Enterprise systems are used to facilitate the seamless integration and exchange of data between the various departments within an organization. In order to achieve this, rigidly defined control mechanisms must be in place in the system, which safeguard the company’s data and protect the company against unauthorized and unintended uses of the system. This is ideal for total control; however, is only achievable to a certain extent. The configuration of controls in the enterprise system may have unintended organizational implications, due to organizational necessities.
Enterprise systems are used by large companies and small- and medium-sized enterprises (SMEs) to reorganize and streamline their internal and external operations. One particular type of enterprise system examined in this paper is that of the enterprise resource planning (ERP) system. The installation of an ERP system usually entails major business process reengineering issues (Boudreau and Robey, 1999; Al-Mashari and Al-Mudimigh, 2003), as companies often have to adapt their work practices to the ERP system. Consequently, new forms of controls need to be in place in order to ascertain the prescribed and efficient working of employees within the ERP system.