Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Yoav Michaeli

Yoav Michaeli

Yoav Michaeli joined Xpandion in 2008 as a team leader, and in 2010 Mr. Michaeli began managing the entire Research & Development group of the company. Prior to joining Xpandion, Mr. Michaeli served in an elite technological unit of the Israeli Defense Forces as a team leader for various key military projects. Among other achievements, he was instrumental in pioneering the use of advanced .NET technologies for large scale distributed systems. Mr. Michaeli is an expert in programming, agile development, application security and specialized programming techniques.

How you can maintain GRC compliance if you have users with dangerous SAP_ALL

(This is the short version of an article regarding the pervasive SAP_ALL Authorization Profile. Download the full article including examples and screenshots here).

Continue reading
Hits: 8331 0 Comments

Believe it or not, SAP wants you to be its customer. Moreover, SAP wants you to be a satisfied customer so that your company will purchase other SAP management solutions in the future. If you have always assumed that negotiating SAP contracts is impossible (as impossible as negotiating contracts with a bank, utility provider, cell phone operator), then assume again.

iStock 000016626890XSmall
Continue reading
Hits: 7147 0 Comments

Imagine the following scenario: you’re about to go to the supermarket, your wallet is in your pocket with a $50 bill in it. Just before you leave the house, your spouse asks you to buy something from the pharmacy and gives you a $50 bill as well. You put the money in your pocket and leave to the mall. The question is, how much money do you have?

iStock 000000331386XSmall

Continue reading
Hits: 7009 0 Comments

I’m sure you heard this kind of dialog before:

“We need to remove one of your authorizations immediately”

“Why?!”

“Because it violates a segregation of duties rule”

“Which rule???”

“Something to do with the financial auditors”

“But you can’t, I need it to do my job!”

“I can’t do anything about it, sorry. It’s a requirement coming from management”

Continue reading
Hits: 6323 0 Comments

IT activities in most enterprises fall under internal rules and regulations. Transferring objects to the production environment or creating them – is no different. Companies usually have a process for transferring T-Codes into the production environment or creating new user queries in the global queries area. Such a process begins with creating the object in the development system according to a design case; followed by testing it in the development system, transferring it to QA, running tests, getting approval from the user and finally transferring it to production. Quite a straightforward process, and in most cases works well.

iStock 000009783079XSmall

Continue reading
Hits: 5530 0 Comments

Posted by in Xpandion

Pay (only) as you use – innovative approach? Indeed (although we have already recommended a similar approach in SAP licensing by concurrent users, suggesting that companies pay only for the licenses they really need). I am a big believer in SAP® and also in methods that enable enterprises to better use SAP. One such method is pay (only) as you use. This can be achieved by implementing the concept of usage inspection in every aspect and angle of a business. Effective ERP usage inspection enables companies to pay only for software/programs/applications that are actually being used. In this blog post I am referring to internal payment processes, which organizations can really implement very easily.

iStock 000000231263XSmall 

Continue reading
Hits: 6341 1 Comment

One of your accounting clerks just left on maternity leave (congratulations to Sally). Another employee is replacing her and thus has the new responsibility of performing Invoice Reconciliation (good luck to John). To perform this task, John needs to open a new request in the portal for the proper authorization. Then he must browse through the business process list and select Invoice Reconciliation, add an explanation for the request and submit it. The financial top-user receives the request and approves/disapproves it. Upon approval, John is automatically assigned the required authorization role, and even receives and email indicating this.

iStock 000015614694XSmall

Continue reading
Hits: 6214 0 Comments

Does the following dialog ring a bell?

Auditor:                   How in the world was activity FS02 (Change G/L Account) not marked as high risk?!
Risk Manager: Well… it was marked… but then John told me to remove it…
Auditor: Can you show me the email from John?
Risk Manager: Well… it should be here somewhere… let me try and find it…

iStock 000016727717XSmall

Continue reading
Hits: 6135 0 Comments

What may be considered by a programmer as just playing around might end up as a security nightmare for a SAP® based enterprise. I actually want this to sound dramatic and grab your attention – I have dealt with the consequences of bored programmers' actions too many times...

iStock 000011246561XSmall

Continue reading
Hits: 8297 0 Comments

I recently held a conversation with a highly-experienced risk manager from one of our valued customers. As we were discussing the topic of development it dawned on me that this subject is often neglected by risk managers – despite the fact that development issues are a major potential for business risk.

iStock 000014086128XSmall

Continue reading
Hits: 6229 0 Comments


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com