Home / Blog Overview / Access Review: What It Is and Why It’s Key for ERP Security
Access Reviews and Certification | July 8th, 2019

Access Review: What It Is and Why It’s Key for ERP Security

What is Access Review?

One of the main IT internal controls that companies rely on for securing their ERP system(s) is access reviews. Since ERP systems, such as ones that belong to tech giant SAP, can have thousands of users, it’s critical to know who has direct access to data and what tasks each employee can do. Access reviews allow management, IT and internal audit teams to review this and adjust access if necessary. Here are some of issues they address:

Over-provisioned accounts

Transferred or terminated users who shouldn’t have access

Potential internal fraud, data loss, damages and regulatory fines for non-compliance

Access Review: How is it managed?

You may have heard of access review tools and solutions that can automate this process; however, there are companies that still do this process manually, and that has its own set of challenges. For one, it can take weeks of preparation just to set up the review data. The data itself may be inaccurate and not up to date with current user access activity or HR records. It also takes much more time to complete access reviews manually, as there can be weeks of back and forth communication with managers who are supposed to approve or reject access for their employees. This takes away even more time from the regular job duties of those conducting the reviews, not to mention the stress it causes.

Another problem with manual reviews is the opportunity for managers to mass approve employees’ access, rather than going one by one to review access privileges and determine if they are accurate for each employee’s role. This leads to what is known as “rubber stamping,” and can be dangerous in terms of segregation of duties (SoD).

What an Automated Access Review Solutions Can Do

Automated access review solutions are designed to help manage the access review process in a streamlined and organized manner. Most, but not all, are cloud-based and scalable to fit the needs of each company. They have clear benefits over using spreadsheets and emails, as they are built to be all-in-one solutions that help from the beginning of the review process until the end. The features found in these solutions include the ability to create, modify and delete reviews; monitor the progress of the reviews; automate email reminders to managers and upload pertinent HR data.

This is not an exhaustive list, but it gives an idea of how automated solutions can eliminate manual processes during access reviews.

Access reviews, while important for securing ERPs, can be notoriously difficult to do manually, and done wrong can impact internal audits. In response to this, we created a video outlining why it’s so difficult, what can go wrong, and what can be done to ease the process. Watch it here or below:

Have any questions? Contact us at info@erpmaestro.com and we’ll be happy to help.

 

    Leave a Reply

    Your email address will not be published. Required fields are marked *