Support  |  1-800-620-4210  |  
June
30
2020

Webinar: SAP S/4HANA Access – Do You Know What Risks Remain?

Savvy Executives know where the bodies are buried around SAP Access Risk.  They recognize that the quality and integrity of their financial reporting is dependent on SAP, but the complexity of the platform forces them to rely on sub-certifications and insurance policies to safeguard against personal liability, hoping to protect the integrity of their financial reporting.  How can executives abstract away the technology, know where to focus in order to build additional credibility, and provide much needed guidance – in effect, lead from the trenches?

Join Terry Hirsch, CEO of Security Weaver, to learn the questions every C-suite leader should be asking about SAP access-related risks. Learn how executives can lead their organizations to get clear answers to those questions and to mitigate emerging risks in real-time. Learn how leaders can avoid getting mired in the technical complexity of SAP and instead understand where the actual, imminent, and real risks are due to SAP user access. Leave knowing how to lower the risks, quantify the actual financial exposure, and protect both your company's and your own reputation.

Join our LinkedIn Security Weaver User Group for details on how to attend the webinar event, and to view the recording following the live session here.
 

Security Weaver
Support  |  1-800-620-4210  |  
June
24
2020

5 Ways an SAP Security Risk Assessment Can Help

SAP security issues are like fast rabbits; they multiply and are hard to trap. Moving to SAP S/4HANA will not help. Security issues that exist in your current environment will exist in your new landscape, and likely there will be more of them and they will be harder to catch. One of the best ways to identify and prioritize the issues that need to be fixed before migrating to SAP S/4HANA is to do a security risk assessment.

Join Devin McLaughlin, Senior Manager for Client Engagement & Global Service Delivery, to learn how a security risk assessment can help your organization increase control and eliminate security issues. Some of the questions Devin will cover include:

• How can you get a clear and detailed view of current risks?
• Where do you start to get an in-depth analysis of SAP user roles, security structure, and security processes?
• What tools and utilities can you use to align your risks with your risk thresholds?
• What modifications to your SAP security definitions are considered good practice?
• What improvements might make sense to reduce business process risks?
• What risk-informed improvements might make sense to your technical processes?

Join our LinkedIn Security Weaver User Group for details on how to attend the webinar event, and to view the recording following the live session here: https://bit.ly/2B6Atlo

Security Weaver
Support  |  1-800-620-4210  |  
June
16
2020

Webinar: Can You Reduce SAP Licensing Costs Through Simulations?

Does your company ever change? Of course it does. Growth, acquisitions, new business processes, new deployments in functionality, moving into new regions, are only a few of the many events that constantly drive change.  Any material change to the company will mean changes need to your SAP users and the SAP roles they need. Constant changes to SAP roles can make it difficult to cost-optimize SAP user licenses and even more difficult to predict your future licensing needs. 

Without insight into your licensing needs, you are likely overspending on licenses and it will continue. Join Kevin Kuestermeyer, Senior Product Manager at Security Weaver, as he discusses several ways to view your current license consumption, run “what-if” analyses to see the cost impact of changes, and anticipate your organization’s future needs.

Join our LinkedIn SWUG group for details on how to attend the webinar event, and to view the recording following the live session. Click here for details.

Security Weaver
Support  |  1-800-620-4210  |  
June
10
2020

Webinar: Getting Role Design Right

How do you design an SAP security model that works for your enterprise? Some companies trust employees explicitly, without worrying about fraud or material misstatement, but this is a risky proposition. Other companies think they don’t have the time, money, or resources to develop a new security model, so they just use whatever they have and try to make it work. Some companies create restrictive roles that prevent fraud, but impair productivity. However, some companies know how to design and build roles that are manageble and both effective at reducing risk and empowering users.

Want to learn how they do it?

Join Andy Hartley, SAP Security Architect with Security Weaver, to learn best practices for designing an SAP security model that works because it is simple to understand, manageable, and effective.

Andy will cover:

• Why SAP security roles are necessary
• What has changed over the years in SAP security role building
• What the key principles of design are and how to apply them when structuring roles
• What are some common errors companies make which haunt them later
• How and why resolving issues with role designs are complicated
• What designs work best

Click here for Webinar details.

