Home / Blog / Why Review Your ERP System Access Strategy
Why Review Your ERP System Access Strategy
Author: Rob Bradsell, Principle Consultant
Published: 27th January 2022
Data Security has always been a hot topic, with many companies adopting the latest strategies and technology to keep their data safe from 3rd parties. However, many fail to notice that while they may be doing a great job at protecting their data from external threats, they often slip up when protecting their data internally.
“Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.” – What Is Data Security, IBM
Protecting your data internally also includes controlling your ERP, ensuring that users have the correct access to the data they need at the time they need it. Whilst it may sound simple enough, many companies have limited, or sometimes no controls in place to ensure the appropriate security levels are adhered to.
We have seen many companies fail to get their user access strategy right, with previous customer reviews showing many users having a much greater level of freedom in the system and to the data than needed. We have even seen companies that allow everyone into payroll and payroll data including employees’ salaries and benefits. You can imagine the issues that may arise from that situation.
Some of the Root Causes
So, how does this situation occur? It can be for a number of reasons but most commonly we find that it’s due to companies copying user roles from one to another, without realising or properly understanding the level of access the original user had. Sometimes we find that the security levels within the ERP system are misunderstood by those with administrator rights, or we find problems resulting as a combination of these scenarios.
To prevent staff from accessing data they shouldn’t, companies need to have a strategy in place that enables tighter and stricter controls around the access that their users have.
ERP Access Strategies
What strategies should your Company consider implementing in order to get your ERP Access Strategy right?
Decide what data is confidential.
What is deemed to be confidential data and who within the company is to have access to this data? This could include payroll sensitive data, company bank accounts, Gross and Net Profit %, financial information such as Profit & Loss and Balance Sheet Reporting.
Define roles and responsibilities.
Clearly outline each role within the company and what security levels that role is required to have. This includes looking at whether that role is to have access to Enquiry, Maintenance and Reporting capabilities in the various modules.
Set up company roles and access levels within the ERP system.
Once the roles within the company have clearly been defined, set up the access levels in the ERP system to mirror these responsibilities. These levels should then be tested and reviewed before rolling them out to the user.
Perform regular system audits.
Conducting regular checks of user access levels to identify who is accessing what information is critical to ensure the integrity of the system. These regularly performed audits should be done to ensure users are pointing at the correct role. This is most important when an employee has had a role change and/or new roles are added to the user.
Alert notifications can also be utilised in certain circumstances. For example they could be set to send emails to appropriate people to show who may have accessed certain data or to identify that data has been changed e.g. banking details for suppliers, employees etc. There should be some sort of written policy in place advising that company data is to be treated with the greatest degree of confidentiality.
Remove ex-employees.
Ensure that employees who have left the company are made inactive so that they can no longer log into the system and access data. This should be part of the employee off boarding process and should be signed off by the Department Manager and IT team.
Carefully define new user privileges.
Similar to the off boarding process, the on boarding process should include access rights and privileges for the new user to be agreed upon and signed off by the Department Manager and IT team.
How is your Company Handling ERP Access?
Having an ERP Access Strategy is vital for your Company to keep on top of who is in your ERP system, and what security level they have. While conducting an internal review of your ERP systems’ user access can be a lengthy process, the establishment of appropriate procedures and regular system audits is important in keeping confidential data safe.
If you need guidance in keeping your data safe we are here to help. Get in touch with Scope Systems and we can work together to develop and implement an effective ERP User Access Strategy.
Discover more.
24th January 2024
Entering a new year allows us to examine the top risks and opportunities that are top of mind for mining and metals industry executives in 2024. If you haven’t already read it, Ernst and Young's report - "Top 10 business risks and opportunities for mining and metals in 2024" has detailed breakdowns of the key industry trends.
Read More
6th October 2023
Scope Systems and PeopleTray Announce Strategic Partnership to accelerate the delivery of workforce management software to the mining and mining contracting market.
Read More
26th July 2023
The Parked Supplier Invoice Approval System is a Pronto Xi enhancement created by Scope Systems that provides you with additional functionality by adding the ability to edit and include an approval process for invoices.
Read More
14th March 2023
The RIU Explorers conference this year saw a packed full house of over 1800 delegates and 200 exhibitors in the Esplanade Hotel, Fremantle. Both exhibitors and attendees there had a pretty bullish outlook, despite the repeated doom and gloom in the media.
Read More
29th November 2022
With staff retention a key issue currently facing the mining industry, discover why digital automation is key to increasing you workforce engagement.
Read More
13th October 2022
The mining industry has once again faced many challenges this year, with a major one again being the microscope the industry has been put under for its male-dominated culture. This year’s Australian Mining Risk Forecast has been recently released by KPMG and it’s an interesting read on what is top of mind for mining executives.
Read More
18th August 2022
Take a look at the year in review. From the RIU Explorers conference to Diggers and Dealers, our Sales and Marketing Manager Sonia Turner give her summary of the financial year.
Read More
8th August 2022
E-invoicing isn’t a new idea, the first electronic invoices were sent over 30 years ago through an electronic data interchange. Since then, e-invoicing has developed into a safe and secure way for suppliers to automatically and digitally exchange invoice information to customers through a secure network. So why move to e-invoicing and what are the benefits it can give to your company?
Read More
28th July 2022
Starting up an exploration venture requires careful planning of capital, with keeping costs to a minimum one of the highest priorities for a company. One aspect of keeping costs low can include the business systems designed to help control expenditure.
Read More
12th July 2022
Why partner with a software solutions specialist? Is it worth considering or are you better off managing on our own? To answer these questions, let’s look at what a specialist like Scope Systems can bring to the table.
Read More
28th June 2022
Companies today are more diverse then ever, finding they to have multiple software solutions to add extra functionality to their system. Having an integrated solution allows all your systems to 'talk' to each other , with your ERP acting as your primary system.
Read More
14th June 2022
For some companies, the idea of training staff to use new or existing software is a no brainer, recognising the benefits to the company from the outset. Others are more hesitant, with questions such as if there will be any tangible benefit, what will the true ROI be and what’s stopping staff jumping ship to another company after.
Read More
30th May 2022
From March 2022 a new domain name category has become available for Australian domain names, with the new, shorter .au name arriving.
Read More
24th May 2022
Budgeting is one of those unavoidable tasks that most of us would prefer not to do, investing in a budgeting solution can help improve your processes.
Read More
4th May 2022
A password is the first line of defence in protecting not only your own personal data, but also confidential company data. Check out our tips for creating a strong and memorable password.
Read More
19th April 2022
Are you ready for the upcoming reporting changes for STP Phase 2? Learn what you need to do now to prepare and what to expect.
Read More
5th April 2022
For data to be transformed into understandable information it first needs to be stored somewhere accessible, most commonly in a Data Warehouse or Data Lake.
Read More
28th March 2022
With accurate inventory data, you can measure supplier performance and help reduce extended lead times across your mining supply chain.
Read More
24th March 2022
Ensuring your multiple tenements activities are being recorded and reported on is vital, as failing to do so can affect your whole mining operation and lead to costly penalties.
Read More
14th March 2022
An inventory management solution will give mining companies data-driven insights to help increase profits by focusing on having the right stock to meet demand.
Read More
{"slides_column":1,"slides_scroll":1,"dots":"true","arrows":"true","autoplay":"true","autoplay_interval":2000,"speed":300,"lazyload":""}
