ERP Security Controls Monitoring (ESCM)

How secure is your ERP environment?

If you don’t have security controls monitoring tools, we can perform annual or periodic ERP security controls monitoring (ESCM) to quickly detect:

• ERP segregation of duties (SOD) conflicts and unrestricted access―We assist you in identifying and remediating security conflicts in your ERP system or identifying mitigating controls. In addition, RSM can prevent overanalysis of false positive/false negative results by customizing our rules to meet your needs, and we can retain them for future use.

  When it comes to SOD and sensitive access assessments, we know "one size does not fit all." Unlike many of our competitors, we customize our best practice rule book to meet your needs, greatly reducing the number of false-positive results, and we can retain that rule book for future audit needs, reducing the upfront time to perform a follow-up audit.

• SAP security vulnerabilities─Using our tool and methodology, we assess your SAP system, performing a scan of configurations, security authorizations and critical security-related OSS notes, and identifying vulnerabilities that could potentially expose your system to internal and/or external hackers. You will receive a clear report of all vulnerabilities found, listing remediation priorities for findings based on NIST and/or SOX.

If you have a governance, risk management and compliance (GRC) tool, we can:

• Perform GRC rules check-ups on your own tool―Organizations change. Use of system functionality can change. Are you aware that your GRC rules should also change? Having worked with numerous GRC tool rule-sets, our team will quickly assess your rules against leading practices.
• Increase your current tool’s value―Through our operational GRC tool assessment, we can identify ways to obtain maximum value from your current tool.

Considering purchasing a GRC tool? RSM can provide:

• Guidance when you purchase a GRC tool―We’ve worked with numerous tools, and our "scorecard" approach helps you identify the best GRC tool for your ERP, risk appetite, regulatory requirements and budget
• GRC rule implementation assistance―When it’s time to design and implement GRC rules that meet your needs and incorporate leading practices to satisfy your regulatory compliance needs, we can provide practical advice to make the process easier

Don’t wonder about the security of your ERP system. Call RSM.