eCybersec ERP security audit services from a different angle

Saturday, 29 March 2014 00:04 - - {{hitsCtrl.values.hits}}

An enterprise resource planning (ERP) system is a commercial software package that can integrate all information flowing through the entity. Enterprise Resource Planning (ERP) applications are today most critical and vital aspects to accelerating business growth and optimising operating processes. These systems will help with real-time visibility, better integration and seamless operational interactions across entire organisation departments. ERP systems contain functional modules (e.g., financial, accounting, human resources, supply chain and customer information) that are integrated within the core system and often interfaced to external systems. ERP implementations can create an IT and business risk exposure through such reasons like failure to implement application and IT controls into the new system, due to lack of segregation of duties, and lead to an audit risk with same time failure to comply with required regulations. During the development lifecycle of a new ERP system, it is critical to design and implement controls that assure data security and privacy. Many ERP implementations share common gaps that result in risks which are subsequently identified as audit findings. In recent years most large enterprises have made large investments in IT and the major area of such investments has been ERP or similar packages that are integrated and span across many functions and geographic locations of the enterprise, impacting every activity of the critical business. They have also embarked on projects to implement the next level of specific systems that sit on the foundation of the ERPs. In such a scenario, the dependence on IT by business has increased to such an extent that it is not enough if the security and control risks pertaining to IT (confidentiality, integrity and availability) are addressed and mitigated. The business needs much more from IT, namely in the areas of business IT alignment, benefit realisation and value and service delivery; therefore the scope of IS audit needs to be broadened to also cover these vital aspects. eCybersec MD & CEO Sanjee Balasuriya stated: “We are pleased and excited to offer our unique ERP Security Audit Services for Sri Lankan IT business market in a different unique approach. Our consultants main core competence would be proactively identifying the business controls and documenting how the ERP system meets them, produces better system documentation, and helps assure the organisation has a system that adequately minimises IT risk related to data security and privacy. Building the controls into the end to- end lifecycle of the ERP system benefits both the end users and implementers of the systems. Identifying and incorporating required controls into ERP solutions results in reduced risk, clearer requirements, a stronger system design, better documentation, and an improved audit posture.” He also stated: “Our ERP security audit professionals can evaluate the application security environment as it relates to the newly implemented system. We review application security controls to prevent unauthorised or inappropriate access to business functions, sensitive transactions and data, and system functions. This type of review of application security controls and user/group security profiles must be managed appropriately and closely linked to business processes and related controls. eCybersec will help to understand key risks and control issues surrounding the ERP systems. As an ERP Security Audit service offering consultancy company like, eCybersec is committed to delivering scalable solutions that meet the needs of fast growing small to midsize enterprises. Presently a few large enterprises in Sri Lanka have obtained our services to protect their ERP systems to run smoothly and mitigate security risks. We are privileged to perform comprehensive security audit services to leading global ERP systems like SAP, Info M3 & Oracle.” eCybersec one of the leading information security consultancy company in Sri Lanka and provides many IT security managed services. Recently they announced that a 24-hour cyber security operation centre project which will commence soon for the first time in Sri Lanka.