Security Weaver
Support  |  1-800-620-4210  |  
June
1
2020

Webinar: Tips for efficient SAP access reviews

Most organizations know the pain of periodic mandatory SAP user access reviews. Which reviewers do you involve? What access, exactly, needs to be reviewed? Do you have the right data to do a full and proper review, or are you making guesses about people’s actual usage? Do managers really know what they are looking at? Who will coordinate this process? How do you easily and efficiently keep everyone updated on the status of the project? How long will the review continue and how do you know when you have done enough? These (and other) uncertainties lead to a process that is long, labor-intensive, and prone to human error.

Join Isaac Kimmel, Senior Product Manager at Security Weaver, as he discusses how to automate and improve the efficiency of periodic user access reviews. By understanding the common challenges of access reviews and how to overcome them, you can make the access review process not only more automated but more informed.

Option 1: Thursday, June 11th at 8:00am GST/ 9:30am IST/ 2:00pm AEST

Option 2: Thursday, June 11th at 8:00am PDT/ 11:00am EST/ 5:00pm CEST

For webinar details, click here.

Security Weaver
Support  |  1-800-620-4210  |  
May
26
2020

Webinar: Can you manage cross-application access risk?

Are you running SoD analyses across multiple platforms, including non-SAP applications, legacy platforms, and in-house systems? Managing access risk across such a diverse application landscape means added complexity and manpower. Centralizing access risk management can streamline your system and significantly reduce the workload on IT.

Managing your entire environment from one central hub means you can normalize rules and authorizations and centralize mitigation management, reporting, and requests/approvals. It means removing toxic transaction combinations, eliminating duplicate processes, and ensuring that your SoD rules will still be relevant when you migrate to SAP S/4HANA.

Join Dries Horions, Senior Product Manager with Security Weaver, for a free webinar to learn how to use SAP ERP as a single control cockpit to manage cross-application access risks.  He will discuss access management best practices and how access rules can be defined and harmonized across different applications. He will also cover how a single provisioning process for access control across a heterogeneous application landscape can be supported as well.

Option 1: Thursday, June 4th at 8:00am GST/ 9:30am IST/ 2:00pm AEST

Option 2: Thursday, June 4th at 8:00am PDT/ 11:00am EST/ 5:00pm CEST

For webinar details, click here.

Security Weaver
Support  |  1-800-620-4210  |  
May
20
2020

Webinar: SAP Access Risk - Do you know where the bodies are buried?

Executives whose companies run SAP know that the quality and integrity of their financial reporting is dependent on SAP, but the complexity of the platform forces them to rely on sub-certifications and insurance policies to safeguard against personal liability, hoping the effect will be to protect the integrity of their financial reporting.  How can executives abstract away the technology, know where to focus in order to build additional credibility, and provide much needed guidance – in effect leading from the trenches?

Join Terry Hirsch, CEO of Security Weaver, to learn the questions every C-suite leader should be asking about SAP access-related risks. Learn how executives can lead their organizations to get clear answers to those questions and to mitigate emerging risks in real-time. Learn how leaders can avoid getting mired in the technical complexity of SAP and instead understand where the actual, imminent, and real risks are due to SAP user access. Leave knowing how to lower the risks, quantify the actual financial exposure, and protect both your company's and your own reputation.

Webinar Option 1: Thursday, May 28th at 8:00am GST/ 9:30am IST/ 2:00pm AEST.

Webinar Option 2: Thursday, May 28th at 8:00am PDT/ 11:00am EST/ 5:00pm CEST

For webinar details, click here.

Security Weaver
Support  |  1-800-620-4210  |  
May
13
2020

Webinar: 10 Keys for Cost-Efficient SAP Access Management

What is access management, what constitutes the access management lifecycle, and how can you reduce the amount of resources involved in managing your SAP access without increasing risk? Join Kapish Rathi, Senior Product Specialist, as he outlines 10 keys to understanding the access management lifecycle and explains how, by using proven processes, data, and technology, you can achieve best-in-class security and compliance with the least possible cost in time, money, complexity, and staff.

