Search

Data security is a practice that involves protecting digital information from unauthorized access, corruption, modification, or theft throughout its entire lifecycle. There are three main tenants of security: confidentiality, integrity, and availability. Data security strives to uphold these tenants by implementing policies, controls, and technologies to ensure that data is protected and accessed based on…

Secure, compliant, and efficient business processes are critical to enterprise operations. In SAP, Segregation of Duties (SoD) is a key principle in making this possible. What Happens When an SoD Exception Is Necessary? Often times a user will need to be granted roles and privileges that pose a conflict of interest. It could be that…

For some organizations, internal control management is only a periodic, “point-in-time” view of routine financial controls. While completing an ad hoc control assessment might tick the box for some basic compliance exercises, it lacks effectiveness if the actual purpose is to protect organizations from a growing number of internal threats. One of the biggest threats…

Due to digital transformation initiatives, the risk of exploitation at the application layer continues to increase. Critical applications, including SAP, are migrating to the cloud, connected with third parties, or made remotely accessible, leading to a higher risk of vulnerability exploitation. These changes have made SAP vulnerability management increasingly difficult. SAP security teams are hard…

What are Internal Control Weaknesses? Organizations use internal controls to protect themselves and comply with industry standards and regulations governing financial risks. Effective controls help ensure that financial reporting is accurate and adequately addresses investment, capital and credit requirements. Internal controls are required by many of the most common financial regulations. For instance, the 2002…

What are ITGC Controls? Information Technology General Controls (ITGC), a type of internal controls, are a set of policies that ensure the effective implementation of control systems across an organization. ITGC audits help an organization verify that the ITGC is in place and functioning correctly, so that risk is properly managed in the organization. The…

Organizations that use PeopleSoft manage thousands of users. Most of these users have limited roles that only allow them to perform job-related tasks. But there is a subset of users who have been granted access to perform specific actions or access certain information that is restricted to other users. These actions or information may include…

What are Tests of Internal Controls? Internal controls are rules and procedures established by a company to ensure business continuity, prevent fraud, and preserve the integrity and accuracy of financial reporting. A test of internal controls is an evaluation of the existing controls, either as part of an official audit or in preparation for an…

In November 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA) (full text here). To be clear, the CPRA does not replace the existing California Consumer Privacy Act (CCPA). Instead, it’s more accurate to describe the CPRA as an amendment of the CCPA, providing additional context and closing some of the ambiguity…