What constitutes GRC for JD Edwards EnterpriseOne?
The main elements are:
Reporting for the Auditors (internal and external)
Segregation of Duties – setup and reporting
Access Control – with regular signoff (Access Control or Periodic Review)
It is a truism that most people see GRC as a cost, and a pain. This situation is often aided and abetted by the auditors, a good bunch of people who do not possess the best reputation among IT staff.
The auditors necessarily focus on key areas that they perceive as risky, and often ask for information that takes a long time to produce, with results that can actually be wildly inaccurate when you don’t have the right tools.
Business Benefits and Return on Investment
Costs associated with auditing can place a heavy burden on the business – yet a small amount of IT investment in this area can save a lot of time and money. In summary, a good GRC strategy within the business should be aimed at reducing audit costs, but one should never be complacent. The auditor will ask different questions next year, so the tools need to be flexible enough to be able to interrogate the data. “Standard” reports will not suffice.
More enlightened companies see that a good Security and GRC strategy will have other significant business benefits. Getting the Security Model right is fundamental to getting GRC right, and to propagating great business benefits.
If one bases the security roles in the ERP system on the processes within the business, there is great potential to realize other benefits. In particular Standardization of Processes across the business leads to:
- Operational efficiency
- Greater worker mobility
- Simpler consolidation of figures
- Tighter integration
- Easier reorganization
- Vastly simpler acquisition.
The implementation of standard roles, in a tight security model right across the business, can have enormous benefits, but can be difficult to quantify. And more particularly, it can be difficult to get business buy-in to this kind of standardization, and the breakdown of a divisional managers “fiefdom.”
If you’re heading to Vegas for COLLABORATE 17, do drop by Booth 623 to say hello – we’d be happy to discuss any questions you have about managing GRC for JD Edwards in your organization. We’re also presenting a number of Education Sessions, including a chance to hear an Auditor’s view of JD Edwards compliance – find out more here