In this informative webinar, you will learn how to do the following:

• Use a dynamic ruleset
• Utilize the right GRC architecture
• Automate mitigations
• Reduce licensing costs while reducing access risks
• Minimize manager bandwidth
• Automate provisioning for both persistent and temporary access
• Streamline authorization related incidents
• Streamline role management
• Provide the right data to the right people
• Reduce the workload on IT

Webinar option 1: Thursday, May 21st at 8:00am GST/ 9:30am IST/ 2:00pm AEST.

Webinar option 2: Thursday, May 21st at 8:00am PDT/11:00am EDT/ 5:00pm CEST.

For webinar details, click here.

Or to learn how Security Weaver can help you better manage your SAP access, click here.

Security Weaver
Support  |  1-800-620-4210  |  
May
7
2020

Webinar: What every CISO needs to know before running SAP S/4HANA

In the last year, 88% of companies experienced at least one cyber-attack and 84% of companies discovered fraud. Every year, five percent of revenue is lost to fraud and abuse. These are the things CISOs lie awake worrying about at night. And as the technology needed to run a secure enterprise becomes more complex, and the data more ubiquitous, the mandate of a CISO continues to grow.

It is vital, therefore, that CISOs understand how to effectively control their security landscape, especially when running SAP S/4HANA. And while technology is an important way to address this challenge, exceptional CISOs know that in order to effectively control their SAP S/4HANA environment, they must guard against too much initial focus on technology and first build a compelling business case for security.

Join Security Weaver’s Executive Vice President, Stephen Dubravac, to learn how leveraging proven frameworks, gaining a sound understanding of the nature of controls, and including both process improvements and compliance mandates in your security roadmap will help you build a solid business case.

Webinar Option 1: Thursday, May 14th at 8:00am GST/ 9:30am IST/ 2:00pm AEST. 

Webinar Option 2: Thursday, May 14th at 8:00am PDT/11:00am EDT/ 5:00pm CEST.

For the webinar details,click here.

Security Weaver
Support  |  1-800-620-4210  |  
May
1
2020

Webinar: 4 ways you are (or will be) overspending on SAP licenses

Thursday, May 7th, 2020

Everybody likes surprises, right? Well…not exactly. Especially when those surprises involve unexpected licensing costs. Predicting SAP licensing costs is no small task, and when your predictions are off it can mean budget adjustments that nobody wants.

But when you are manually managing SAP and other complex licenses across your enterprise, predicting future licensing costs (accurately) can seem impossible. You are likely spending hours and hours on research and assignment changes. You must understand how each user interacts with SAP and what authorizations they have. You must also understand how each license type is contractually defined in terms of user activity and user access rights. And whenever a user changes jobs, takes on new responsibilities, or changes their SAP usage patterns, their license assignment has to be reevaluated and possibly changed. And this only covers direct users. For indirect use, you must now track the number of documents created, which is an entirely new level of complexity.

It is no wonder, then, that optimizing licenses and accurately predicting licensing costs can seem unachievable. And moving to SAP S/4HANA only intensifies licensing challenges with changes to licensing contracts and increased complexity. In our upcoming webinar, we offer a solution.

Kevin Kuestermeyer, Senior Product Manager at Security Weaver, will discuss how to optimize your current SAP licenses and ensure you are not overspending on licenses when you move to SAP S/4HANA. He will also share best practices for how to efficiently pass SAP license audits and ensure there are no surprises.

Webinar option 1: Thursday, May 7th at 8:00am GST/ 9:30am IST/ 2:00pm AEST

Add to Google Calendar here

Add to Outlook Calendar here

Join Webinar here

Webinar option 2: Thursday, May 7th at 8:00am PDT/11:00am EDT/ 5:00pm CEST

Add to Google Calendar here

Add to Outlook Calendar here

Join Webinar here

Security Weaver
Support  |  1-800-620-4210  |  
April
22
2020

Webinar: Continuous Controls Monitoring of SAP

April 30th 8:00am GST/ 9:30am IST/ 2:00pm AEST.

Keeping up morale on your audit team can be a challenge when you must rely on sampling to produce results. Even after the long process of documenting, testing, and reporting on processes and controls has been completed, there is always a good chance that things have fallen through the cracks. It just isn’t a foolproof system.

