Checks and Balances of ERP’s
Posted on: December 12, 2018 | By: Michael Angel | ERP Selection
What are the Threats of ERP?
Enterprise Resource Planning (ERP) Environments play a pivotal role in the day to day operations of any business. These systems allow businesses to create sales orders and purchase orders, apply payments, receive inventory, etc. These transactions produce vast amounts of sensitive information, such as bank account numbers, inventory levels, shipment schedules, financial records, and much more.
Although these ERP environments allow businesses to be more efficient and cost effective, these environments can leave businesses vulnerable to internal threats. Examples of these threats include
- Stolen account numbers
- Unauthorized shipment release
- Stolen financial records.
These internal threats, if successful, can cause major harm to a business.
For example, one high-risk item is the use of Super Users. These Super Users have unlimited system access and can roam through the ERP environment unchecked. This Super User would have access to all functionality, menus, master data, and transactions. Everything.
What can be done?
ERP environments have capabilities and functionality to address these complex issues. Logan Consulting supports ERP’s (Microsoft Dynamics D365 Business Central, D365 for Finance and Operations, QAD EE, QAD SE , Acumatica, others.) which have Segregation of Duties (SOD’s) built into the software. Users are typically grouped into roles. Roles are limited to ensure proper SOD. This restricts individuals to what they need (and only what they need) to do their jobs. For example, a business should separate those ordering, receiving and paying for supplies.
In Dynamics GP and D365 Business Central, you can create a user and assign specific classes to that user to grant them access to only certain companies. Businesses can further implement security through user security roles. Finally, businesses can implement field level security and menu level security to further control user access to functionality and information.
Similarly, D365 for Operations and Finance has menu-level security roles. These menus can be set to allow specific actions:
- Create: Allows the user to add a new record
- Read: Allows the user to view a record
- Write: Allows the user to edit a record
- Delete: Allows the user to delete a record
- Append: Allows the user to attach other entities to, or associate other entities with, a parent record
Although segregation of duties can create checks and balances for business, these securities can create multiple layers of security that can become complex and difficult to manage. If you need help with setting up segregation of duties, please do not hesitate to contact Logan Consulting for further information.
Logan Consulting is a professional services firm committed to helping businesses improve business processes to get the most from their ERP investments.
Does it make sense to talk with us? Contact us to start a dialog