From Design to Cross Application Reporting

Slides:

Advertisements

Similar presentations

Chapter 14 Audit of the Sales and Collection Cycle

Advertisements

1 Auditing Sales and Trade Receivables 1 Audit Objectives The audit objectives for sales and trade receivables relate to obtaining sufficient evidence.

Demonstration.  Designed for many kind of business which use accounting procedures.  More suitable for retail sales, whole sales and distribution business.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

Security Controls – What Works

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Slide 1 Session 15 – ERP Security 1.Objectives 2.Oracle ERP Overview 3.Oracle ERP Security 4.Oracle Workflow and Security 5.How to Secure Oracle Applications.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Technical Considerations for Implementing International Credit Projects Jay Tchakarov Director of Product Management HighRadius

2012 TharpeRobbins National Sales Meeting Technology.

Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.

Segregation of Duties for Infor-Lawson Software 1.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

 Sana Riaz  Registration No  Saira Khalid  Registration No

Trade Management  Module 4.  Learning Objectives:  Managing receivables  Securing receivables  Sales documentation.

PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

Derek Huhta Micah McKee Natalia Meza Shaun Ripplinger.

1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)

Chapter 8 Auditing in an E-commerce Environment

Student Accounts Best Practices Presented by: Dee Bowling East Carolina University Fayetteville Fort Bragg.

Arbela Technologies Confidential arbelatech.com Best Practice for Month End & Year End Close.

Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

It's Alive – Bringing a Payment Strategy to Life May 24, 2016 Adrienne D. Terpak, CTP Corporate and Specialty Banking Segment Manager Treasury Management.

7-1 7 Sarbanes-Oxley, Internal Control, and Cash Student Version.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

CITY OF MINNEAPOLIS Audit Committee Meeting September 20,

GST- Transition and Implementation Issues

COMPANY PROFILE… ORIZER INFOTECH is a leader in providing complete business solutions. We're not just another ERP Vendor – we are The ERP Partner that.

Lecture 12 Financial Issues

Customer Order and Account Management Business Processes Chapter 7.

FOR MORE informative DECISIONS

Building a Better Way: The Weitz Company Security Model

Accounts Receivable, Accounts Payable & Cash

Data Minimization Framework

Testing of Configurable Controls in SAP

Security Management: Successes and Failures

Lessons Learned from Financial Management Reviews

IS4680 Security Auditing for Compliance

Reporting and Interpreting Sales Revenue, Receivables, and Cash

Sarbanes-Oxley, Internal Control, and Cash

The Revenue Cycle: Sales to Cash Collections

Batesville Upgrades JD Edwards and E-Commerce Application in One Year

EzyAccounting An Accounting Software An Accounting Software By: Delicate Software Solutions Dubai, Manage Your Business… Not Just Accounts.

Vertex & EnterpriseOne

QAD Enterprise Edition Segregation of Duties

Internal Controls.

B&G Foods, Inc. Oracle JD Edwards: Establishing the Foundation for Growth & Unlocking Business Value Chris October 22, 2018.

AUDITORS & ACCOUNTANTS

With your exponential data growth, do you have an effective Data Retention Policy? Russell Stainer JDE Consultant Klik IT.

RECORDS AND INFORMATION

Product Positioning, Partner Resources and recent developments

ALTA Best Practices.

Colorado University October 3, 2007

Understanding Back-End Systems

Chapter 8 Developing an Effective Ethics Program

Internal controls 01-Nov-2017.

SAP GRC EOH GRC Solutions Divisional divider Option 1.

TRINITY UNIVERSITY HOSPITAL

Design Secure & Compliant Roles for Oracle ERP & HCM Cloud

BASIC SETTINGS CONTENTS OF THE COURSE: Definition of Company

Internal Controls.

CASH MANAGEMENT BEST PRACTICES FOR MUNICIPALITIES

Internal Controls.

From Baby Boomers to Millennials

Presentation transcript:

From Design to Cross Application Reporting Segregation of Duties From Design to Cross Application Reporting Eric Henderson JDE Senior Security, Risk and Compliance Specialist ErpX Security & Technology LLC Carrie Curry Senior Delivery Manager Q Software

Introductions Eric is a Senior JD Edwards Security and Compliance Specialist, with more than 14 years of experience specializing in the delivery of JDE security solutions from assessments, design and configuration, and system implementations. He has deep experience in executing and managing projects related to JDE user security, segregation of duties analysis, configuration and controls reviews, pre- and post-implementation reviews, and security and configuration implementations. Eric served clients in a number of industries, including Consumer Products, Construction and Engineering, Manufacturing, Media and Entertainment, Oil and Gas and related services, Real Estate, and Technology.

Introductions For the past 13 years, Carrie has worked with JD Edwards in various roles such as business process analyst, report specialist, systems analyst and ERP Security team lead. Her experience with JD Edwards and in progress CISA certification make her a unique authority on JD Edwards compliance topics. Carrie is currently a Senior Implementation Consultant for Q Software. Carrie regularly provides training and implementation services to clients across North America. She has been sharing her passion for security with various presentations at InFocus and Collaborate. She is the founder and past president of the Quest JDE E1 Security SIG and is currently an active board member.

Agenda Key Area’s of Risk Drivers for Change Segregation of Duties Design Cross Application Segregation of Duties Reporting Questions

Objectives To highlight and discuss key area’s of risk where fraudulent activity can occur To share best practices and lessons learned in the design of segregation of duties To discuss the importance of effective reporting when it comes to maintaining compliance for both in application and cross application reporting

Key Area’s of Risk “Risks are not isolated to one piece of the puzzle, rather they extend to a broader risk universe” Processes Data Technology Technology Infrastructure Networks Security Disaster Recovery Data Conversion / validation Data Governance Reporting Back up and Refresh Processes Requirements Business Processes Lifecycles Controls Interfaces

Drivers for Change 1. Regulatory Compliance Business Function Procure to Pay 1. Regulatory Compliance Sarbanes-Oxley and other regulatory issues are forcing companies to increase their awareness and accountability of their employees actions within the company 2. Security and Data Management Recent privacy laws and prosecution of security violations is bringing a new awareness to monitoring and controlling security and access to data within the organization Departments Procurement vs Accounts Payable Manual Processes Signature on paper Systems Application - JDE

Getting Started Identify Business Processes Identify Risks or Conflicts Design SOD Rule Identify Systems Business Process: Order to Cash Conflict: Credit Approval & Sales Order Entry Risks: Approve increase credit and enter large sales order customer cannot pay for SOD Rule: Establish Credit Limits & Payments Terms VERSUS Enter Sales Order System(s): JD Edwards

Segregation of Duties: Matrix Order To Cash Enter customer order Issue credit memos Review and approve credit memos Establish credit limits/payment terms Override credit holds/approve overrides Adjust inventory records Maintain accounts receivable sub-ledger Adjust inventory sub-ledger Review and approve aged accounts receivable trial balance Reconcile sub-ledger information Post to the general ledger Receive cash/remittance Apply payments to customer accounts Perform bank reconciliation Enter write-offs of bad debt Review and approve write-offs of bad debt Maintain customer master file Enter changes to price list X

Segregation of Duties: Details Conflict: Credit Approval & Sales Order Entry Credit Approval Sales Order Entry Base Objects P03B305 P4210 Custom Objects N/A R554210 Versions ZJDE0001 QSG0002

Establish Enforcement Segregation of Duties: Process Rules Policies Align Processes Establish Enforcement Mitigate Monitor

Considerations How does IT work with the business to identify segregation of duties issues? One application or multiple applications Does the organization design roles in a way that creates inherent SOD issues? Does the organization take appropriate action when SOD conflicts are identified? Is GRC Software currently used to effectively manage SOD risk? What sensitive data do we hold, where does it reside? How well do we understand privacy regulations that affect our business? Do users follow control procedures to address regulation?

Cross Application Segregation of Duties User Profiles Access Associated with User Profiles User A User B Role Access Application A JD Edwards User A User B Role Access Application B Hyperion

Reporting

Questions? Eric Henderson Carrie Curry JDE Senior Security, Risk and Compliance Specialist ErpX Security & Technology LLC eric@erpxtechnology.com Carrie Curry Senior Delivery Manager Q Software carriec@qsoftware.com