ALLOut Blog

 

Compliance Does Not Stop at Segregation of Duties

Compliance efforts as they relate to security are often thought to end once Segregation of Duties has been achieved. In reality, that is just the beginning.  Really achieving compliance in system security includes managing access to confidential or critical information, ensuring only appropriate access is in place for all users, that changes are authorized and so much more.

Here’s the problem with most Security Audit Reports…

How does The Board and your top management assess the value of Security Audit reports to support their risk assurance?  What do you have to report on and what should you give them?

Three basic requirements of any audit report are as follows, and Security Audit Reports are no different:

Segregation of Duties Concepts

Segregation of Duties (SoD) is the concept of internal controls which attempt to ensure that no single individual has the authority to execute two or more conflicting, sensitive transactions with the potential to impact financial statements. Often these controls are to prevent a single individual from being able to carry out a complete process, without collusion from another individual. Read on....

Reporting on User Access in JDE

Auditing changes within E1 can seem daunting! But you can easily audit your History Table for User, Role or Menu changes and identify what was done, when, by whom. Your auditors and going to love this!

Exclusive & Inclusive Row Security

Row security in JD Edwards (JDE) EnterpriseOne (E1) is used to protect the data in tables from being viewed and/or updated by unauthorized users. There are two strategies for implementing Row security (Exclusive or Inclusive). While Exclusive can be used to “Manage Exceptions” and the E1 installation defaults to this setting, Inclusive is considered the stronger method for effectively managing data security for a true closed system and to ensure a more painless audit.

The strategy for managing data security is a system setting so one method of the other must be selected and Exclusive is considered the industry standard.

Pages