If you have a small team and are running manual controls in an SAP environment, the situation is even more challenging. Controlling and auditing SAP environments can overwhelm even the most capable internal audit teams.

Join us for a free webinar to learn how to effectively orchestrate risk management while improving processes and mitigating security concerns, even with a small team. Shweta Jain, (CA, CISA, CFE), Head of SAP Audits and Controls with 16+ years of experience, will demonstrate how the Process Auditor module from Security Weaver enables small Internal Auditor teams to automate audits and efficiently control SAP configurations, master data, and transactions. She will share a proven methodology for success, pinpoint three critical control targets, and explain how to design controls that reduce risk and audit costs.

Add webinar to your Google calendar here.

Add webinar to your Outlook calendar here.

Join webinar here.

Security Weaver
Support  |  1-800-620-4210  |  
April
22
2020

Webinar: How your controls platform can mitigate SAP and business risks during the COVID-19 crisis

April 28th 8:00 am (Pacific)/11:00 am (Eastern)/5:00 pm (CEST)

With reduced staff and shoestring budgets, many companies are struggling to maintain the same level of compliance and security as before the COVID-19 crisis. If you are working with manual controls, the challenge is even greater.

Manual controls make it difficult to track risks quickly or effectively, and often alerts on security issues come too little, too late. It is almost impossible to manage overlapping regulations, maintain complex system configurations, and detect fraud and material misstatements early enough for effective intervention.

In addition to risk management, the process of documenting, implementing, executing, testing and reporting on controls takes more time and bandwidth than most organizations have at the moment.

The answer is a continuous controls platform. A good controls platform can improve compliance and business operations while mitigating business disruptions.

In our upcoming webinar, Gerald West, Head of Application Security and Controls Assurance at Serco Group, will share his experience and practical tips for flexing a controls platform on SAP. He will outline how Serco was able to improve business processes while simultaneously preserving controls in areas like vendor payments, data protection, and system security. He will also discuss how a controls platform can help mitigate some of the current business challenges caused by COVID-19.

Add webinar to your Google Calendar here.

Add webinar to your Outlook Calendar here.

Join Webinar here.

Security Weaver
Support  |  1-800-620-4210  |  
October
8
2019

Enabling Successful SAP S/4HANA Migrations

SAP S/4HANA is getting a lot of discussion these days. Control is key for a successful S/4HANA Migration. There are several ways Security Weaver can help.  Below is a simple outline of some areas where Security Weaver can help organizations reduce the risks associated with migrating to SAP S/4HANA and ensure they are always in control and meet compliance requirements before, during, and after migrating to SAP S/4HANA.

Licensing costs: Don’t be surprised by what it will ultimately cost to run SAP S/4HANA. Changes to indirect licensing can be trivial or material. Don’t be surprised by what it will cost you this year, next year, or the year after you move from counting indirect users to counting different document types. In addition to changes for how indirect access is licensed, many companies are also considering moving from activity-based licensing to access based licensing. What will that cost you? Click here to learn more.

User access risks: Whether doing a green field, brown field, or blue field migration, with thousands of new transaction codes and different tables, get the SAP S/4HANA matrix you need to understand your user access risks for your new SAP platform. Security Weaver is continually updating its Segregation of Duties (SoD) ruleset and has one that can help you manage SAP S/4HANA risks.  Click here to learn more.

User transaction history and RFC calls: When migrating to SAP S/4HANA, know what to test, who should test particular areas of SAP S/4HANA, and, equally important, know what doesn’t need attention and who shouldn’t be assigned to test something. At Security Weaver, we call this building a Goldilocks test plan – a test plan that does not test too much nor does it test too little. A Goldilocks test plan also ensures the right block of testing is assigned to the right tester. Further, knowing what integrations exist and are active in your current ERP and knowing if your ERP integrations are working as expected after cutting over to S/4HANA is a critical success factor for any migration project. Click here to learn more.

Business and technical role management: With the thousands of new transaction codes in SAP S/4HANA as well as the many table changes, inevitably roles will need to be resigned. But, how can organizations redesign roles efficiently and effectively so that the right access is provided to the right users? Security Weaver offers multiple capabilities to help companies accelerate and control their role design projects. Click here to learn more.

