The SI industry is stacked against a ‘complete and secure’ ERP implementation

The SI industry is stacked against a ‘complete and secure’ ERP implementation

The SI industry is stacked against a ‘complete and secure’ hashtag#ERPCloud implementation? SIs don’t win bids by providing a scope that includes controls and role design. Very little, if any, customization of roles is included in the implementation project plan. Often controls design only happens around the time of UAT, leaving too little time to change business processes if they need to be changed to support controls. After going live, organizations are left with these challenges:

·Significant material fraud risk due to poor control design and too many users having Keys to the Kingdom privileges
·Users with seeded and custom roles that have SoD conflicts within them and excessive access to high risk privileges
·IT roles aren’t designed to migrate from Hypercare to normal support
·Incomplete control design because audit policies haven’t been enabled and OTBI reporting isn’t built
·Workflow delegation policies haven’t been developed
·Users who can override controls by having Transactions and Configurations
·No way to perform lookback procedures for users with elevated access
·User provisioning process has no way to identify SOD conflicts and SA risks

These are key issues that cause an incomplete implementation.

hashtag#oracleerpcloud hashtag#erparmor Contact kevin.hare@erpra.net for more info.

Jeff Hare
jhare@erpra.net

Jeff Hare, CPA CIA CISA is the founder and CEO of ERP Risk Advisors. His extensive background includes public accounting (including Big 4 experience), industry, and Oracle Applications consulting experience. Jeff has been working in the Oracle Applications space since 1998 with implementation, upgrade, and support experience. Jeff is a Certified Public Accountant (CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal Auditor (CIA). Please follow us on LinkedIn and Youtube.

No Comments

Post A Comment