Risks in SAP: Are all risks identified, and are we working to resolve them? Are there risks that we are unaware of or that are hidden? In strictest rigor, it is likely that we will never have all risks fully controlled. However, it is imperative to know them all and establish a work plan for […]

June 6, 2023

Identifying Visible and Hidden Risks in SAP.

Did you know that there may be zombie profiles within your SAP system? One way to detect fraud or misuse of authorizations is by chance or accident. Once the cause-and-effect is identified and a solution is found, it allows for the development of this tip. In an analysis of used transactions that were not assigned […]

May 8, 2023

Fast Checklist 15: Be careful with zombie profiles in SAP

This is a great question that we get more often than you expect.  Let’s see the different roles that own CentinelBox depending on the size and nature of the company. For most of our clients, finance owns CentinelBox, mainly when there is a thin line between finance and audit/compliance or when systems are more cloud-based […]

January 19, 2023

Who should be the owner of CentinelBox?

Some people may disagree with this statement, but it is a fact. Internal controls are the processes implemented by companies to ensure their objectives are met. They are the parts of the business process which provide mechanisms that could prevent inaccuracies or frauds, whether they were triggered by mistake or not. Preventive v/s Detective controls  […]

January 19, 2023

Control is always rewarding

Centinel box sap security

Cybersecurity and the need to secure access from external agents to our network are big issues that could generate concern over time. However, there is not much discussion about the incidents that could be generated internally with no external agents stepping into it*. Below I highlight some examples of the most severe incidents described by […]

January 3, 2023

Cybersecurity and internal trigger events

It is common that investment and SAP system security project development decisions are based on the seriousness of the observations made by the External Auditors in their reviews. In addition, the executive level generally undervalues the auditors’ observations, so it is likely that the lack of action on security is always the same.   The auditors’ […]

January 3, 2023

Are you comfortable with SAP security reports provided by external auditors?

Have you ever been exposed to a scam? The increase in phone scams to which we are often exposed is a result of the theft of internal data from banks, customer service companies and many others. To perform a phone scam, it is necessary to know the victim and their identity data such as name, […]

November 7, 2022

Scams, fraud and data theft

contenido 9 AU

Do you have to meet the auditors’ reporting needs, pushing you to start an ongoing deep dive into the system to answer them? Instead, would you like to run your reports in a fast way? The internal and external auditors may have already asked you for information and statements that seem a bit stressful. The world […]

October 25, 2022

Are you suffering from the requirements that the auditors normally ask?

Centinel box sap security

By this name, I mean when managers, executives, and security officers try to explain issues from SAP when implementing a project  (and many of these issues have also been inherited). Problems in terms of security quality in the user accounts, roles, profiles, and privileges that have been given to them. In general, when implementing a […]

October 25, 2022

The Original Sin

Audit controls are not the best way to identify risks coming from bad habits in the SAP system administration.  As discussed in the previous posts, SAP system security is complex to define and manage, due to the high integration of the modules. This suggests that some of the risks are not observed due to the […]

October 25, 2022

What you should know about SAP security (and what your auditors don’t know)