-
Ming Hu posted a new activity comment 7 years, 11 months ago
Nice point Priya. I agree with you and just want to add something to your first point that auditors should also be mindful of independence, they must be diligent in identifying and evaluating threats to independence and applying appropriate safeguards, that should be seen as an integral part of an auditor’s knowledge. For example, if there…[Read more]
-
Ming Hu posted a new activity comment 7 years, 11 months ago
Regulatory compliance could be costly for many organizations, but I also read an article about how to transform compliance into a competitive advantage. That was about ACI and Wells Fargo, the most important lesson I learnt from this article is about transforming compliance from a reactive task to a proactive repeatable business process, Wells…[Read more]
-
Ming Hu posted a new activity comment 7 years, 11 months ago
How is independence maintained when working for the company as an internal auditor?
Auditor independence is achieved through organizational status and objectivity:
Organizational status – the director of the internal auditing department should be responsible to an individual in the organization with sufficient authority to promote independence…[Read more] -
Ming Hu posted a new activity comment 7 years, 12 months ago
In your company, do you use any blueprints as documentation? Why are process blueprints important in the documentation?
Process blueprints describe business processes, including details about the activities in the process, the people who perform or know about the activities and their roles, the milestones that activities are performed in,…[Read more]
-
Ming Hu posted a new activity comment 7 years, 12 months ago
In your company, do you use any blueprints as documentation? Why are process blueprints important in the documentation?
Process blueprints describe business processes, including details about the activities in the process, the people who perform or know about the activities and their roles, the milestones that activities are performed in,…[Read more]
-
Ming Hu posted a new activity comment 7 years, 12 months ago
Nice point Paul. I failed to take segregation of Duties into consideration, but it is a very important portion. Obviously, one who requests a change must not be the one who respond to that change. Besides, considering employee turnover, their roles and responsibilities, accordingly, should be redefined following the principle of segregation of duties.
-
Ming Hu posted a new activity comment 7 years, 12 months ago
In future weeks we may have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?
1. What technical skills do you think are very helpful for an entry-level IT auditor?
2. Would mind sharing with us how you started you career as an auditor?
3. How could…[Read more] -
Ming Hu posted a new activity comment 7 years, 12 months ago
What are the key components of SAP change management controls you would expect the auditor to review? Why?
Change request – Check the transparency and validity over change execution
Authorization change – Ensure every authorization-based change is reasonable, accurate and timely
Testing procedure – Whether the change has been tested befor…[Read more] -
Ming Hu posted a new activity comment 8 years ago
Nice point Abhay, take role-based authorization for example, it is a dynamic process based on employee overturn, specific requirements, or job change, so constantly audit is necessary for ensuring corresponding changes have been made, otherwise, the privilege may be misused and sensitive data may be stolen. E.g. SU03 Maintain Authorizations; Su20…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Nice point. Controls are an obvious, yet necessary component to master data governance to assure the integration of master data into business process, by establishing solid control at the onset, these controls will monitor and audit the usage of the system in real-time in order to alert a data steward of any possible issues and/or exceptions.…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Nice point. I believe that inaccurate data might not only cause difficulties in performing data analysis, but also may generate a totally wrong analysis result. We all know how important the data to an organization, the company relies on the results of data analysis to make decisions to design promotion strategy or provide customized customer…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
Access transactions are the most sensitive, because they enable users to create, modify or delete G/L accounts, therefore, access should only be granted to specific group of users for spe…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Both inaccurate and excessive repetitive data can negatively impact your business. As for me, the inaccurate data would more likely be a risk.
Negative impact of the inaccurate data:
Losing customers – business have a small window of opportunity t…[Read more] -
Ming Hu posted a new activity comment 8 years ago
Nice post Paul, I like your example and what you mentioned “access management provides multiple layers of security”. Access management becomes more and more critical from data breach perspective, especially considering that we’ve heard so many news about how individuals lack awareness to protect them from cyber crime – their username and password…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Thanks for your sharing. As you said, even someone knows the threat, they may still dismiss that cause they need to connect to it. I’ve read an article about tips on public Wi-Fi security, the most useful and simple one I’m following is that considering use your cell phone. If you need to access any websites that store or require the input of any…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Nice point Priya, it is very important for users to set right wifi locations, home, public or work on your PC, The location you choose changes the firewall and security settings for your PC appropriately to keep you secure. For “home” network discovery is turned on and computers on a home network can belong to a homegroup. While for networks in…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Twitter, GitHub and several other major websites are inaccessible for many users due to a distributed denial-of-service (DDoS) attack on the Managed DNS infrastructure of cloud-based Internet performance management company Dyn.
According to Dyn, the DDoS attack aimed at its DNS service started at roughly 11:10 UTC. The company is working on…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Nice post Paul, I like what you mentioned “prioritization”. We’ve already known about how challenging the cyber security issues we’re facing, and there’s no an absolutely secure environment. So it is important for security officers to analyze potential threats and prioritize the right security measurements at the right time based on current…[Read more]
-
Ming Hu posted a new activity comment 8 years ago
Thank you for adding details. Your post just reminded me that accounting knowledge as a necessity when I came to learn SAP. IT is a powerful tools leveraged by different departments, HR, finance, accounting, etc. So as a security guard, it’s not unusual for you need to learn cross-field knowledge to carry out your work.
-
Ming Hu posted a new activity comment 8 years ago
Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component? Explain
SAP itself is very complex, it has about 1000 parameters, and most of them can affect security. When you install an SAP System, it goes with 20+ different services, each of them uses its own proprietary protocol and a set of…[Read more]
- Load More