Streamline migration testing: Moving to SAP S/4HANA, means new roles and modifying existing roles. Once a new role is created or an existing role is modified, it needs to be tested, but testing takes time and is often not done properly by those assigned to test roles. When roles are not properly tested, they often fail to provide the access required. However, without clear test documentation, it is hard to know where the testing process failed and how to improve it and who to hold accountable. Security Weaver automates test documentation and even automates some testing activities, consequently, it ensures new roles are properly and efficiently tested. Click here to learn more.

Quickly resolve authorization incidents: With new transaction codes, new tables, new roles, and modified roles, the move to S/4HANA might impact users. Streamline resolving access related incidents by automatically creating help tickets, standardizing data collection, and simplifying research. Click here to learn more.

Eliminate password reset requests: Why have your staff distracted during one of the most important projects they will undertake this year? Moving to SAP S/4HANA requires diligent attention and daily interruptions by users who have forgotten their password hinder this. Instead implement a self-service tool that eliminates password reset requests. Click here to learn more.

There are other areas where Security Weaver can help. If you would like to talk with a Security Weaver consultant on these or other strategies and tactics for ensuring a successful move to S/4HANA, contact us today.  Click here to request an advisory session for migrating to S/4HANA.

Security Weaver
Support  |  1-800-620-4210  |  
May
28
2019

What is segregation of duties and why is it important?

If you’ve recently implemented an SAP ERP platform, congratulations! It means your company is growing and you now have a fantastic ERP tool at your disposal. Your approach to how you manage access to this platform, however, is vital. It can mean the difference between a secure, well-run organization and an enterprise that suffers fraud and material misstatements of its financials.

Many new SAP ERP administrators start out granting broad access to users in order to ensure the system can be fully utilized. But there is great risk involved in easy, broad access – the risk of fraud, accounting errors, and general mismanagement; all of which can cost millions of dollars. And when auditors come knocking, they want to see a strong balance between access and control. Auditors like to say, “trust is good, but control is cheaper.”

An important control to implement in your SAP environment is segregation of duties (SOD). SOD ensures that key processes are performed by different people to prevent fraud and financial misstatements. For example, if an employee is responsible for both creating and paying vendors, it would be easy to create fake vendors and route the payments to her own bank account. Separating these two tasks and assigning them to different people creates a natural barrier to fraud.

Establishing rules that identify SOD violations can be a complex and time-consuming process but is essential for assessing access risk and properly segregating functions. In SAP ERP environments the SOD ruleset (a.k.a. SOD matrix) must handle authorization objects and not merely look at transaction codes available to a user. Otherwise false positives will occur and make the reporting questionable.

False positives occur when a report shows SOD violations that are not really violations. For example, perhaps a user has access to two or more transaction codes that together would constitute a violation, but because the user only has the authorization objects with field values for display access for those transaction codes, the reported conflict is an error.

Often auditors have unique requirements based on a company’s unique operations, market factors, or regulations, and the ruleset must accommodate these auditor specific requirements. SOD-relevant custom transactions as well as SAP standard transactions must be accounted for by the ruleset. These complexities mean that when done manually, identifying, updating, and enforcing SOD rules can be expensive in both staff time and service fees.

Fortunately, there are tools that can eliminate much of this work. Security Weaver’s Separations Enforcer is particularly effective in helping to manage access risk in SAP. It enables rapid analysis of users across the entire SAP landscapes for both SOD conflicts and sensitive access risks, offers a function -based SOD matrix that is easily customizable and can automatically report on SOD-relevant custom transactions even if those transactions are not explicitly included in the ruleset, and provides reports that are fast, readable, comprehensive, and avoid false positives.

Security Weaver’s internationally proven and well-documented rules matrix makes it easy for organizations to rapidly implement a complete solution. Rules are easily maintained and updated and can handle complex logic at both the transaction and authorization level, and the solution can manage a wide variety of concurrent rule sets, making it adaptable for any organization structure.

Veteran managers of SAP ERP environments know they need a way to reduce access risks without causing productivity issues. Separations Enforcer is the solution to that challenge. For more information on this and other access management solutions, visit www.securityweaver.com or request a free demo here. Don’t leave the security of your new SAP ERP environment open to unnecessary and unacceptable risk. Put SOD safeguards in place today to keep your data secure, your reporting correct, your assets safe, and your auditors happy.

