Continuing great job on the discussions. Keep up the good work. My summary view is:
Q1: Do businesses rely too much on security administrators vs. security of the entire network? Most of you highlighted the network being the highest risk. I tend to agree with you – as in today’s computer environments, the network get’s you in the door. Nevertheless, it’s important to manage all areas of security and make sure even the administrators are using state of the art practices and techniques. Risks are everywhere.
Q2: Why only have one posting period open at a time? As you pointed out, this is mainly to prevent errant postings in the wrong month. It also supports the discipline of making sure when events occur in the real or physical world, the corresponding transaction(s) occur in the ERP system.
Q3: What’s the most important finance / accounting control? …authorization control? Some good discussion on this question. I would have preferred you using my list to prioritize but most of you didn’t have that list due to my late posting of the video. My experience is that documented policies & procedures with strong reconciliation and auditing that they are followed is critical. Focus as usual on the high value and high risk items.
Q4: Have you experienced difficult, cumbersome, … security problems? Thanks for sharing some great stories of your real experiences. Most of you highlighted password headaches. Regardless, it’s important to understand the end results of what users are actually doing (law of unintended consequences). If you lock down the process tight so everyone writes the password down on their screen – in the end you have poor security. In the end, a balance is necessary – is the complexity worth the headache? However, who gets to set balance is usually someone at the top of the organization.