ERP systems are meant to minimize risks, but they sometimes create risks of their own. If any of these sound familiar, you might want to consider new technology approaches.
The theory of an enterprise resource planning (ERP) system was that an integrated enterprise-wide system on a single platform would be more efficient, and have enough built-in controls to minimize the risks of bad things happening. But the reality has turned out differently.
“Many organizations are now actually facing more risks relating to ERP implementations themselves.”
Here are six common ERP-related vulnerabilities that may be letting revenue leakage and compliance risks fly under your radar:
1. You have more than one ERP platform
You might be a large organization that runs multiple ERPs and applications that link into those systems. Controls in standalone applications and at the point of connection to an ERP can hide weaknesses—creating additional risks.
2. There are multiple individual instances of ERPs
With multiple ERP instances spread across different physical business locations and business entities, it might happen that duplicate invoices and payments can be processed if the same vendor is set up in both the company’s corporate and branch entity.
3. Application control settings are not turned on
This seems like a simple one, but within any given ERP instance it’s often the case that control settings get turned off—a lot of the time to increase efficiency and minimize the time dealing with exceptions. Other times they are turned off unintentionally. But having them turned on is a must.
4. Implementation deadlines caused some controls to be overlooked
The pressure of implementing a new system can be stressful, and controls can easily get overlooked as a result of time pressures and distractions the implementation project itself can cause with so many moving parts and considerations. Teams can sometimes make deliberate decisions not to turn on certain controls for the sake of efficiency and flexibility.
5. Deliberate attempts to bypass controls
Even if activated, most control settings are subject to “workarounds”—people can get very creative. And of course, fraud and abuse also motivate many creative approaches to bypassing controls.
6. Data entry errors
Something as simple as misspelling is shockingly common and extremely difficult to eliminate. For example, a duplicate vendor is created with slightly different spelling of names. This creates a wide (and undetected) opening for duplicate payments, error and fraud to occur.