Jody Paterson, CEO of ERP Maestro, featured in SAPinsider
Increased External Audit Scrutiny Puts Spotlight on Access Controls
By Jody Paterson | SAPinsider, Volume 16, Issue 4
October 1, 2015
Controlling access to your business environment is fundamental to the security and regulatory compliance of your organization, and maintaining the necessary levels of control requires frequent reviews of who is accessing what in your systems. While external auditors have always discouraged manual approaches to managing access control reviews, 70% of companies manually monitor access controls in their ERP system, including segregation of duties (SoD), emergency access, and provisioning.1
Why do so many organizations choose a manual approach over using an automated solution despite the advantages of automation, such as accuracy, completeness, and continuous auditing? It is not due to a lack of awareness of the value automated tools bring, but rather the perceived high cost and complex implementation project that is involved.
While organizations have been able to get by using ad hoc field tools to manually spot-analyze their environments, external auditors are changing how they evaluate access controls. This means that organizations can no longer continue to manage controls this way and still remain compliant going forward.