Search

Can you be sure that your AP Manager isn’t able to enter vouchers and create payments for a fake vendor? Do you know if anyone has unauthorized access that would allow them to change supplier bank account numbers? If you don’t conduct ERP security audits, the chances are that you don’t know whether such events –…

It can be very difficult to manage segregation of duties in any ERP system. But it is important to get it right. It’s the best way to reduce your organization’s risk of experiencing internal fraud, so it shouldn’t be just a box-ticking exercise to keep your auditors at bay! If you follow best practice techniques, managing segregation…

As part of our ongoing series on General Computing Controls (GCC), this article will focus on change management. As discussed in earlier posts, the objectives of general controls are to ensure: When testing your GCC controls, auditors will investigate how you manage changes to your ERP system. Change Management Risks Any changes to current processes…

When it comes to audit reporting and associated findings, our clients frequently ask us for recommendations on managing and monitoring privileged user access. In this article we will cover the some of the mitigating controls that you need to know to satisfy your auditors and reduce your risk of fraud. A privileged user is someone…

Most businesses rely on the integrity of their ERP systems to operate their applications and to be in alignment with business goals and stakeholder expectations. To ensure the integrity and reduce the risk of fraud, it is important to understand where or how ERP risks can be introduced so that you can properly secure your…

When considering controls, including Segregation of Duties(SoD), it’s important to focus on what we’re trying to achieve. The University of Toronto’s Internal Audit website defines a control as “any policy, procedure, practice, or mechanism designed to provide reasonable assurance that the organization’s objectives will be achieved. This includes controls designed to safeguard assets, ensure the…

As part of the ERP audit process, your auditors will test the general controls in your ERP system. The objectives of General Computing Controls (GCC), also known as IT General Controls (ITGC) are to ensure: Access Management Risks and Controls One of the biggest risks to the integrity of ERP systems is that users may…

Managing SAP roles can be incredibly complex and time-consuming for security teams. Often short-staffed and under time constraints, security admins are under a lot of pressure to ensure that roles are designed, developed, documented, modified, and provisioned in a timely manner. The process is particularly challenging for teams relying on manual role management processes. Not…

Granting timely access to new users isn’t always as easy as it sounds, especially for teams relying on spreadsheets, email chains, and other manual processes to ensure that users get the access they need. The tedious and error-prone provisioning process can often take days, resulting in lost time, money, and productivity for your team. With…