Don’t neglect security & controls during ERP implementation
Don’t neglect security & controls during ERP implementation
Insight

Don’t neglect security & controls during ERP implementations

Take the opportunity to define and execute a risk and security roadmap during the transition to SAP S/4HANA

SAP’s next-generation ERP, SAP S/4HANA, proposes simplified technical architecture, data model and business processes for businesses looking to improve their business suite. However, the new ERP represents a significant change; this is not your typical upgrade.    

SAP S/4HANA implementation will likely have a cascading impact on business processes and systems.

For example, new or mandatory application functionality in the updated ERP may render some legacy applications controls ineffective, while new controls have not been identified, configured or implemented. This could have a direct impact on controls, business processes, reports and more. 

The positives of faster, simplified business processes available through a new ERP may be negated by risk for those companies that neglect to factor security and controls into the implementation process.  

The transition to SAP S/4HANA is the perfect time to transform security and control programs.

Only one in 10 companies believes that governance, risk management and compliance are embedded across the organization, according to a study commission by SAP a few years ago. 

Organizations making the transition to SAP S/4HANA have the opportunity to address these concerns and lower their cost of compliance by taking full advantage of SAP’s security and control features, implementing new application security and access controls, leveraging GRC technology, and establishing optimized IT and business process controls. 

The first step is to dedicate the right team for the project.

In particular, the SAP S/4HANA implementation program must include a security and controls workstream staffed with knowledgeable SAP security and controls skills as early as possible in the process. Not only does risk increase with every delay involving the expertise of these professionals, but the cost of remediation rises—up to 30 times higher than if controls are included in the initial requirements, according to the National Institute of Standards and Technology.  

For more steps to help take advantage of the opportunity presented by ERP implementation, read Transforming security and controls during the transition to SAP S/4HANA. Additionally, check out our series of webinars on ERP risks, compliance and controls, and join our Securing the ERP Interest Group on LinkedIn.