ERP Consulting service represents a suite of highly customizable service offerings capable of addressing broad business and IT issues or focusing on specific areas of ERP risk and controls, depending on the needs of our client. Our services provide a mean to assess, improve, and monitor the risk and control environment surrounding their ERP environment by:

• Mitigating and reducing risks associated with designing, building, implementing, maintaining, and upgrading ERP systems
• Establishing and maintaining a highly controlled ERP environment, improving process effectiveness, securing ERP infrastructure, and properly implementing and maintaining process controls.

We can provide you with assessment of most common ERP solutions such as SAP, Oracle, etc.. The service consists of:

• Acquaintance with the subject of review. Expected outcomes:
  •  
    •  System description, including lists of:­ transactions, ABAP programs, tables, roles, authorization profiles and user master records;­ data carriers;­ other security measures (etc. table types, clients).
    • List of key users (with explanations why).
    • Description of technical and organizational involvement (interfaces).
• Detailed definition of scope. Expected outcomes:
  •  
    • Summary of current state
    • Inadequate ERP settings can cause inability to perform critical processes of the company. Possible outcomes of risks connected to inefficient or inadequate ERP settings are:­ Exposure of confidential information­, Single point of failure, Poor data quality, Loss of assets, intellectual property, Noncompliance with legislation
    • Analysis of business and IT goals
    • Review program (scope defined on identified risks)
    • Testing plan
• Review (control testing). Expected outcomes
  •  
    • documented test results,
    • documented findings,
    • supplemented evidence of tests and findings.
• Reporting. Expected outcome:
  •  
    • Report.Report will contain documented control deficiencies and related threats and voulnerabilities. Additionally, we will document also actual and possible consequences/impact. Report will also contain:­ Recommendation for mitigation of control deficiencies;­ Risk rating (high, medium, low)­ Opinion on control quality.
    • Suggestion on further ERP reviews.