Fred Zajac

How important is it for people responsible for general I/T controls (e.g. Network, workstation, Server and data base security) to know about how the ERP system works? What is one (1) specific thing they should know?

The people responsible for general IT controls should know how the ERP systems works, but shouldn’t have change / modify a…[Read more]

Controls are important to financial and accounting processes. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.

1. The currency exchange would impact a purely domestic US company vs. an international company. The value of foreign money impacts the financial s…[Read more]

As we continue to learn about business processes and ERP systems we often discuss financial or account related terms and concepts. How much finance and accounting knowledge should IT personnel supporting business applications know and learn? Explain

It is important for IT personnel to know and understand supporting business applications to…[Read more]

As we’ve seen in the P2P and OTC Processes many different often non-financial business functions are involved with ERP system transactions that post to accounting records. If you are responsible for Finance / Accounting controls for your company how would you manage the risks coming from these non-Financial function jobs?

The accounting r…[Read more]

The article I found this week involved the possibility of someone hacking a diabetic patients insulin injector.

Ethical hackers have found J&J’s Animas Onetouch Ping insulin pump, which allows patients to push a button to inject the proper dose of insulin can be hacked because the communication from the remote to the device isn’t encrypted.…[Read more]

Binu,

Great point about sub-contractors allowed inside buildings. One of my clients has a high level of security measures in place. It is a pharmaceutical company in the surrounding suburbs. All vendors and contractors must attend a securities class on the physical grounds and authorized areas. We are only allowed to use the entrance and…[Read more]

Abhay,

You did a great analysis of why Denver is the best place for a data center. The only thing I would mention to everyone is…

Two is better than one, three is better than two, and so on…

Redundancy is the key. Denver is the best place but finding another location in the world that matches Denver might be a good idea too

What physical security risks are created by an organization’s implementation of a PHYSBITS solution? What mitigations would recommend to lesson them?

The two biggest risks I see in implementing a PHYSBITS solution are:

1. An ex-employee taking a current employees badge
This could cause several physical security risks. The ex-employee may b…[Read more]

You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain

My biggest fear would be the shipping and available to promise. As a business owner and account manager, making the customer happy is our number 1 pri…[Read more]

Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.

Shipping Controls:
I would have tighter shipping controls if my suppliers or customers where located outside of the United S…[Read more]

Who in an organization should care more about the collections process – Finance or Sales? Explain

This is a great question.

Finance
It is there job to manage the accounts payable and receivable. This is what they get paid to do. They should “care” more about fulfilling the duties of the job.

However…

If the sales people are wor…[Read more]

Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How

I am going to take this from one of my favorite movies. The movie is called, Office Space.

I would attack the financial accounting department payment / Cre…[Read more]

Fangzhou,

Great Post! Very informative. I always new about the limited internet access in China, but never thought of it because it never affected me. It did affect a friend of mine who went to China for business. She could only access facebook when she was at work. I assume the company had a VPN.

I do remember reading about this and…[Read more]

A Virtual Private Network uses tunneling to allow for uses in a private network to communicate through a public network, without the risk of the information being intercepted by hackers. This means a person can work at a remote location (Home, Hotel, Restaurant, ect.) and have the data encrypted to ensure secure transmission, over a non-secure…[Read more]

According to Microsoft Support, the Open Systems Interconnet (OSI) model was established by the International Standards Organization in 1978, to allow communications between different data transfer applications. (Microsoft, n.d.) The OSI allows for different interfaces to communicate by flowing through the 7…[Read more]

Johnson concerned about Russia meddling in election

Republican Sen. Ron Johnson chairs the Senate Homeland Security & Governmental affairs Committee. He believes the Russians are capable of “Meddling” with the presidential election process. The Russians are said to be responsible for hacking into state voter registration databases. Each…[Read more]

4. As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?

The most obvious, but less obvious is cameras in stores, class rooms, living areas, ect. The “eye in the sky” allows the security tea…[Read more]

3. Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.

The order to cash process requires prompt delivery to maintain a trustworthy reputation. The decision to ship internationally increases risks c…[Read more]

2. Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.

I would implement the controls mentioned in answer 1.

I would schedule the employee shifts in 3 or 4 time blocks. Thi…[Read more]

The One Piece at a time video shows examples for each area of the Fraud Triangle.

1. Perceived Opportunity
As an employee, he knew the environment and knew there was a poor lack of internal controls and oversight. The company never checked employee bags for merchandise. I remember working at a department store. They scheduled the same…[Read more]