ERP risk and controls services

Managing the broad set of activities supported by the fully integrated suite of business applications, in addition to the embedded IT controls, can present a series of challenges for some organisations. These systems require specialist knowledge to fully understand the associated configurations and controls.

If this is your situation

  • You need assistance in assessing the segregation of duties and sensitive access associated with your system.
  • You need assurance that direct data access risks within your ERP environment are appropriately addressed.
  • You are unsure as to whether your ERP system has been correctly configured to mitigate financial and operational risks.
  • You wish to determine the risks that a new ERP release could pose to your organisation.
  • You require assistance in implementing ERP compliance tools.
  • You need assistance in identifying and documenting business processes and associated controls.

How PwC can help you

Our ERP Risk & Controls practice leverages our knowledge and experience, to assist organisations in realising the full benefits of ERP systems. We provide the following ERP Risk & Conrols related services:

Security and segregation of duties design analysis
Security within ERP is notoriously complex. As a result, many organisations assign excessive access rights to their users. We can perform a detailed segregation of duties design analysis specifically tailored to an organisation’s business model and rules, to ensure that security is appropriately designed prior to go-live.
Controls design
We can work with clients to perform reviews to ensure that controls have been designed appropriately given the clients specific processes and risks.
Compliance tool assistance
Faced with increasing regulatory requirements our clients are looking for opportunities to leverage their investment in controls and ERP systems by using compliance tools. PwC can monitor the installation of the software and assist in the setup of the compliance rules.
Security and segregation of duties analysis
We can work with clients to evaluate whether security is operating as designed, including performing a detailed analysis of SODs, sensitive access, and the security administration process.
Operating effectiveness of controls
Automated controls within ERP’s are highly configurable. We can work with clients to assess that these controls have been implemented appropriately and are operating effectively to mitigate financial and operational risk.
Training delivery assessment
Effective knowledge transfer is necessary during an ERP project to ensure the continued running of an organisation and to maximise the efficient and effective running of the system. We can perform a review of the transfer of knowledge from the project team to end users, to determine if appropriate training has been provided to allow the organisation to realise the full benefits of the new system.
Data conversion
Ensuring that data is completely and accurately transferred from legacy systems is a key activity in achieving a successful ERP implementation. We can provide assistance in determining that processes and controls are in place to ensure a successful conversion of key data. PwC tools and methodologies can also be applied to assist in the validity of data prior to conversion into the new system.
Documentation assistance
ERP implementations can cause fundamental changes to a company’s business processes and supporting controls. As a result, a client’s 404 documentation may need to be updated to reflect the new controls and processes. We can assist clients in their documentation update, including the selection and inclusion of appropriate controls.
Data management and assurance analysis
Our team can work with clients to extract transactional data from the ERP system and perform analusis to assist in identifying and resolving issues regarding the reliability of data.


  • PwC proprietary suite of tools:
    We have the following suite of tools that allows PwC to effectively and efficiently assess the design and operating effectiveness of ERP controls: SAP ACE, Oracle GATE and JDE SODA Tools. These tools automate the evaluation of security (segregation of duties and sensitive transactions) as well as selected automated configurable controls within the respective ERP environment. These tools once combined with our highly experienced team leads us to providing trusted advice and effective compliance solutions.
  • Data management and assurance analysis
    Our team can work with clients to extract transactional data from the ERP system and perform analusis to assist in identifying and resolving issues regarding the reliability of data.