Below you'll find a list of all posts that have been categorized as “Best Practices”
Practical Case: Access Management in five steps ERP ecosystems play a critical role in the success of companies, in many industries and in many countries. Supply chains depend on the integrity and availability of these systems. Company reputation easily can be damaged by fraudulent activities in these increasingly complex IT environments. To ensure integrity, companies typically apply controls – measures …
Integration = Efficiency ERP systems have been around for a long time. And for a good reason. The out-of-the-box integrations within an ERP system allow companies to reach high levels of efficiency. Integration of the sales, planning, purchasing, production, delivery and accounts receivable processes is not only very effective in an integrated environment, it also diminishes the probability of human …
After go-live, there will be situations for users not being able to perform their job because they don’t have the required authorizations. If this happens, at least it is a sign that authorizations were not given too generous. Nevertheless, these issues are to be resolved. Understandably, users tend to take a short-cut, to get the required authorizations as soon as …
In addition to the operational process to identify conflicts, it is necessary to periodically review the underlying elements. This is mainly about the roles and the controls. A role review can take place on two levels. Assess whether the role only provides access to the necessary application components Assess whether the employees are linked to the right role(s). The first …
Large companies often arise from various acquisitions and mergers with other companies. Every acquired company typically has its own ERP environment, which cannot simply be replaced. That is why these companies often have multiple ERP systems. However, when processes are integrated, employees may have access to multiple ERP systems to perform their duties. If we look at the applications that …
Evaluating Conflicts can be an overwhelming task. In a previous blog “First things first” is explained how to prioritize conflicts, to make it manageable. Now, we assume the list of conflicts can be meaningfully categorized, filtered and assigned to the corresponding role- and risk owners. From there, these owners can investigate the conflict and decide how to resolve the conflict. …
Many companies have spent a considerable amount of effort to create the required business rules to identify conflicts. This task is complicated for different reasons: It requires an integrative and detailed knowledge of the full ERP application. Typically, knowledge of the ERP application is dispersed in different areas of expertise, with different people. To achieve consistency, strong coordination is required. …
A Segregation-of-Duties conflict can be defined as the situation where one ERP user has access to a combination of critical functions. This combination exposes the risk of fraud or error and eventually jeopardize the credibility of financial reports. Identifying SOD conflicts in an ERP system is a difficult task. It requires knowledge of all functions in the ERP system, combined …
The implementation period is the perfect time to start securing your ERP system against compliance risks. Examples of these risks are: unnecessary access to specific parts of the ERP system, undesired or not allowed combinations of role access (separation of duties), and unauthorized access to sensitive data. Designing the Access (authorization) model should be managed as an integral part of …
Deploying one or more ERP systems, whether it be SAP, Oracle, Infor, Microsoft or any other provider, is a challenge. Implementation teams are working hard to reach the go-live date. Often, security and compliance safeguards are sacrificed to prevent undesired delay of the project. At the go-live date, managements main concern is if the production line or services will not …
