-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
What are the key components of SAP change management controls you would expect the auditor to review? Why?
There are a number of key components included in the IT change management audit for the SAP.
The change management policies and procedures should be formally document the change management process and there should be a review as to the…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
In your company, do you use any blueprints as documentation? Why are process blueprints important in the documentation?
A blueprint offers organizations the best chance to successfully achieving their goals. Blueprinting is an effective tool and it helps organizations understand as to how the process will look like and it also offers…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
How have you seen change management work in your organization? What improvement recommendations do you have?
Most of the change management ventures fail because the human variable in it. Either people don’t want to change, or the management hasn’t done their job of communicating the goals and their vision of where they want to take the…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Next week we have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?
What challenges do you face while gathering information from different stakeholders?
What tools and important skills that are essential for us to learn as an auditor?
As someone…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Wen Ting,
Do you think that for a master data like customer master data, the sales department should be the one responsible for maintaining the client information? I mean, they are the ones who are at the “front end” of the organization building relationships with the clients and gathering customer information first hand.
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Yulun,
I thought that inaccurate data was riskier too. To add to the redundant data part for comparison, the risks under redundant data are organizations incurring more cost for storing data, etc. these risks are still in no comparison with the risks associated with inaccurate data. Imagine sending packages to wrong addresses due to corrupt…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Yu Ming,
I agree. During my internship, our ERP software wasn’t integrated with the CRM and hence one of the primary jobs of the sales team was to feed in data that the customers provided in CRM, into the ERP for further processing. So, for the customer master data, the sales team was responsible for managing the data with me. As long as d…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
I think in every organization there high-risk/sensitive activities (transaction codes) and defining them is very important component of authorization-related project because of the impact the…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Considering the respective risks that inaccurate data and excessive repeated data carry, I think inaccurate data carries more risk for an organization compared to data that is redundant. An organization is still powered by the redundant data (maybe not…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
For any organization it is critical that they have an effective master data management tool to ensure that the information in the master data is the single…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Given the nature of malware like Ransomware that can put the important data, in the case of hospitals, data falling under Personal Health Information, such implementation comes as no surprise. I think in the light of the recent events more and more organizations who will be liable if critical data leaks, are now going improve their governance by…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
I think this is crucial time for this article to get published given how the multiple waves of DDOS affected many businesses on the east coast. 75% is a huge number and I think as every company looks to go digital, they will certainly will also look to decrease the percentage.
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
I agree. Authentication and Authorization are two completely different and essential components. In access control decisions, authorizations can always be updated based on the user information that is provided and other decisions taken.
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Paul,
Two reasons that struck me are, first, the organization is either underestimating or is unaware about the risk such accounts can carry and they haven’t realized how these accounts are exposing their enterprise for various forms of attacks. Second, organizations probably have policies in place for old user accounts, they haven’t followed…[Read more]
-
Abhay V Kshirsagar wrote a new post on the site Auditing Controls in ERP Systems 7 years, 11 months ago
bernie-madoff-scandal
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
“Code Injection Technique may Potentially Attack All Versions of Windows”
The Windows PC users, who are using a fully-patched version of the OS can still be hacked. The security researchers have found a new technique that may allow attacks to inject a malicious code on different versions of MS Windows OS including Windows 10; no current…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Good example, Paul.
In my company we had the problem of old-user accounts or as we used to call them as “orphaned” accounts, which had the ability to leave the entire enterprise security vulnerable. For instance, former employees could provide their old log-in information to a third-party, which could use these orphaned accounts to steal…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
All companies are dynamic entities with employees and others using systems coming and going all the time. What best practices have you experienced or would you recommend for managing system users and their related security access?
Generally, a system manager has two main types of users that are employees and vendors (external).
Suppose, a…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
What key (1-2) competencies does the person responsible in a company for security (e.g. for a given process) need to have to be successful? Why?
ERP systems are complex. The security professionals should have good communication skills and be observant and get to know the functional users that are involved in the particular business process.…[Read more]
-
Abhay V Kshirsagar posted a new activity comment 7 years, 11 months ago
Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component? Explain
Any ERP exists to solve complex business issues and to serve various types of users. An ERP system like SAP supports numerous variety of business processes. It has significant data volumes where database size can go up to…[Read more]
- Load More