Most businesses rely on the integrity of their ERP systems to operate their applications and to be in alignment with business goals and stakeholder expectations. To ensure the integrity and reduce the risk of fraud, it is important to understand where or how ERP risks can be introduced so that you can properly secure your system.
These risks can cause:
As companies grow, we often need to make operational changes to aid efficiency. Without a robust change management process, added risks can be introduced to your ERP system and easily missed.
Your change management process should include:
This should include ample time to complete both positive and negative testing for functional processes, security access, and stress test against the system/infrastructures.
Approval processes should have multiple check points to ensure the change requests are appropriate and that approvers understand the responsibility they are undertaking. Appropriate approvers can easily identify the risks in a process and whether the change is operationally sound.
In case the implementation runs into errors, preparations should be made prior to implementation to allow restoration back to status quo.
All changes can be potentially flagged for audit. It is best practice to have well documented changes and ensure it can be traced down to when, how, what, and who.
A successful change management process will provide management assurance that only authorized and tested changes to systems and structures are implemented.
It is common for organizations to develop customized applications and reports to better suit business needs. However, when modified objects are used, it is crucial to follow the same rigorous testing as any other business change. Treating your custom modifications in the same way as you would introduce an entirely new process change will help ensure you are best reducing risk.
It never ceases to amaze me how painful the change process is when staff changes happen. Staff changes include on boarding, off boarding, name changes and change in titles/responsibility. Having a clear and collaborate staff change workflow can remediate any risk the change can cause.
Consider the following:
You may have all the proper processes and mitigating controls in place, but it is important to keep your risk-health in check. For some processes, checking as often as daily can be crucial to the business. This includes:
Although the responsibility for the operating control and its proper functionality lies with the Security and/or System Administration team, the accountability inevitably falls on the Business Support team if control fails and risk is materialized.
Pathlock offers a suite of ERP security and risk management solutions that enable you to monitor, detect, and mitigate risks within your ERP applications. Use these links if you’d like to explore solutions that help you manage risk in SAP, Oracle E-Business Suite, PeopleSoft, and more.
If you want to talk to our ERP experts, get in touch with us today.
Share