Security Weaver
Support  |  1-800-620-4210  |  
May
7
2019

How to make better management decisions with user data

With the SAPPHIRE NOW and ASUG annual conference underway  – and the theme of “Building an Intelligent Enterprise in the Experience Economy” – I have been thinking a lot about the intelligent enterprise.

One thing intelligent enterprises know how to do is make good decisions. But being decisive is not enough –decisions must be right. Going with the gut doesn’t cut it anymore. Good decisions need data. Decisions about what to sell, how to sell it, and how much to sell it for need market data. Decisions about how to make something and what tools to use to make it need operational data. And, decisions about how to manage SAP access, how to design a new role or change an existing role, and whether someone should retain their access, all require data. User activity data is especially useful when making decisions about SAP compliance and security.

User activity data enables businesses to make better decisions, faster, with regard to their SAP applications while simultaneously avoiding:

• unacceptable risk
• higher costs
• confused managers
• angry (and waiting) end users

Unfortunately, even when user activity data is available, it can be challenging to interpret and use effectively. Two management gurus, Megan MacGarvie and Kristina McElherann, in their book HBR Guide to Data Analytics Basics for Managers, explain that where there is an abundance of data but insuffient time or resources for extensive analysis, people rely on simplified procedures to help them make decisions. These shortcuts often lead to poor decisions and systematic mistakes.

It doesn’t have to be this way for SAP user management. Security Weaver’s Transaction Archive offers a solution to the challenges of gathering, analyzing, and archiving user activity data. 

First, it captures detailed user activity transaction histories and then allows managers and auditors to see, over years, detailed records for each user based on the transactions exercised in a given time period. Data can also be presented based on user group membership and other criteria. This provides an unprecedent level of data for detailed forensic reviews. Which means better decisions by security and compliance managers.

Second, Transaction Archive uses detailed user activity history to analyze the existing role environment. Transaction Archive determines which users are assigned a given role and what percentage of the role’s transaction have been executed by a single user, a group of users, or across the entire user population. Through advanced role analytics, administrators can understand role utilization based on the historical data. Using this data, administrators can confidently redesign or alter roles knowing that SAP end-users will not have their work impacted. In other words, with Transaction Archive administrators can make decisions about how to improve security and compliance without users feeling their freedom and productivity are, once again, being sacrificed in the name of security and compliance.

In short, better data = better decisions. And better decisions are at the heart of transforming an average company into an intelligent enterprise. 

For more information on how Transaction Archive can help you make better security decisions for your organization, visit http://www.securityweaver.com/solutions/role-lifecycle-management/transaction-archive.

Security Weaver
Support  |  1-800-620-4210  |  
April
17
2019

Prevent $1.77 billion in fraud with automated controls

India’s banking community was rocked last year with the news that Punjab National Bank (PNB), India’s second largest government-owned bank, was defrauded of $1.77 billion over a seven-year period. It is the biggest case of bank fraud in India’s history.

It started when Nirav Modi, an international businessman and high-profile jeweler to the stars, needed loans to purchase oversees diamonds and other precious stones for his business.  His company requested LoUs from PNB to secure these low-cost foreign loans to pay suppliers across the globe. The Brady House branch in Mumbai, managed by Deputy Branch Manager Gokulnath Shetty, granted him LoUs with no cash margin (it is usually 100%), no credit limit, and no required 90-day repayment terms.  When the loans came due, rather than pay them off, Modi simply requested another LoU from PNB and Shetty would send it, allowing Modi to continue to receive funds to import his goods.

Because Shetty operated directly through the SWIFT system without registering the transaction with PNB’s Core Banking System (CBS), there was no history of any of these transactions. Furthermore, Shetty was responsible for both making and checking entries, a segregation of duties conflict that allowed him to operate undetected. This could have been prevented with a segregations of duties tool such as Security Weaver’s Separations Enforcer.

There were multiple additional violations, including Shetty sharing SWIFT code passwords with other employees to approve transactions while he was on leave, and Shetty’s multiple transfer orders to other branches being ignored or overturned. This went on for seven years, with no repayment of the loans and the oversees banks continuing to accept LoUs on the promise of PNB’s good name.

