When-you-need-answers-tomorrow-audit-erp-securityI was talking to a very worried IT Director yesterday.  Mike is a friend of mine, and he’d just been called into the CFO’s office – which is seldom a good part of any IT Director’s life.

But it all got a lot worse when he arrived on the 22nd floor.  The previous afternoon, the Controller had discovered that the external auditors were talking about qualifying their accounts.  Apparently, the SQL scripts and spreadsheets, which they were using to prove that fraud was not an issue, had been exposed as flimsy excuses for the real information that Mike thought they were.

They had been found out.

I had some sympathy for Mike.  He’d been trying to persuade the company to invest in a solution that Oracle had been pushing at them for several years.  But the CFO never bought in to the 6-figure price tag, nor the 6-month project.  There were always more pressing demands on resources, and no-one thought that any of their great staff would ever commit fraud.

But apparently the Auditors had found “evidence” – even though to Mike this “evidence” wasn’t conclusive; to him it seemed like procedural breakdown, rather than proof that someone had siphoned off the company’s cash.

At this point I did have to remind Mike that statistics show that companies have a 1-in-3 chance of falling victim to an internal fraud this year.  In fact, he was better off betting on his beloved Dodgers to win the World Series than hoping to keep his job when someone committed the “Dummy Company Fraud” on their in-house ERP.

Good Segregation of Duties Controls help to Prevent Internal Fraud

The good news is that Mike kept his head, and didn’t point out to his CFO that he’d continuously pushed for a tool to monitor Segregation of Duties (SoD) issues.  (On more than one occasion, Mike and I have agreed that reminding your bosses that you’re smarter than them seems like a great idea after a couple of Fat Tires, but it’s a quick way to end up jobless!)

The other good news is that, despite all his bluster, Mike obviously did listen to me.  As the CFO started to go nuclear in his search for a solution or a scapegoat, Mike pulled up my recommendation for QCloud Audit as a Service.

At that point, he nearly lost control of the discussion; his CFO doesn’t like mention of the Cloud, ever since someone at his golf club had his customer website hacked, resulting in him being the butt of everyone’s jokes for weeks.

Regular audits of ERP security draw attention to weaknesses

But he calmed down when Mike pointed out that this was a subscription service which the company can use to get full analysis of the SoD issues on their system, whenever they like.  And the price of less than $2k per month had him getting excited, particularly when Mike promised him the results the following morning.

So, I think it’s Mike’s round tonight!  But I might have to wind him up a bit by asking how he’s going to fix the SoD issues that he finds in his beloved Oracle E-Business Suite system – but I can help him with that too, and we can get it live within a month.

But I will suggest that he scares his CFO with the results first.  If anything can extract money out of the lovely fellow, it will be seeing how many people in the organization can commit basic frauds!

I’m off to watch the World Series catastrophe – I think it’s going to be a cheap night.

Could this solution help you to keep your job? Find out more about QCloud Audit as a Service.