How do you find a balance between running a high-performance financial process and efficiently managing the gaps that exist in your ERP-centric controls?
Originally intended to deal with this problem, the theory of an enterprise resource planning (ERP) system was that an integrated enterprise-wide system on a single platform would be more efficient and have enough built-in controls to minimize the risks of bad things happening. But the reality has turned out differently.
Many organizations today face risk exposures relating to ERP implementations. Here are six common vulnerabilities that may be enabling revenue leakage and compliance risks to fly under your radar:
You have more than one ERP platform
Typically large organizations run multiple ERPs, alongside applications that link into those systems. Controls in standalone applications and at the point of connection to an ERP can hide weaknesses—creating additional risks.
There are multiple individual instances of ERPs
With multiple instances spread across many locations and business entities, it may well be that duplicate invoices and payments can be processed if the same vendor is set up in both a corporate and branch entity.
Application control settings are not turned on
This seems like a simple one, but within any given ERP instance it is often the case that control settings get turned off—sometimes to increase efficiency, and other times unintentionally.
Implementation deadlines caused some controls to be overlooked
The pressure of implementing a new system can be stressful and controls can easily get overlooked as a result of time pressures and the distraction of the implementation project itself given all the inherent moving parts and considerations. In addition, deliberate decisions are often made to not enable certain controls, for the sake of efficiency and flexibility.
Deliberate attempts to bypass controls
Even if activated, most control settings are subject to “workarounds”—people will get very creative for the sake of increased efficiency and flexibility. And of course, fraud and abuse also generate many creative approaches to bypassing controls.
Data entry errors
Something as simple as misspelling is shockingly common and extremely difficult to eliminate. For example, a duplicate vendor is created with slightly different spelling of names. This creates a wide (and undetected) opening for duplicate payments, error and fraud to occur.
Learn how to illuminate risks in finance and accounting systems while maintaining high-performance control systems in this free eBook: