The SI Industry is Stacked Against a ‘Complete and Secure’ ERP Implementation

The SI industry is stacked against a ‘complete and secure’?#ERPCloud?implementation? SI's don’t win bids by providing a scope that includes controls and role design. Very little, if any, customization of roles is included in the implementation project plan. Often controls design only happens around the time of UAT, leaving too little time to change business processes if they need to be changed to support controls. After going live, organizations are left with these challenges:

• Significant material fraud risk due to poor control design and too many users having Keys to the Kingdom privileges.
• Users with seeded and custom roles that have SoD conflicts within them and excessive access to high-risk privileges.
• IT roles aren’t designed to migrate from Hypercare to normal support.
• Incomplete control design because audit policies haven’t been enabled and OTBI reporting isn’t built.
• Workflow delegation policies haven’t been developed.
• Users who can override controls by having Transactions and Configurations.
• No way to perform lookback procedures for users with elevated access.
• User provisioning process has no way to identify SOD conflicts and SA risks.

These are key issues that cause an incomplete implementation.