As organisations rely more heavily on enterprise resource planning (ERP) systems and other information and communications technologies, risks around data accuracy and security escalate rapidly. Some stem from the expanded use of existing ERP systems, while some are introduced through application and systems integration from mergers or other activities. Without proper controls in place, sensitive data is at heightened risk—increasing the potential for fraud, as well as privacy and compliance violations.
In addition to organisation wide risks, there are the practical software-related risks and concerns to be mitigated. Compliance with changing regulatory and legal requirements is a constant and growing pressure. Competitive use of new technologies and the speed with which they can be deployed is critical in attaining early mover advantages. Given these pressures, the business case for investing in a strong, highly automated internal security and control environment grows stronger all the time.
Deloitte assists with Access Management and ERP Security (SAP, JDE, Oracle etc.) – design and implementation of the application security structure and establish access rights which support the requirements of the business. Security accelerator templates provide guidance related to role definition and applicable Segregation of Duties. This process includes security set-up, maintenance, administration and operations for all environments, as well as development, quality assurance, training and production.
ERP-enabled business controls – design and implementation of an internal control framework that leverages a cost-effective mix of automated and manual controls embedded in the automated business processes. These controls may include internal controls over financial reporting as required by Sarbanes-Oxley and other similar regulations and potentially other operational, compliance and privacy-related controls, depending on management’s requirements.
Leveraging Deloitte’s know-how and tools, member firm professionals can help you meet the requirements of your regulators, auditors, and internal stakeholders by achieving the following benefits: