Presentation is loading. Please wait.

Presentation is loading. Please wait.

From Design to Cross Application Reporting

Published bySilas Burns Modified over 5 years ago

Similar presentations

Presentation on theme: "From Design to Cross Application Reporting"— Presentation transcript:

1 From Design to Cross Application Reporting
Segregation of Duties From Design to Cross Application Reporting Eric Henderson JDE Senior Security, Risk and Compliance Specialist ErpX Security & Technology LLC Carrie Curry Senior Delivery Manager Q Software

2 Introductions Eric is a Senior JD Edwards Security and Compliance Specialist, with more than 14 years of experience specializing in the delivery of JDE security solutions from assessments, design and configuration, and system implementations. He has deep experience in executing and managing projects related to JDE user security, segregation of duties analysis, configuration and controls reviews, pre- and post-implementation reviews, and security and configuration implementations. Eric served clients in a number of industries, including Consumer Products, Construction and Engineering, Manufacturing, Media and Entertainment, Oil and Gas and related services, Real Estate, and Technology.

3 Introductions For the past 13 years, Carrie has worked with JD Edwards in various roles such as business process analyst, report specialist, systems analyst and ERP Security team lead. Her experience with JD Edwards and in progress CISA certification make her a unique authority on JD Edwards compliance topics. Carrie is currently a Senior Implementation Consultant for Q Software. Carrie regularly provides training and implementation services to clients across North America. She has been sharing her passion for security with various presentations at InFocus and Collaborate. She is the founder and past president of the Quest JDE E1 Security SIG and is currently an active board member.

4 Agenda Key Area’s of Risk Drivers for Change
Segregation of Duties Design Cross Application Segregation of Duties Reporting Questions

5 Objectives To highlight and discuss key area’s of risk where fraudulent activity can occur To share best practices and lessons learned in the design of segregation of duties To discuss the importance of effective reporting when it comes to maintaining compliance for both in application and cross application reporting

6 Key Area’s of Risk “Risks are not isolated to one piece of the puzzle, rather they extend to a broader risk universe” Processes Data Technology Technology Infrastructure Networks Security Disaster Recovery Data Conversion / validation Data Governance Reporting Back up and Refresh Processes Requirements Business Processes Lifecycles Controls Interfaces

7 Drivers for Change 1. Regulatory Compliance
Business Function Procure to Pay 1. Regulatory Compliance Sarbanes-Oxley and other regulatory issues are forcing companies to increase their awareness and accountability of their employees actions within the company 2. Security and Data Management Recent privacy laws and prosecution of security violations is bringing a new awareness to monitoring and controlling security and access to data within the organization Departments Procurement vs Accounts Payable Manual Processes Signature on paper Systems Application - JDE

8 Getting Started Identify Business Processes
Identify Risks or Conflicts Design SOD Rule Identify Systems Business Process: Order to Cash Conflict: Credit Approval & Sales Order Entry Risks: Approve increase credit and enter large sales order customer cannot pay for SOD Rule: Establish Credit Limits & Payments Terms VERSUS Enter Sales Order System(s): JD Edwards

9 Segregation of Duties: Matrix
Order To Cash Enter customer order Issue credit memos Review and approve credit memos Establish credit limits/payment terms Override credit holds/approve overrides Adjust inventory records Maintain accounts receivable sub-ledger Adjust inventory sub-ledger Review and approve aged accounts receivable trial balance Reconcile sub-ledger information Post to the general ledger Receive cash/remittance Apply payments to customer accounts Perform bank reconciliation Enter write-offs of bad debt Review and approve write-offs of bad debt Maintain customer master file Enter changes to price list X

10 Segregation of Duties: Details
Conflict: Credit Approval & Sales Order Entry Credit Approval Sales Order Entry Base Objects P03B305 P4210 Custom Objects N/A R554210 Versions ZJDE0001 QSG0002

11 Establish Enforcement
Segregation of Duties: Process Rules Policies Align Processes Establish Enforcement Mitigate Monitor

12 Considerations How does IT work with the business to identify segregation of duties issues? One application or multiple applications Does the organization design roles in a way that creates inherent SOD issues? Does the organization take appropriate action when SOD conflicts are identified? Is GRC Software currently used to effectively manage SOD risk? What sensitive data do we hold, where does it reside? How well do we understand privacy regulations that affect our business? Do users follow control procedures to address regulation?

13 Cross Application Segregation of Duties
User Profiles Access Associated with User Profiles User A User B Role Access Application A JD Edwards User A User B Role Access Application B Hyperion

14

15 Reporting

16 Questions? Eric Henderson Carrie Curry
JDE Senior Security, Risk and Compliance Specialist ErpX Security & Technology LLC Carrie Curry Senior Delivery Manager Q Software

Download ppt "From Design to Cross Application Reporting"

Similar presentations

Chapter 14 Audit of the Sales and Collection Cycle

Chapter 14 Audit of the Sales and Collection Cycle
1 Auditing Sales and Trade Receivables 1 Audit Objectives The audit objectives for sales and trade receivables relate to obtaining sufficient evidence.

1 Auditing Sales and Trade Receivables 1 Audit Objectives The audit objectives for sales and trade receivables relate to obtaining sufficient evidence.
Demonstration.  Designed for many kind of business which use accounting procedures.  More suitable for retail sales, whole sales and distribution business.

Demonstration.  Designed for many kind of business which use accounting procedures.  More suitable for retail sales, whole sales and distribution business.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Security Controls – What Works

Security Controls – What Works
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Slide 1 Session 15 – ERP Security 1.Objectives 2.Oracle ERP Overview 3.Oracle ERP Security 4.Oracle Workflow and Security 5.How to Secure Oracle Applications.

Slide 1 Session 15 – ERP Security 1.Objectives 2.Oracle ERP Overview 3.Oracle ERP Security 4.Oracle Workflow and Security 5.How to Secure Oracle Applications.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Technical Considerations for Implementing International Credit Projects Jay Tchakarov Director of Product Management HighRadius www.highradius.com.

Technical Considerations for Implementing International Credit Projects Jay Tchakarov Director of Product Management HighRadius
2012 TharpeRobbins National Sales Meeting Technology.

2012 TharpeRobbins National Sales Meeting Technology.
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.

Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
Segregation of Duties for Infor-Lawson Software 1.

Segregation of Duties for Infor-Lawson Software 1.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
 Sana Riaz  Registration No. 0185  Saira Khalid  Registration No. 0201.

 Sana Riaz  Registration No  Saira Khalid  Registration No
Trade Management  Module 4.  Learning Objectives:  Managing receivables  Securing receivables  Sales documentation.

Trade Management  Module 4.  Learning Objectives:  Managing receivables  Securing receivables  Sales documentation.
PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

Similar presentations

Ads by Google