Risk identification and prioritization is very essential activity in any successful strategic risk management process. Developing a plan for dealing with such problems reduces the impact of unexpected risks and failures while prioritizing risks draws attention, efforts and resources to the risks with great impact on projects success. The aim of this paper, is to identify the critical risk factors in an ERP project through a case study of a successful implementation of an ERP system in a Sudanese organization and to understand how the organization implemented the appropriate controls to minimize its business risks impact. To achieve this objective, a number of key articles were reviewed and analyzed to understand the different critical risk factors influence ERP implementation. New risk factors and controls influence ERP implementation have been identified. A new model of ERP implementation critical risk factors was developed. Furthermore, the risk factors were classified into categories, probability, impact and proximity, then using a prioritizing tool, the results of this study contributes to risks identification and prioritization by pointing to the less priority and the most critical risk factors.