ERP System Controls
April 1, 2007
The Sarbanes-Oxley Act nudged mobile operator and network provider T-Mobile UK, a division of Deutsche Telekom's T-Mobile International subsidiary, toward a startling revelation.
"We realized that we effectively handed out 5,500 keys to our front door, and we didn't know how they were being used," says T-Mobile UK's Hertfordshire, England-based Shelly Sethi. Sethi's title -- SAP NetWeaver and security manager -- sounds less balanced than his background; he's a former finance manager and an Associate Chartered Accountant (ACA), which is the equivalent of a CPA in England and Wales.
The front-door keys he's referring to are the access rights any company with an ERP system grants employees to enable them to conduct specific transactions in the system. The use of those access rights should be carefully monitored and managed, but that frequently doesn't happen at most companies that use an ERP system. That lack of oversight allows segregation of duties (SoD) violations to flourish.
A common SoD violation, for example, occurs when an employee who is allowed to approve an invoice in the ERP system is also allowed to use the system to pay the invoice. That ability, or access, is commonly grouped into "roles." Access controls establish which employees can have certain roles to perform specified transactions within the system. A company can maintain airtight controls around the manual invoice and payment processes that occur before and after process data is entered into the ERP system, but that discipline is undermined if the same controls do not govern the way in which employees use the system. This issue formed the basis of Sethi's business case when he proposed a new way to identify and eliminate SoD and access-control problems at T-Mobile UK.
T-Mobile is hardly alone. The vast majority of ERP-equipped organizations can expect to uncover tens of thousands to hundreds of thousands of SoD violations when they pop the hood of their financial systems. A hefty portion of those breaches can derail regulatory compliance efforts and create even larger risks.
Now, a high-risk SoD violation does not necessarily mean that any fraudulent activity exists or that manual errors will occur. Rather, SoD violations indicate that both problems can occur. SoD violations frequently result from workarounds. They occur when system users circumvent standard roles in the system, usually in favor of quicker, but riskier, ways to pay a vendor, correct an invoice, order materials or perform some other transaction in their process area.
Sethi's initiative, which has since been adopted by other T-Mobile International subsidiaries (and is currently being considered by Deutsche Telekom itself), sought to strengthen regulatory compliance and improve business processes by reducing those workarounds. The approach that his team devised requires a blend of technology, people and processes that befits Sethi's hybrid finance-IT background.























Wholesale Radio Wholesale
Wholesale Radio
Wholesale Sticker
Giveaway Material Money Bank 0.382259151
Book Light
Hockey Stick
Wholesale Scale Wholesale USB Products 0.422603815
Electrical Gifts
Wholesale Golf Products
Wholesale Socks Name Card Holder 0.200397374
Book Light
Wholesale Bookmark
Wholesale Glasses Silicone Products 0.117456529
Beauty Equipment
Christmas Gifts
Wholesale Toys Wholesale Socks 0.095547818
Wholesale Whistle
Wholesale Pen
Wholesale Scale Wholesale Clothes Rack 0.388180828
Wholesale Binoculars
Wholesale Vase
Wholesale Mirror Promotional Gifts 0.270521704
Waterproof Hard Case
Fleece Blanket
Wholesale T-Shirts Home Appliances 0.412245765
Wholesale Bag
Coin Cards
Wholesale Clocks Newtons Cradle 0.85622108
Wine Set
Foldable Hat
Tangle Wholesale Ashtray 0.119214635
Promotional Gifts
Wedding Place Card Holder
Wholesale Vuvuzela Industrial Supplies 0.909802442
Health Care Products
LED Light Bottle Opener
Wholesale Banner Wholesale Clap Hands 0.334172416
Wholesale Golf Products
Writing Instrument
Flash Gift Arts Crafts 0.614078549
Industrial Supplies
BBQ Grill
Sport Support Products Wholesale Speakers 0.547041472
Wholesale Glove
Wholesale Pedometer
Recorder Pen CD Holde 0.11732296
Flash Gift
Pom Poms
Wholesale Mug Wholesale Magnifier 0.877146729
Wholesale Carabiner
Wholesale T-Shirts
Wholesale Pedometer Coca Cola Gifts 0.323936869
Wholesale Clap Hands
Notebook Calculator
Fleece Blanket Cleaner Products 0.448037867
Advertising Material
Bottle Carrier
Wholesale Belt Wholesale Bookmark 0.804206401
Silicone Cake Mould
Banner Stand
Wholesale Stress Ball Outdoor Leisure Products 0.909735285
ERP systems automate the
ERP systems automate the activity with an integrated software application. Their purpose is to facilitate the flow of information between all business functions.