Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Security Risk Management Compliance Integrity
Steve Davis
Business Development Director
Improve your Audit & Business with the Right Security Model
Security Risk Management Compliance Integrity
If your job was at stake.....
Can you with certainty state thatusers of your JD Edwards system are locked out of the areas they should not be able to get to?
The BIG Question:
Security Risk Management Compliance Integrity
Agenda
Q Software: Who are we?
What are the Problems?
– Fraud & Compliance
– JD Edwards E1
Case Studies
Summary
Questions
Security Risk Management Compliance Integrity
The Oracle Security & Compliance People
270+ Customers
Security Risk Management Compliance Integrity
A selection of Q Software customers
Security Risk Management Compliance Integrity
Agenda
Q Software: Who are we?
What are the Problems?
– Fraud & Compliance
– JD Edwards E1
Case Studies
Summary
Questions
Security Risk Management Compliance Integrity
Fraud is a Worldwide Issue
South Africa: 62% companies suffered fraud
59% experienced bribery & corruption
Source: PwC 2009 crime survey
Australia: Fraud a persistent fact of life
- 25% of loses in excess of Au$ 1.5m
Source: PwC 2007 Crime survey
USA: 35% companies suffered “significant
economic crime”
- most likely cause is pressure due to economy
- increased opportunity is primary driver
Source: PwC 2009 crime survey
UK: almost 50% admit to suffering fraud, almost
75% of larger (5,000+ employees)
- 33% of these suffered 100 incidents
Source: PwC 2009 fraud survey
Canada: 55% companies suffered fraud
- 83% asset misappropriation most common
- 38% detected by chance or by tip-off
Source: PwC 2009 crime survey
Germany: 49% suffered economic crime- Identified crimes cost Euros 6 billion
Source: PwC 2007 fraud survey
Security Risk Management Compliance Integrity
Business Controls – Securing your System
The 21st Century Fraud – SoX and Compliance
Current financial turmoil– Additional responsibilities for existing staff
– Disgruntled employees
– New employees make mistakes
Inadequate controls
= Potential fraud
= Loss of more than cash
Security Risk Management Compliance Integrity
Auditors Recommend Roles Based Access Control
RBAC models been around for over 20 years
National Institute of Standards & Technology• March 2002
Simplified systems administrationEnhanced security & integritySimplified regulatory compliance Enhanced organisational productivity
Security Risk Management Compliance Integrity
What is SoD? (Segregation of Duties)
» Runs off with $1m
Jones & Jones Inc.
» A Manager sets up MB Inc.
as a supplier
» Accepts Purchase Invoices from MB Inc.
» Approves Invoices
» Processes for Payment
» Transfers the funds
Security Risk Management Compliance Integrity
Issues in JD Edwards E1
All Doors Open v All Doors Closed
• Menu Security is no Security
No Segregation of Duties
• Access to critical programs
35,000 Objects
• Complexity of Maintenance - forms, versions
Multiple roles / Sequence Manager
• Unexpected security authorities
• Changes lead to unexpected results
Application access is very complex
• Task Views
• FineCut
• FastPath
• Hidden & Associated Applications
Security Risk Management Compliance Integrity
Example of Hidden Applications
Associated
Applications
Security Risk Management Compliance Integrity
So, what do people do?
This is simplistic & results are inaccurate
This is a waste of time
This is a waste of money
F00950
SoD Rules
Security Risk Management Compliance Integrity
Why is this flawed?
Access to a program is not restricted to F00950
F00950
Menus
Task
Views
Exit
Security
Role
Sequencing
Security Risk Management Compliance Integrity
Agenda
Q Software: Who are we?
What are the Problems?
– Fraud & Compliance
– JD Edwards E1
Case Studies
Summary
Questions
Security Risk Management Compliance Integrity
UKs leading independent logistics company
Part of Bibby Line Group– Over 200 years old– HQ in Liverpool– Group revenue $1.7 bn
Bibby Distribution– Revenue $310 m – 70 locations in UK– 2m sq ft warehousing– 2,300 employees– 800 vehicles
Customer Focus: Bibby
Security Risk Management Compliance Integrity
Customer Focus: Bibby Background
Bibby Distribution has been growing
– Over the last 10 years
• Growth of 300%
– Organically
• New depots / New contracts
– By acquisition
• 8 businesses acquired
Security Risk Management Compliance Integrity
Customer Focus: Bibby Implementation Plan
CFO sponsored the project
Started April 2007
Core financials completed by Sept 2007• Sales / Purchase / General Ledger
• Sales Order Processing
• Fixed assets
• Procurement
Then the Depots
Tight timescales
No Oracle expertise
Security Risk Management Compliance Integrity
Customer Focus: Bibby – Importance of Security
Very complex depot relationships– 1:1, 1:Many, Many:1 relationships– Segregation of duties– Time / effort / costs to resolve– Audit
Had to perform substantive audits– Compliance audits not possible– Time-consuming (costly)
Security Risk Management Compliance Integrity
Customer Focus: Bibby – The Security Problem
They were advised E1 security would take at least 6 months
– Too long for project roll-out deadlines
– So went All Doors Open trying menu security
– Menu security = No security
Security Risk Management Compliance Integrity
Paul Cullingford – Chief Financial Officer
Security Risk Management Compliance Integrity
Customer Focus: Bibby – The Solutions
E1Config – Simplified All Doors Open All Doors Closed
• Reducing effort by 80%
– Enabled enforcement of SoD
• Enhancing compliance
– Reduces security maintenance effort
• By about 50%
– Minimises potential for errors
• Fewer posting errors
– Reduces reporting time & accuracy
• From days to minutes
– Quick & easy to prove security controls
• Reduces auditing effort
Security Risk Management Compliance Integrity
Customer Focus: Bibby Benefits
Year end process went smoothly
– Still smiling, fewer sick days
Month end processes much quicker
• More time available to manage rather than just do accounting
Easy to set up temp role changes i.e. For holidays
• No need for temp staff, security assured
New contracts set up much quicker
• New customers up and running sooner
Few posting errors
• As staff program / data access controlled correctly
Much simpler & smoother audits
• Auditors happy with first security audit
New acquisitions integrated & “secured” in days not months• Confident that users secure
& posting to correct ledgers
Security Risk Management Compliance Integrity
Customer Focus: Bibby – Key Comments
“we implemented security in a fraction of the time that had been estimated”.
