Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Subscribe to this list via RSS Blog posts tagged in Authorization Review
Hits: 6459 0 Comments

What? It’s already the third quarter? Yes, it is. We suddenly realized it ourselves, and wanted to make sure to remind you authorization managers and CISOs what you’ll be facing during this second half of the year. We’re assuming that these three things are already on your task list for Q3/Q4 (and if not, they should be), but we thought it would be nice to summarize them anyway.

iStock_000020142404XSmall.jpeg

Continue reading
Hits: 7941 0 Comments

Oh Mama!

Although the title of this blog refers to mothers, it’s really referring to anyone who’s not technically savvy. The people that, when you tell them that you’re the new authorization manager at your corporation will squint their eyes and say, “Well, I’m sure it’s great and everything, but what does that mean?” The family members who, when they want to show off to their friends, tell them how very talented you are and how you’re “doing something with computers.” Even your kid who embarasses you when he tells his 9th grade class that his father “fixes computers.” Then you realize that you have a problem giving a clear explanation of what you do.

 

Continue reading
Hits: 7732 2 Comments

“Conscious uncoupling,” (see goop) the fancy new age words that Gwyneth Paltrow and Chris Martin are using instead of the word “divorce” do feel a bit weird, but there is some truth to the approach that I think can actually highly benefit certain events the SAP world. In fact, without a “conscious uncoupling” approach to employees in the SAP world, a great deal of work might go to waste.

iStock_000005261770_XSmall.jpeg

Continue reading
Hits: 5472 0 Comments

True Story

A customer from a large enterprise came to us and said, “Our company has an ‘open policy.’ We trust our employees, so we grant all of them SAP_ALL. We know that SAP_ALL includes all authorizations in the system but everything’s working fine and our authorizations are very easy to maintain, as you’d expect. But we need to spot the people who are taking advantage of this freedom and going beyond their permitted activities; those who are misusing their authorizations and, based on their job descriptions, going where they’re not allowed. For instance, we have a sneaking suspicion that some people in the warehouse are exploring payroll records.”

iStock_000034870080Small.jpg

Continue reading
Hits: 6338 5 Comments

What’s really going on with your employees’ authorizations? Are they all in use, or should some be removed? Are you complying with SOX requirements? If you are like most people it’s just too much. Here's an eBook that will help you solve that problem. The link below will give you access to the free 50-page eBook about conducting a successful Authorization Review. It’s loaded with tons of knowledge, tips and tricks, and it’s based on years of our experience and experience from our customers.

authorization_review_book_cover.png.pagespeed.ce.9CzrcVjioB.png

Download_the_Complete_eBook_button.png

Continue reading
Hits: 6327 0 Comments

(This is the short version of an article regarding the most popular T-Code used to analyze SAP Authorizations. Download the full SUIM article including examples and screenshots).

When it comes to SAP audit time, auditors will direct security administrators to run a set of reports on User Information System using SAP Transaction, or T-Code, “SUIM”. This allows them to inquire on users’ SAP authorization data and sensitive objects.

Continue reading
Hits: 9438 2 Comments

If you’re like most CIOs, CISOs or internal auditors that work in a company that has implemented SAP, every day you have to contend with overloaded terms like “Profile,” “Authorization Role” and “Authorization Object” and quotes such as “This person can't access the company code because he doesn’t have BUKRS in his profile.” Don’t worry. You’re not the only one who feels like they speak a different language. Keep reading.

b2ap3 thumbnail iStock 000019343616XSmall

Continue reading
Hits: 11007 0 Comments

One of your accounting clerks just left on maternity leave (congratulations to Sally). Another employee is replacing her and thus has the new responsibility of performing Invoice Reconciliation (good luck to John). To perform this task, John needs to open a new request in the portal for the proper authorization. Then he must browse through the business process list and select Invoice Reconciliation, add an explanation for the request and submit it. The financial top-user receives the request and approves/disapproves it. Upon approval, John is automatically assigned the required authorization role, and even receives and email indicating this.

iStock 000015614694XSmall

Continue reading
Hits: 5647 0 Comments

Does the following dialog ring a bell?

Auditor:                   How in the world was activity FS02 (Change G/L Account) not marked as high risk?!
Risk Manager: Well… it was marked… but then John told me to remove it…
Auditor: Can you show me the email from John?
Risk Manager: Well… it should be here somewhere… let me try and find it…

iStock 000016727717XSmall

Continue reading
Hits: 5617 0 Comments


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com