We found that there are many changes going on that are not documented and yet have an impact to your operations (the benefits of new functionality), but also new risks that are introduced.
What kind of risks? Here are some highlights of an evaluation we conducted, consider how these changes may impact your organization:
* Over 130 new Privileges.
* Over 200 Privilege to Role assignments, including existing/older privileges newly assigned.
* Over 200 Role to Role assignments, including new Roles being assigned to new Roles and new Roles being assigned to existing Roles.
* Over 50 new Data Security Policies which control the data that users have access to.
* Over 100 new Profile Options that help configure the application and its transactions.
For areas such as Segregation of Duties and Sensitive Access these changes have had an impact, with new risks being introduced. One Role has access to over 40 different sensitive access risks.
While new functionality is being added to the application, its the changes we see to the existing structure that can introduce risks and additional costs. For example, where Roles are added to Roles (Role to Role assignment) the Privileges assigned also come over. These Privileges may have license tags that if used can increase your license usage, and associated costs. In addition, new risks are introduced that can create Segregation of Duties, or simply over-provision users in the application.
Getting into the details of each application release is crucial, under the release notes you will find that changes to roles , the permissions/privileges and other settings can have a real impact on your operations and security.
Its not just the delivered changes you need to worry about, how are changes being made by your staff impacting your applications?
With the ever changing Cloud applications you have, the combination of your changes and changes by the vendor should be evaluated through thorough change management.
Seecuring has helped many organizations achieve greater assurance over their Applications and Services.
Segregation of Duties
Sensitive Access
User Access Reviews
Patch Impact Analysis & Configuration Changes
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.
To discuss your requirements, you can schedule a call with us: