Search

When it comes to audit reporting and associated findings, our clients frequently ask us for recommendations on managing and monitoring privileged user access. In this article we will cover the some of the mitigating controls that you need to know to satisfy your auditors and reduce your risk of fraud. A privileged user is someone…

As part of our ongoing series on General Computing Controls (GCC), this article will focus on change management. As discussed in earlier posts, the objectives of general controls are to ensure: When testing your GCC controls, auditors will investigate how you manage changes to your ERP system. Change Management Risks Any changes to current processes…

It can be very difficult to manage segregation of duties in any ERP system. But it is important to get it right. It’s the best way to reduce your organization’s risk of experiencing internal fraud, so it shouldn’t be just a box-ticking exercise to keep your auditors at bay! If you follow best practice techniques, managing segregation…

Can you be sure that your AP Manager isn’t able to enter vouchers and create payments for a fake vendor? Do you know if anyone has unauthorized access that would allow them to change supplier bank account numbers? If you don’t conduct ERP security audits, the chances are that you don’t know whether such events –…

To secure and encrypt customer networks, SAP offers the SNC (Secure Network Communications) interface with which users can log in to SAP systems without having to enter a user name or password. In the standard system, SAP login credentials are transmitted in clear text. The SNC interface routes calls through the SAP Cryptographic Library, to…

For SAP experts worldwide, data display tools like the Data Browser (SE16), Quick Viewer (SQVI), and Query Start (SQ00) are basic components of their everyday work. They have become accustomed to using selection screens, variants, and ALV functions in the output lists of the Data Browser. In this post, we’ll show you examples from the…

SAP offers a consolidated data object, the business partner, to simplify the management of sensitive master data for customers, suppliers, and employees. This simplification also, however, poses significant dangers. Therefore, all companies that plan to migrate to SAP S/4HANA should familiarize themselves with the business partner concept ahead of time. Business Partner Concept Poses Risk…

Many companies are currently faced with the task of converting their SAP systems to SAP S/4HANA because their ERP maintenance will be discontinued in the foreseeable future. Project planning usually only takes technical and organizational aspects into account; however, crucial security topics aren’t given enough priority. As a result, the implementation of the authorization concept…

You know how vital SAP data security can be in the age of data privacy and compliance regulations such as GDPR, CCPA, SOX, and others. If you’re a company involved with any part of the defense supply chain—from direct contracts on defense projects to independent upstream suppliers of parts, components, services, and software that are…