ERP Migration – P2P risk protection

27th July 2021

Written by Stewart Hayward

It’s great news that most organisations are moving back into growth after the prolonged period of Covid-related suppression. This means that digital transformation projects are back on the agenda; Finance departments are upgrading their ERP systems to support organisational growth and streamline their operations to boot.

With an ERP migration – and most other finance transformation projects, there are risks to your Procure-to-Pay (P2P) cycle that increase significantly during, and possibly after, the migration project. Careful planning will mitigate these risks and leave you with a new ERP system that’s optimised for P2P risk detection and continually protected.

Why Risk Levels Rise

With a large and complex project such as ERP upgrade or migration, your team’s time and attention gets diverted to this, leaving operational processing with less time to focus on the processing controls and identification of risks that would normally take place.

On top of that, they will be learning how to use and configure the new ERP, further distracting them from the old system and its long-winded processes. And until all the user roles and privileges are set-up, your new ERP system may not enforce segregation of duties and data, leaving you with the heightened risk of non-compliance or internal fraud.

Other factors such as parallel running coordination problems, and suppliers taking advantage of the situation to submit multiple copies of invoices, can contribute to additional risks during migration that can rack up sizeable costs.

The Risks You’ll Experience

1) With processing controls in the old system not receiving as much attention as previously, and new controls not being set-up or fine-tuned in the new system, the risk of overpayments increases. Some will slip through, it’s inevitable, especially during the parallel running and testing period. And with every 0.1% of additional overpayment on £250M supplier spending costing £250,000 this is one area that needs some extra attention.

2) Non-compliance with your internal best practices. These steps keep your processing risks and time to pay low, but will not always be followed during a major transformation project – there just isn’t enough time or focus on the old ERP to keep everything on track. You’re working on its replacement after all, and time spent there is a better investment, right?

3) In the 2021 ERP Report from Panorama Consulting, 46% of the survey responders stated data and governance issues in their ERP implementation overrunning. Within the sub project of AP and Procurement module migration (that underpin the P2P process), it’s easy to cut corners to save time, migrating the minimal amount of data. This will restrict the effectiveness of future risk detection and may also requires archived data to be retrieved and migrated retrospectively, causing further delay.

4) Wherever there is change and distraction, there will be some internal and external people who become more willing to exploit this for their financial gain. Fraud is an unpopular topic, but don’t let this be a reason to ignore the need for protection during vulnerable times. Assume that every migration project will encounter fraud and plan your protection from the outset, not once it has been discovered.

These are just a few of the most common risks. Moving data and processes that have built up over many years, to a new or different system, has many stress points that can let in risks to your supplier payments. Preparation and vigilance are the keys to project success.

Protecting Yourself from P2P Risks

With your alarm bells ringing over the range and significance of risks that increase during an ERP migration or other finance transformation projects – implementing or upgrading AP Automation, RPA, eInvoicing, a Supplier Portal or moving to a shared service model, for example, it’s time to look at what steps you can take, proactively before and during the project, to protect yourself.

1) Benchmark. Measure KPIs before and after migration has completed. If they are not the same or better, something is wrong, and you need to find the root cause and fix it. Without the before metric for comparison, it’s easy to view the new ERP’s performance through rose tinted spectacles.

2) Perform a Forensic Audit Before Migration. Not only will this uncover overpayments that can be recovered, generating cash, but details will emerge of how clean your suppler and transaction data is, and where any processing issues originate from.

3) Cleanse your master supplier master data. It’s easier to simply copy the whole thing over, but the file will have thousands of records and has grown over time, and will inevitably contain duplicates, incomplete records, and errors. Left untouched, you would simply move all these risk sources into your new ERP.

One of our customers recently found that 70% of the records in their vendor master file were duplicate or inactive vendors.

4) Map and improve processes. Where your processes have bottlenecks or error hotspots, these should be ironed out before they are replicated in the new ERP. Redesigned and streamlined process and policies can be moved to the new ERP, further improving its P2P processing efficiency.


Due to the size and complexity of an ERP migration, the overall project management and planning rarely goes into the detail that the AP and Procurement teams would like it to. FISCAL Technologies’ consultants are on-hand to help you carefully plan and manage the migration of this critical area, taking responsibility and driving project success. We want you to avoid risks that would otherwise leave your P2P cycle exposed, and the ERP migration project at risk of overrunning.

Our experienced team know what preventative steps to take before and during migration projects. These will keep you safe throughout the project and leave you with a new ERP system that has the clean data and continual checking needed for best in class P2P risk protection.

Subscribe and get the latest expert advice, practical tips, and useful risk and compliance information delivered straight to your inbox