Would you lose your job if someone created a dummy company in your system and defrauded the business of €1m?
PWC’s Global Economic Crime Survey 2016* found that found that 40% of the organisations they surveyed in Western Europe had experienced economic crime over the previous 2 years, and that internal fraudsters were responsible for almost half of the incidents.
If you’re responsible for JD Edwards EnterpriseOne security, can you assure your Financial Director that you’ve taken all possible measures to prevent an employee committing fraud?
Many JD Edwards organisations find it almost impossible to provide such assurances. EnterpriseOne security is complex and there are many different ways for users to access programs, which makes it very difficult to find out exactly who can access what and ensure that security is completely effective.
Segregation of Duties (SoD) management and reporting – a major means of preventing fraudulent activity – is particularly difficult as JD Edwards has no means of holding SoD rules and checking users’ access against them.
Identify Risks With Regular Security Audits
Whatever means you use to manage your JDE security, conducting regular security audits should be a crucial part of your fraud prevention strategy. But in practice this can be problematic, taking inordinate amounts of effort to produce results that are of dubious value.
Typically security audits involve custom reports especially written by IT technicians, complex spreadsheets that hold SoD rules and manipulate data exported from the JDE system, manually cross-checking currently available reports or a combination of all these. The process is:
- dependent on skilled technical resources
- long-winded, time-consuming and very tedious
- prone to error and therefore unreliable
- difficult to repeat frequently enough to assess improvements or degradation over time and ensure that security stays clean.
Now It’s Easy To Audit Your JD Edwards EnterpriseOne Security
With our new QCloud Automated Audit you can conduct a security audit of your JD Edwards EnterpriseOne system whenever you need it, without any demand on your technical team.
You can just log in to QCloud portal to trigger an audit of your live system and the results will be available within 8 hours.
However you manage security within JD Edwards, the audit analyses your live security to identify vulnerabilities and make recommendations for improvements with regards to:
- General Security
- Access to Critical Programs
- Access to Master Data Programs
- Data Security
- Segregation of Duties.
It also provides detailed reports to enable you to drill down to investigate specific vulnerabilities, such as users with Segregation of Duties violations.
So it equips you with the information you need to close the security loopholes within your JDE system – by whatever means you chose to manage your security.
Continuous Improvement: The Remediation Cycle
With this efficient and cost-effective means of auditing security it is now feasible to implement a remediation cycle of identifying weaknesses, fixing the problems and running the audit again to check the effectiveness of the fixes.
To help you keep your system clean, this can be repeated regularly to ensure that new violations and vulnerabilities are brought to your attention.
So now, however you prefer to manage your JDE security, you can regularly analyse its effectiveness and pinpoint weaknesses that leave you vulnerable to fraud.
Find out more about the easy way to audit JD Edwards EnterpriseOne security or get in contact with us.