ERP Risk Analysis Services

ERP Risk Analysis Services

average annual growth rate in the world and Turkey exhibits a 10% ERP system is a special and important in supporting the activities of the company with various business software products. Developed after the Materials Resource Planning and Manufacturing Resource Planning systems, ERP has become widespread in companies that provide production-based services in a short time. Integrating the basic business processes and functions of the business into a single structure, ERP system is a standard software package consisting of many parts. When the system is implemented correctly, it is a structure that provides a safe, information-sharing environment that provides efficiency, profitability and cost advantages to the business. However, there are some risks during project implementation.

The most important process in ERP applications is the correct planning of the institution's needs and the modification of the ERP package for these needs. During the applications, consultants work hard and the company project team and end users spend time to complete these steps. At this stage, one of the most important issues is not to ignore the audit. General risks regarding ERP systems and infrastructure issues encountered as a result of various examinations and observations can be listed as follows:

1. General safety parameters are not applied

The first problem encountered in companies is that general security parameters are not applied. It is among the prominent problems that systems do not comply with the password parameters or passwords are not complex or of sufficient length. System users can use passwords that do not have to be changed at a specified time interval. In addition to this, the continuation of the project and tests on the system over multiple terminals with the same user name leaves the parameters of starting the system open due to the presence of common users as a result of license concerns. Since the time-out parameter is not applied on the system, the system does not exclude the user who did not operate for a certain period of time. Another vulnerability is that the parameters that regulate the users with unlimited authorizations in SAP and Oracle and which make these users inactive and not used in the live environment are not implemented correctly and that these users can be used on the system.

The security values ​​of ERP systems being lower than the standards can cause many problems. Such situations cause unauthorized users to operate with higher powers in the system, and responsibilities cannot be determined in the transactions.

2.Not all user names are unique on the system

Another problem that is frequently encountered in ERP systems is the user names that are opened for trial, test and similar situations during the project phase, but are still used when the system goes live. With trace tracking strategies, transactions with such usernames can be examined. However, it is very difficult to control the transactions made with unidentified user names and to determine the responsible of the transactions made with these user names against the legislation.

3. Authorization, Superuser (Authorized User) problems and situations contrary to the principle of separation of duties

In ERP systems, it is very important to define the user privileges correctly and to integrate them into the system. In this way, only the officers and related persons can perform transactions, the boundary between the officers will be protected and the segregation of duties (SOD) can be applied.

In ERP applications, user rights granted in some stages of the project without test based or correct identification involve some security risks when the system is started to be used live. This will ensure that the user rights are listed before the transition to the live system and the programs that will determine the conflicts according to the standards and the user rights are reviewed. Thus, the security level of the system will increase. However, it is very important to identify the users with whom superuser rights are granted as the right people.

4. Providing operating system, database system and ERP system integration

Firms that make changes to the database and operating system infrastructure may not have reached a sufficient level of security in new database and operating system environments. Companies that have switched to the new database and operating system may face problems that affect the entire system, such as accessing the database where the ERP system is working efficiently and other environments have security vulnerabilities and accessing the database where these vulnerabilities are on ERP, and services such as HTTP, FTP, NTS on the operating system are open. In such cases, security experts are required to perform tests that will make the whole system more robust. However, not using the warning and trace recording functions of ERP systems may also leave companies in a difficult situation against some security breaches.

5.Using predefined passwords

In ERP systems, operating systems and database management systems, the fact that the predefined high rights passwords are not modified when live use also causes problems. Such situations can pose security risks such as connecting unauthorized persons from outside and damaging the system.

6.Lack of policy and procedure

Identifying the people who will manage the system after the live environment in ERP systems, publishing the approved procedures that determine the activities to be managed and explaining the management levels will increase the awareness of security in the company and will enable users to adapt to the ERP system.

Performing and reporting controls during the processes is another factor that will affect the success of the whole project. In this context, the following steps can be followed:

- Identification of users with high level of access rights in the ERP system,

- Making authorizations for the profile of such users,

-Determination of users who will have critical rights,

-It will improve the security infrastructure in the ERP system and system at maximum efficiency

making the parametric settings to use,

- Analysis of principle of separation of duties of all users,

-Security and critical system tables analysis,

Managing the ERP system in software development and change management standards.

An independent audit firm's external review of the system can lead to risk reduction or reduction. A secure and systematic structure is extremely important for both the company and the ERP provider.

 

How can we help you?

As SDM Software Services, our aim is to increase your performance by supporting the activities of your company with various software products, to give you full support about ERP, which is an indispensable system of our century thanks to this feature, which manages all the data in different departments together. ERP, which has standard software packages that can be used in all sectors and can be customized during its installation, fulfills the needs of many companies in an appropriate way with its functions such as accounting transactions, creating specially shaped documents such as invoices, dispatch notes, receipts and human resources management. SDM Software Services, ERP Risk Services, which provides services in line with the strategic goals and objectives of businesses, provide solutions and services in current approaches such as customer relations management, human resources practices.


Cookies enable us to offer our www.sdmyazilim.com.tr website and services more effectively. For more information about cookies, visit our Cookie Policy .