Blog Article

Our CEO, Jeff Hare, CPA CIA CISA comments on the MGM cyberattack: Sadly, we see another significant, and successful cyberattack with MGM Resorts being the latest victim.  What we understand from the information available, is the breach could have a material impact on the company’s financial results. This is the first major corporate breach since […]

The latest U.S. Securities and Exchange Commission (SEC) guidance on Cyber Security risks have “Cyber” firms buzzing.  Those that thought this would be the equivalent of Sarbanes Oxley must have been seriously disappointed.  There was no mandatory audit of Cyber risk included. The guidance requires companies “to disclose material cybersecurity incidents they experience and to disclose on […]

Written By Fred Roth, CISA, Sr. Adjunct Lecture at ERP Risk Advisors Artificial Intelligence (AI) is fast, complex, and limitless. The risks and rewards are in the news daily. As with any new technology, security and controls lag technological growth. Who will assess the security and controls of this innovative technology for your enterprise? “…with […]

I recently wrote an article called Why Access Controls Must Be Tested for All In-Scope Systems and the feedback has been shocking. I have a decent network of auditors throughout external audit firms who regularly comment “off the record” when I am drafting or have published something. 

Organizations using SaaS Applications are encountering an increase in fraud risks that traditional cyber security firms are failing to recognize. Most organizations focus on protecting the perimeter and risks related to ransomware and data theft, leaving the organization vulnerable to attack in neglected areas.

Sarbanes-Oxley and control design best practices require access controls be tested for every in-scope ERP system within an organization’s Risk and Control Matrix (RACM). While this may not be the standard for …

ERP Risk Advisors comments on the Dish TV breach: Another day… another breach. While we do not know the details of what caused the breach this reminded us of the significant cyber risks organizations face when using Oracle’s E-Business Suite’s internet facing applications.

In early January, FAA software caused US flight operations to halt for several hours. For a summary of the software failure, see Adam Levin’s Bloomberg article “FAA Computer File Caused by People Who Damaged Data File”.

ERP software provides organizations with tremendous benefits including vast configurable processes and standard reports used for reporting on data.  ERP software comes in two flavors: those that …

I did it! My redemption race is done. I AM A IRONMAN!!! Two years, eight months and 20 days from my heart attack in the Oman 70.3 race, I completed my first full Ironman race in Arizona this past week.

Despite having been in the Oracle applications space for over 20 years it is still a mystery to me what external auditors do or don’t do in their audit.  Recently on vacation I ran into an IT auditor from a big …

UK Police Department using ERP Cloud given “Significant Deficiency” by Grant Thornton partially due to “Segregation of Duties” issues and system accounts.

Last week I wrote a blog talking about how the System Implementation industry is biased against a “Complete and Secure” implementation.  This week I’d like to address another elephant in the …

This article is long overdue, but still one I have been dreading to release.  I know the audit firms could come under significant additional scrutiny from regulators such as the PCAOB.  However, there are …