Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

If you’re in the GRC field and you’re asked to join a GRC project as a professional consultant, a team leader or a project manager – avoid these 5 major mistakes. If you don’t identify these situations beforehand, you might be put in an uncomfortable position that could hurt your reputation. Avoid them ahead of time to minimize your risks.

iStock_000021791686XSmall.jpeg

Continue reading
Hits: 8419 0 Comments

When it comes to handling GRC conflicts, is it better to use an alerting tool or a simulation tool? They both manage conflicts, but one is predictive and the other happens after the fact. Well, there is no one solution; the key is to use them in combination to promise a peaceful process and clean GRC audit report.

iStock_000006872507XSmall.jpg

Continue reading
Hits: 6814 0 Comments

It’s hard to start a career in any field, particularly the highly specialized field of GRC in SAP. The good news is that you know this is a direction you’d like to take. The question is how. 

iStock_000023602062_XSmall.jpg

Continue reading
Hits: 10888 6 Comments

Here are 5 amazing facts based on our vast experience with SAP customers required to maintain SOX compliance, GRC consultants and auditing firms. 

b2ap3_thumbnail_iStock_000012290242XSmall.jpg

Continue reading
Hits: 10271 2 Comments

How you can maintain GRC compliance if you have users with dangerous SAP_ALL

(This is the short version of an article regarding the pervasive SAP_ALL Authorization Profile. Download the full article including examples and screenshots here).

Continue reading
Hits: 8492 0 Comments

Imagine the following scenario: you’re about to go to the supermarket, your wallet is in your pocket with a $50 bill in it. Just before you leave the house, your spouse asks you to buy something from the pharmacy and gives you a $50 bill as well. You put the money in your pocket and leave to the mall. The question is, how much money do you have?

iStock 000000331386XSmall

Continue reading
Hits: 7123 0 Comments

I’m sure you heard this kind of dialog before:

“We need to remove one of your authorizations immediately”

“Why?!”

“Because it violates a segregation of duties rule”

“Which rule???”

“Something to do with the financial auditors”

“But you can’t, I need it to do my job!”

“I can’t do anything about it, sorry. It’s a requirement coming from management”

Continue reading
Hits: 6435 0 Comments

Does the following dialog ring a bell?

Auditor:                   How in the world was activity FS02 (Change G/L Account) not marked as high risk?!
Risk Manager: Well… it was marked… but then John told me to remove it…
Auditor: Can you show me the email from John?
Risk Manager: Well… it should be here somewhere… let me try and find it…

iStock 000016727717XSmall

Continue reading
Hits: 6242 0 Comments

Emergencies happen. Yes, even in businesses. The ones I’m referring to are related to work processes and ERP security. Ok, so it’s not a fire or flood; still any business must be able to handle operational emergencies quickly and effectively. 

emergency access 1

Continue reading
Hits: 6033 0 Comments

I recently held a conversation with a highly-experienced risk manager from one of our valued customers. As we were discussing the topic of development it dawned on me that this subject is often neglected by risk managers – despite the fact that development issues are a major potential for business risk.

iStock 000014086128XSmall

Continue reading
Hits: 6340 0 Comments


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

3310 W Braker Lane Suite 300-253

Austin, TX 78758, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com