ERP Security: You may not see the risks, but that doesn’t mean they’re not there

Why ERP security audits / assessments are crucial and what they should include

Security audit: Find hidden risks

I wish I had a dime for every time that someone told me they have nagging concerns about their ERP security.  It’s a common problem, but many ERP users don’t have a clue how to find the weak spots, and they certainly don’t have time or budget to find out if their doubts are justified.

To me, that’s a bit like driving a car when you have a feeling something’s wrong with it – you might get away with it, but is it really worth the risk? Wouldn’t it be safer to get it checked out?

You can’t afford to jeopardize the integrity of your ERP system

Your ERP system is probably one of your most valuable corporate assets.  Weaknesses in its security could lead to many kinds of risks, such as:

  • Internal fraud
  • Data theft
  • Theft of Intellectual Property
  • Operational error
  • Financial misstatements
  • Audit findings

And it’s not only about risks; it’s also about efficiency.  If your security model is inefficient, you probably spend too much time managing it – which often leads to things being missed when busy people need to get things done quickly, so you end up caught in a vicious circle…

The best way to uncover hidden risks and inefficiencies is to conduct regular ERP security audits / assessments.  But ERP systems are very complex, so you need to know what to look out for, and what to include in your audit. Every ERP system has unique system configuration settings, for example, where unauthorized changes, whether malicious or accidental, could incur huge operational disruption and costs.

Prioritized remediation

So obviously your security assessment should identify the problems – but what are you going to do about them?

Assessments can sometimes produce a daunting list of issues that you never even knew existed, so your report must include the information that you need to fix them, and identify high risk problems, to enable you to prioritize remediation effort where it’s most urgently needed.

In this short video, I give a brief introduction to:

  • Why are ERP security assessments important?
  • What are the benefits?
  • What should you assess?
  • What information should the assessment report contain?
  • How often should they be carried out?

I hope you find it useful!

If you’re looking to get help with a JD Edwards EnterpriseOne security assessment, experts such as the Big 4 consultancies can be protracted and very expensive.  Now there is a low-cost way to analyze your security and SoD, have the results examined by JDE security and audit experts, and receive prioritized recommendations for remediation, directly tied to ITGC activities – in less than two weeks.

If you’d like to find out more, please register for our Security Assessment webinar on February 16.

We also offer automated security assessment / auditing solutions for JD Edwards EnterpriseOne and World, Oracle E-Business Suite and Oracle ERP Cloud.

They encapsulate the knowledge of our experts to look for gaps or weaknesses in your security. Our experts review the results with you, discuss the implications and offer advice to help you work out a prioritized, realistic remediation plan. Please contact us if you’d like to find out more, or request a demo.