Magaly Perez

2.How is independence maintained when working for the company as an internal auditor?

Internal auditor’s independence is maintained by their ability to maintain objectivity. Internal auditors should have no personal or professional involvement with or loyalty to the area being audited; additionally, should maintain an unbiased and impartial m…[Read more]

4. Next week we have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?

1. Developing trust with your clients can be challenging, how do you go about initiating the audit in a manner in which the clients develop trust?
2. What would you say is the most…[Read more]

I believe the key components of SAP change management controls that an auditor should review are as followed:

• Change Management Process documentation such as Policies and Procedures:

• Change management processes such as:
o Change request application
o Development policies
o Testing and acceptance
o Deployment process
o C…[Read more]

Alex, great point. Your reply actually had me thinking from an auditors perspective. I researched the web and found a list of t-codes which are used in order to monitor the master data record. I was able to find this site which discloses codes in order to track and monitor controls. We have actually used a few of these transaction codes.…[Read more]

Hey Alex, great input. I actually just looked up and Financial MDM and it is very applicable to my post. As for your question, most certainly. I think all aspect of an organization should be governed but specifically answering your question to financial sensitivity most definitely. I believe it ensures procedures and protocol are in place and are…[Read more]

4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain

I think F110 is the most ‘Sensitive’ transaction and should have an extra focus in an SAT audit. F110 is a T-code that can be executed by users based of their SAP authorizations; this co…[Read more]

******4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain

I think F110 is the most ‘Sensitive’ transaction and should have an extra focus in an SAT audit. F110 is a T-code that can be executed by users based of their SAP authori…[Read more]

So, I did not mean to post that as a reply. However, that is a great choice due to the mishap that could arise due to the lack of strict controls. Like the post, I accidentally posted; if the code is misused or a user’s authorization is compromised it can present risk and for that reason they should be a focus within a SAT audit.

4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain

I think F110 is the most ‘Sensitive’ transaction and should have an extra focus in an SAT audit. F110 is a T-code that can be executed by users based of their SAP authorizations; this co…[Read more]

2. Which department or person should play the key role in defining master data and assuring its quality?

I think that the financial department should play the key role in defining master data and assuring its quality. I based this assumption off our use of the SAP system; the vendor master file is an initial process in the accounts payable and…[Read more]

1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?

The Master data in the ERP system is a highly integrated function and is used in multiple processes which, effect different sectors of an organization. With…[Read more]

Great recommendations with the password requirements Alex. Sean you raise a great point with the reuse of previous passwords. I know we all revert back to reusing passwords because it is easier to remember and agree that it would mitigate risk if a control was implemented that prevented users from doing so. Great suggestion.

Josh, good point. I didn’t even think about the mistakes that could arise from the endless amount of codes in SAP. I agree with you that it most certainly can cause havoc due to how easy it is to incorrectly enter a code. I know that I most certainly have entered codes in wrong multiple times in SAP. But good point and yes, human error is…[Read more]

honesty *^

Paul,

Great example as it walks through the differences between the two types of managements. As you stated, you need a balance of the both in order for the two to be efficient. The irony that this is one of our questions, since two weeks ago we were setting up active directory on our VM’s for our Enterprise Architecture class. I don’t know…[Read more]

http://www.securitymagazine.com/articles/87525-public-wi-fi-use-grows-despite-security-risks

This article, “Public Wi-Fi Use Grows, Despite Security Risk” reveals that 91% of people believe that public Wi-Fi is not secure yet they still connect anyways. The Xirrus report state that “compared to 2015, this year public Wi-Fi users have incre…[Read more]

Alex, if only it were that easy. However, I think a good start to test SoD is to review the following:
– security/ IT policy and procedures
– security access
– organizational chart of duties and descriptions
– interview the key roles and players within the scope you are testing
– observe daily operations and the list can go on, depending…[Read more]

Hey Sean,

I agree with your fuzzy part of ERP and its complexity . Today while working on assignment 3, my partner and I ran into a new control error, in fact the one that the Professor announced to the class that completely threw us off. At first, we thought we did something wrong since SAP is so complex, and we couldn’t figure it out…[Read more]

Hey Alex,

Great question, I would say that its difficult at times to figure out what roles to limit; however more often in small businesses require their employees to wear many hats, which makes it hard to segregate duties. Generally, I would make sure that these functions are most definitely separated among employees:
– Inventory, assets,…[Read more]