John Harrison

Managing Director

John is a Managing Director and leads Protiviti’s enterprise application solutions, helping companies optimize their investment and performance in business applications. This includes delivery of implementation best practices, automation, and governance of ERP and other cloud applications. He has been involved in various capacities in many ERP implementations throughout his career, with additional projects to enhance existing systems. 

Representative Engagements Include

  • SAP Controls and GRC – Directed project to evaluate and enhance the segregation of duties (SoD) and security associated with a new SAP deployment at an exploration and production company. Further oversaw the implementation of SAP’s GRC Access Control tools to streamline and manage ongoing security matters
  • Oracle Controls and GRC – Directed the controls integration work for an Oracle R12 implementation at a energy company by assisting the project team with input towards optimal configurable control design. This project also included the design and build of security responsibilities with proper access and segregation of duties controls within the security model Further, implemented Oracle’s GRC Access Governor to provide ongoing monitoring and control
  • SAP Implementation – Assisted drilling start-up in the selection of a systems integrator for a new SAP implementation and directed the client side effort to monitor project timeline, coordinate requirement and design input, perform integration and user acceptance testing, coordinate training and deployment, and arrange for hosting and post-go live support. Additionally, consulted on controls and GRC
  • SAP HR/Payroll Security Implementation – Directed an initial review of SAP security which identified issues and risks particularly within the HR/Payroll. This prompted a complete re-implementation of HR/Payroll starting with requirements gathering and architecture design, and proceeding through detailed design, build, testing, and deployment
  • Software Strategy and Selection – Directed a project at an manufacturing firm to establish the application strategy going forward including a Phase I to gather requirements and select software to close gaps including RFPs, demos and scorecarding; a Phase II to consult on the implementation roadmap and project plan, and a Phase III to run a project management office for the pilot and rollout, with focus on status, resources, risks, and communication with stakeholders


  • BBA, Management Information Systems, University of Houston

Professional Memberships & Certifications

  • Certified Information Systems Auditor (CISA)/ISACA
  • Certified Internal Auditor (CIA)/IIA