Security access controls management
Governance, Regulatory & Risk
Despite the technology you are using (SAP, Oracle, Salesforce, Microsoft Dynamic Suite, …), the best way to protect your business data is by controlling access to the systems where that data is being processed and stored. Getting a handle on the actions a user can perform in a system is key.
Effective access controls are the first line of defense against data corruption, fraud and data leakage.
- "Keep Calm" check
- ERP Security Strategy
- ERP Authorizations Design
- ERP Authorizations Re-design
- User maintenance
"Keep Calm" check
Identifying problems in ERP systems is difficult because virtual things are hard to keep track of. Even if you have a disciplined way to manage security in ERP systems, you might still feel uncomfortable. Deloitte can help you to keep calm about the security of your ERP system, by:
- Running pre-audit checks for IT processes and controls
- Assessing the security configuration of the system
- Performing extended user access reviews
- Identifying high-risk Segregation of Duties (SOD) conflicts amongst users
ERP Security Strategy
If your company is looking for a clear vision on ERP Security Strategy, where do you start?
At Deloitte, we can assist you in designing an integrated vision for ERP Security. Our experts can help you to identify and prioritize the risks, objectives and activities, all presented in a Strategic Security Roadmap.
ERP Authorizations Design
Complexity can be the biggest threat when authorizations are set up in ERP systems. Have you ever wondered how to reduce this complexity?
Our teams are perfectly placed to help you to set up an authorization concept in the right way at the beginning onwards. Deloitte has the skilled specialists, experience and tools to deliver a well-designed and a transparent authorization concept, which is key to mitigate business and IT risks.
Have a look at the role management solution that Deloitte can offer.
ERP Authorizations Re-design
After some time and even with the best intentions, a well-implemented authorization concept can become disordered. This can result in unwanted activities of users which opens doors for data corruption, fraud and data leakage.
Deloitte is perfectly based to support you in after go-live re-assessments of users access rights (authorizations) that can be followed by a re-design of the authorization concept.
This will give your organization an opportunity to:
- Reduce potential fraud exposure
- Better control information that is used by users
- Avoid audit findings
Find out how Deloitte's role management solution can help you with your ERP authorizations re-design.
Organizations implement ERP systems to improve business processes, but managing users can still be challenging even after a successful Go-Live. Users change departments, are promoted, can be granted “temporarily” exceptional access or leave the company.
Access rights are accumulated or never revoked, potentially leading to segregation of duties conflicts and fraud. Non-deactivated user accounts result in sleeping users which makes your system more vulnerable to unauthorized access.
Our team is perfectly based to support you in reviewing user access rights, measuring users real activity in the system and providing user maintenance support services.
Segregation of Duties reviews & Conflict remediation
Failure to segregate duties increases the risk for fraud or errors. Our team is there to help to assure that all high risk segregation of duties conflicts are identified and remediated using the best practice solutions.
We are here to support your organization in efforts to design and implement tools, processes and controls that help you to stay in control of segregation of duties risks.
Have a look at what Deloitte's ERP security controls approach can do for your company.
Logical Access Controls
Effective internal controls are a key element in protecting the integrity of your operational and financial data. Making sure that proper access rights are given to users or that accounts of employees that left the company are locked on time, are just small examples of the IT controls that should be operating in your organization.
Deloitte is here to assist you in establishing or re-designing internal IT controls to better fit to the specifics of your business process and to achieve synergy between the IT department and the business users.
Read more about Deloitte's ERP security controls approach.
GRC Software Selection
Reducing costs of audit and replacing complex spreadsheets can be achieved by implementing GRC solutions. Choosing the correct product might be challenging, as each software offers a different set of functionalities.
Deloitte can help you navigate in the world of software vendors and provide assistance in selecting a GRC tool that fits your organization’s needs in the best way for the purpose of automation of internal controls and SOD risk analysis.