Security audits: don't bury your head in the sand
Security Audits: Don’t Bury Your Head in the Sand

Can you be sure that your AP Manager isn’t able to enter vouchers and create payments for a fake vendor?  Do you know if anyone has unauthorized access that would allow them to change supplier bank account numbers?

If you don’t audit your ERP security, the chances are that you don’t know whether such events – or many other similar ones – could occur.  You need to be sure that all employees have appropriate access rights – and to identify any who don’t, so that you can resolve the risks.

But it’s not only about preventing fraud or satisfying your auditors – there are other important business benefits for organizations of all types and sizes.

Here are 7 reasons why you should conduct regular ERP security audits:

  1. Fraud prevention: you need to identify anyone with access that would allow them to use your ERP system to commit internal fraud. 50% of fraudulent incidents are committed by insiders, and statistics suggest that each year every company has a 35% chance of falling victim to fraud.
  2. Compliance reporting: if you’re subject to SOX or similar regulations, you’ll be expected to demonstrate that you’ve implemented stringent Segregation of Duties controls to reduce the risk of fraudulent activity.
  3. Auditor pressure: even if you’re not subject to SOX, auditors recommend Segregation of Duties(SoD) as the most effective way to prevent internal fraud. Regular SoD audits identify users with SoD violations.
  4. Avoid errors which disrupt critical business operations: whether by accident or through malicious intent, if an unauthorized employee changes critical configurations, it could bring your manufacturing and distribution operations to a screeching halt, causing huge financial loss.
  5. Avoid errors which cause loss of productivity: for example, if an unauthorized user makes erroneous updates to your manufacturing data, it could result in a failure to buy enough raw materials to keep up with production demand.
  6. Inaccurate financial reporting could lead to poor decision-making: e.g. unauthorized changes to automated accounting instructions that route costs to the wrong accounts could make business activities look profitable, when actually they are running at a loss.
  7. Avoid financial misstatements: there’s a big danger that inaccurate financial reporting gets carried through to misstated results, leading to penalties and reputational damage.

Auditing the security of your ERP system is critical to the health of your business

So why don’t all organizations do it?

The main reason is that it’s just too difficult.  Without specialized tools, it often involves complex SQL reporting and complicated spreadsheets – and lots of hassle – and it’s not as if most IT departments are short of work.  And despite frequent horror stories in the financial press, some people seriously still believe that it couldn’t happen to them….

That’s where we can help.  Our affordable new QCloud Audit as a Service conducts a security audit of your Oracle ERP System (JD Edwards, Oracle EBS, Oracle ERP Cloud) and delivers results overnight – with no demand on your technical team. It pinpoints the weaknesses in your security and makes recommendations for improvement – so you have all the information you need to fix the issues.

We also offer on-premise tools for efficient audit reporting and Segregation of Duties management.

However you decide to do it, the important thing is don’t bury your head in the sand – take steps to audit your security now!