Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Recent blog posts

Does the following dialog ring a bell?

Auditor:                   How in the world was activity FS02 (Change G/L Account) not marked as high risk?!
Risk Manager: Well… it was marked… but then John told me to remove it…
Auditor: Can you show me the email from John?
Risk Manager: Well… it should be here somewhere… let me try and find it…

iStock 000016727717XSmall

Continue reading
Hits: 6121 0 Comments

Emergencies happen. Yes, even in businesses. The ones I’m referring to are related to work processes and ERP security. Ok, so it’s not a fire or flood; still any business must be able to handle operational emergencies quickly and effectively. 

emergency access 1

Continue reading
Hits: 5899 0 Comments

What may be considered by a programmer as just playing around might end up as a security nightmare for a SAP® based enterprise. I actually want this to sound dramatic and grab your attention – I have dealt with the consequences of bored programmers' actions too many times...

iStock 000011246561XSmall

Continue reading
Hits: 8277 0 Comments

I recently held a conversation with a highly-experienced risk manager from one of our valued customers. As we were discussing the topic of development it dawned on me that this subject is often neglected by risk managers – despite the fact that development issues are a major potential for business risk.

iStock 000014086128XSmall

Continue reading
Hits: 6214 0 Comments

Posted by in Xpandion

I, for one, feel confident when implementing new software on a client’s server or on our secured cloud; nonetheless I can’t necessarily say the same about the customer... Sometimes I feel that customers are a bit nervous when I’m around, especially when I ask questions about their SAP authorizations or SAP licensing contracts.

iStock 000017493100XSmall

Continue reading
Hits: 5632 0 Comments

Organizations have Power Users in all systems (at least I have not yet come across an organization without them). Power Users hold a vast amount of authorizations, or even full authorizations in specific applications.

iStock 000019600119XSmall

Continue reading
Hits: 6227 0 Comments

In order to manage a Segregation of Duties project successfully, it is essential that you eliminate business risk across your organization. To accomplish this you need to implement a comprehensive rule-set.

iStock 000005994546XSmall

Continue reading
Hits: 10260 0 Comments

When it comes to requesting and granting authorizations, I found that in many companies the process is performed manually – via email – as follows:

  1. User sends email to IT requesting additional authorization to perform activity.
  2. IT transfers request to relevant manager, who approves required authorization (at times without even inspecting the real intention of the request).
  3. IT allocates the required authorization to user.

Responsible 000006149074XSmall

Continue reading
Hits: 6409 0 Comments

"Who authorized it?" is definitely the most asked question following a fraud event or leakage of information.  

wh authorized 000010478987XSmall

Continue reading
Hits: 7379 0 Comments

This is a true story from last week – an Xpandion expert received a phone call from one of our European clients, claiming they just received a High Risk Irregular Behavior alert pertaining to unauthorized access of salary information. After a quick investigation using ProfileTailor™ Dynamics, it was clear that something “fishy” was going on and actions had to be taken accordingly.

Hooray We Caught a Thief

Continue reading
Hits: 5652 0 Comments



157 Yigal Alon Street,

Tel Aviv 67443, Israel


US Office


33 West 19th Street, New York,

NY 10011, USA


India Office


C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India