The internal controls PNB was using to manage its banking processes were inadequate. There was no mechanism in place, for example, to ensure that SWIFT transactions were being recorded in the system, and no way to check that those transactions were matched to the appropriate LoUs. Here are a few more examples of some controls that, had they been implemented and monitored appropriately, would have prevented PNB’s $1.7 billion loss:

1. Flag any LOU issued without collateral
2. Flag any LoU issued with more than a 90-day repayment period
3. Flag frequent release of LoUs to the same beneficiary
4. Flag a high number of LoUs issued to the same beneficiary
5. Flag any SWIFT transactions for LoUs without collateral

How many other banks are sitting on a similar time bomb? Beyond their own losses, how will that affect their supply chain? Remember, PNB’s partners are potentially on the hook for some of those losses. Do you know If the partners you do business with have adequate controls in place? What will it cost you if they don’t? And are your controls sufficient to protect your company from similar cases of fraud or mismanagement?

Security Weaver’s Process Auditor offers an automated, continuous controls platform designed to help organizations visualize and catch risk patterns within their system at the core process level. Process Auditor’s 130 out-of-the-box templates allow companies to streamline the design, development, and documentation required to deploy process controls for Order to Cash, Procure to Pay, Development to Production, Hire to Retire, and Financial Reporting. For example, enterprises can immediately detect and prevent duplicate payments or detect and alert whenever an employee and a supplier have the same bank account.

Click here for more information about how Process Auditor can help you create a secure, continuously monitored controls environment.

Security Weaver
Support  |  1-800-620-4210  |  
April
3
2019

How could automated controls save you $122 million? Ask Google.

Through a sophisticated and increasingly common scam called “Business Email Compromise,” Evaldas Rimasaukas, a Lithuanian national, recently tricked Google and Facebook employees into wiring $122 million dollars to fraudulent bank accounts.

First, Rimasaukus registered a company in Lithuania with the same name as Quantas, a computer hardware company out of China that does legitimate business every year with Google and Facebook. Rimasaukas then opened bank accounts associated with his fictional company and sent emails to Google and Facebook employees that appeared to be from employees of Quantas, followed by invoices and wiring instructions to the fake accounts. The emails and invoices sufficiently mimicked previous Quantas invoices – enough to fool the Google and Facebook employees – that they complied with the requests. Once the funds were wired, Rimasaukas quickly siphoned them to various accounts around the world.

How could this happen to two such large and presumably well-run companies? Both Google and Facebook were using manual controls in their ERP system – manual controls that could not prevent major fraud.  When Rimasaukas created fake bank accounts for his fake company, he made sure that the account numbers were close enough to actual Quantas account numbers that the differences were difficult to detect without close inspection. He counted on the accounting department using manual controls and being overwhelmed by work.

Had the process involved sufficient controls, the fraud would have been detected immediately and prevented. A great strength of automated controls is that they work well for small companies and can scale to companies as large as Facebook or Google. Not only do automated controls reduce time spent on conducting and supervising financial processes, but they also eliminate human error.

Automated controls have several additional benefits beyond employee time and error prevention. They ensure that processes are better defined, they enable companies to measure important quality metrics for their processes, and they help process owners improve them. They also reduce the time and costs of audits because auditors can test the controls which can materially reduce the substantive testing (sampling) requirements.

Process Auditor from Security Weaver provides an imbedded continuous control monitoring platform that supports custom control and risk management requirements. It offers an extensive template library of over 130 controls with a workbench to change existing controls or develop new ones. Process Auditor functions across both complex and heterogeneous environments and allows companies to leverage their existing expertise in ABAP and Java technologies. As it supports environments from SAP R/3 to SAP S/4 HANA, there is no need to buy, deploy, manage, or secure a separate database.

Visit http://www.securityweaver.com/solutions/continuous-controls/process-auditor/ for more information on how Process Auditor can strengthen your controls environment and prevent business losses.

By the way, how much of the $122 million did Facebook and Google recover? Less than $50 million. Bummer. If only there had been $300K in the budget for automated controls a couple of years ago.

4 Comments