misspelling is shockingly common and extremely difficult to eliminate. For example, a duplicate vendor is created with slightly different spelling of names. This creates a wide (and undetected) opening for duplicate payments, error and fraud to occur.

eBook:

Using Analytics to Balance Risk and Control Productivity

You’ll learn:

  • How to illuminate risks in finance and accounting systems
  • 7 Performance Hacks to improve risk management and performance
  • A Technology Buying Guide for risk and control management and analytic monitoring
  • How to understand the gaps in your ERP Systems.

Download eBook

Related Articles

Find us in Gartner MQ for IT Risk Management

Gartner names Galvanize (formerly ACL and Rsam)* a Leader in the 2019 Magic Quadrant for IT Risk Management

Learn what you should be looking for when selecting an ITRM solution.

Download the report