“a good security model contributes to significant cost savings throughout our business.”
Security Risk Management Compliance Integrity
Customer Focus: Morbark
Founded in Winn, MI in 1957
– In blacksmith shop
1.5 million sq ft manufacturing
World-class manufacturer
– Heavy duty wood chipping & grinding equipment
Security Risk Management Compliance Integrity
Customer Focus: Morbark Background
Small work-force– Frequent need to change duties at short notice
Security time-consuming to manage– Frequent interruptions to IT staff
Increased risk of high cost errors Due to unfamiliarity with new role Need to simplify security management
– De-skill security management
Reduce risk of errors Effective SoD
Security Risk Management Compliance Integrity
Tina Rollings CPA
Security Risk Management Compliance Integrity
Customer Focus: Morbark Solution
E1Config
– Capture existing security
– Test for conflicts
– Manage SoD
– Simplify on-going security maintenance
E1SoD
– SoD model management
– SoD violations reporting
Security Risk Management Compliance Integrity
Customer Focus: Majestic Realty
Melissa PenfieldDirector of Business Systems
Security Risk Management Compliance Integrity
Customer Focus: Majestic Realty
Headquarters: City of Industry (Greater LA Area)
Largest Private Commercial Developer
Vertically Integrated
– Acquire: Land Acquisition, Entitlement
– Develop: Commerce Construction Co.
– Manage: Majestic Management Co
Industrial, Office, Retail
Remote offices across US
Security Risk Management Compliance Integrity
Technology
EnterpriseOne 8.12 Tools 8.98.4
Financials, Project Costing, Real Estate
Blue Stack
97 User IDs, 23 Roles
200+ custom objects
Customer Focus: Majestic Realty
Security Risk Management Compliance Integrity
Changing Economy
SoD Management
Auditing Requirements and Reporting
Eliminate Spreadsheets / Matrices
THEME = Streamline Business Processes to
Achieve Operational Efficiencies
Customer Focus: Majestic Realty – Q Software Drivers
Security Risk Management Compliance Integrity
= VERY low maintenance for I.T.
Reduces new role creation from days to hours
Easy upgrades
Support website for logging questions / issues
QSoftware team – very accessible and responsive
Customer Focus: Majestic Realty – Support & Maint
Security Risk Management Compliance Integrity
Agenda
Q Software: Who are we?
What are the Problems?
– Fraud & Compliance
– JD Edwards E1
Case Studies
Summary
Questions
Security Risk Management Compliance Integrity
QSoft Product Family
Quick Fix Accelerator
Security Build &
MaintainE1Config
Audit E1SoD
Compliance
Reporting erpAudit
Security Risk Management Compliance Integrity
Audit
SecurityQAudit
Find
& Fix
E1 Config
erpAudit
Two ways to Implement Security Control
Secure
& Comply
Accelerator
OR
QPlan
Security Risk Management Compliance Integrity
Implementing security in 3 simple steps
Step 1:
Automatically generate re-usable components.- From users, roles or task menus + fine cut
Step 2:
Automatically Include hidden & associated
programs.
- 1st level
Step 3:
Validate and build security.
- Auto check SoD policy
Extends benefits of
Roles Based Access
Control down to task
level components
Security Risk Management Compliance Integrity
Security & Compliance Issues
Volume 35,000 objects
300+ Security Parameters
Associated & Hidden
Applications
Solution Explorer
Multiple Roles
Segregation of Duties
Auditing
Security Risk Management Compliance Integrity
Security & Compliance Issues
Volume 35,000 objects
300+ Security Parameters
Associated & Hidden
Applications
Solution Explorer
Multiple Roles
Segregation of Duties
Auditing
- Resolved
New security in minutes
Changes in minutes
Reduces errors
Simplifies auditing
Improves performance
Security Risk Management Compliance Integrity
Solve Business Problems with ‘Good Security’
Audit Security – KNOW your status Map Security to Business Processes Build in SoD Make Security more Manageable
& Reduce Costs Consider Outsourcing
Security Management Compliance Management
& Reporting Bibby & Morbark & Majestic
Security Risk Management Compliance Integrity
If your job was at stake.....
Can you with certainty state thatusers of your JD Edwards system are locked out of the areas they should not be able to get to?
The BIG Question:
If your job was at stake.....
YES
You CAN!
Security Risk Management Compliance Integrity
White Papers:
Security Risk Management Compliance Integrity
The JDE Alliance: Here to help you ....
Security Risk Management Compliance Integrity
Agenda
Q Software: Who are we?
What are the Problems?
– Fraud & Compliance
– JD Edwards E1
Case Studies
Summary
Questions