Any ERP!

We are witnessing the most significant digital transformation in global history – surpassing the massive Y2K tech boom. This shift is largely driven by evolving cyber security risks in our work from home era and modernization of business processes.  Why do some organizations pursue ERP implementations to reduce costs? That’s not always the case.   With […]

“The definition of insanity is doing the same things over and over again but expecting different results”, attributed to Albert Einstein. I am writing this six-part article series about Why ERP Implementations Fail – to help you avoid a failed or a ‘less than optimal’ ERP implementation. In part 1, 2 and 3 we have […]

“The definition of insanity is doing the same things over and over again but expecting different results”.   I have been in the ERP implementation and ERP audit space for over 25 years. More often than not implementations are NOT “successful” – let’s explore why.   Understanding Why Your Risk Advisory Firm Should Not Be Your SI […]

“The definition of insanity is doing the same things over and over again but expecting different results”. I am writing this six-part article series about Why Implementations Fail – to help you avoid a failed or a ‘less than optimal’ implementation. In part 1 and part 2 we have covered the following two topics:  Software […]

Disruption in the risk advisory industry has influenced industries time and time again over the years. Everyone understands how Uber revolutionized the yellow taxi model. Uber sparked competition from Lyft. Both have since faced competition from autonomous vehicle services such as Waymo.  Think of iTunes taking over the radio industry—and then Spotify.  Cell phones and […]

When embarking on a Digital Transformation Project, management strives to avoid becoming a headline in the news  due to significant cost overrun or Significant Deficiencies in their first external audit after going live. In this six-part article series we are exploring the six systemic biases working against a successful ERP Implementation. In the first article, […]

Having been in this space for over 25 years, I have seen the good, the bad, and the ugly.  The deck is stacked against a secure and compliant ERP system implementation. Most publicly traded organizations implementing a new ERP system likely will have one or more “Significant Deficiencies” in the first year that should be […]

We are witnessing the greatest digital transformation ever as organizations are moving from legacy ‘on-premise’ ERP systems to cloud-based ERP systems (SaaS applications). Though management is investing millions into the implementation of these SaaS applications, experts estimate that up to 90% of them fail. Why? Because “success” isn’t always about going live on time, within […]

A digital revolution is upon us! We are witnessing the greatest digital transformation since Y2K thanks to perpetual patch cycles within SaaS Applications. Organizations are ridding themselves of building and managing data centers by moving their legacy applications to hosted data centers. And thus moving many of their legacy applications to modern SaaS applications. Some […]

Managing identity has become one of the most critical elements of enterprise security in today’s complex digital environment

Having been in the Security and Controls space for far too long, I have witnessed and am still witnessing a phenomenon that needs to be addressed.  Auditors talk WAY too much about Segregation of Duties. Hear me out… In testing access controls, auditors spend way too much time assessing risks related to SoD and far […]

From our Cyber Security technical expert, Connor Thompson, CIA CISA In the Software as a Service (SaaS) world, cyber security risks extend far beyond traditional perimeter defenses and malware protection. Today, a strong cyber security strategy for SaaS environments must encompass a multi-faceted approach. This includes strong authentication methods, user training against social engineering attacks, […]

Part 2: In part 1 of this article series, I postulated that there is a systemic issue related to management override of controls. More concerning than the existence of this issue is that it isn’t being addressed by management or the audit community. This issue is systemic. Let’s discuss what changes we would need to […]

I recently wrote an article called Why Access Controls Must Be Tested for All In-Scope Systems and the feedback has been shocking. I have a decent network of auditors throughout external audit firms who regularly comment “off the record” when I am drafting or have published something. 

Organizations using SaaS Applications are encountering an increase in fraud risks that traditional cyber security firms are failing to recognize. Most organizations focus on protecting the perimeter and risks related to ransomware and data theft, leaving the organization vulnerable to attack in neglected areas.

Sarbanes-Oxley and control design best practices require access controls be tested for every in-scope ERP system within an organization’s Risk and Control Matrix (RACM). While this may not be the standard for …

Despite having been in the Oracle applications space for over 20 years it is still a mystery to me what external auditors do or don’t do in their audit.  Recently on vacation I ran into an IT auditor from a big …

This article is long overdue, but still one I have been dreading to release.  I know the audit firms could come under significant additional scrutiny from regulators such as the PCAOB.  However, there are …