Defending Against Scapegoat Accounts by Auditing Superusers with LT Auditor+ 9 for Windows
March 4, 2010 by · Leave a Comment
Scapegoat accounts such as those used for file backups can be used to disguise malicous activity and often have administrator or superuser rights. This example shows how LT Auditor+ for Windows is used to ensure the integrity of these accounts.
Accounting Software 411 Looks at Escape Velocity Systems Auditing and Security for Process Manufacturers
March 3, 2010 by · Leave a Comment
When one food manufacturer has to contend with hundreds of recipes, ingredient variations, and multiple batches in a single production run, the possibilities for errors are enormous. Seemingly at odds, lean manufacturing principles call for productivity gains which are increasingly dependant upon speeding up the flow of sensitive data throughout the enterprise. This paradox is felt most significantly by thin margined formula-based food processors; according to manufacturing journalist Thomas R. Cutler who recently profiled the role of advanced auditing and security for the process manufacturing sector in the January issue of Accounting Software 411.
While discrete manufacturing systems are generally designed around a bill of material containing whole, or discrete quantities of materials (such as 1 axle, 2 tires), process manufacturing systems are driven by formulas (such as 90% water, 10% flavoring.) Process manufacturers usually blend or mix materials rather than cutting, shaping, or assembling hard goods. Hybrid manufacturers combine process and discrete components. A good example would be a cosmetic company that mixes a batch of lip stick bulk and fills the bulk into a base container (process manufacturing), then assembles this into a finished product with a packaging and label bill of material (discrete manufacturing).
Like the Colonel’s secret recipe, proprietary data is managed through an ERP (enterprise resource planning) system which must be guarded from malicious data tampering. As with regulations, like Sarbanes-Oxley, companies are held accountable for the data that is produced from their ERP system; few have the necessary tools to ensure that the data is managed appropriately by the authorized personnel (although most make claims to the contrary.)
According to Evan Garber, President of Escape Velocity Systems (www.evs-sw.com), which specializes in formula-based process manufacturing, “Advanced auditing and security functionality is not simply preventing unauthorized data manipulation…risk management, it provides a context for a data management plan that includes process improvement.”
Advanced Auditing and Security Drives Continued Process Improvement
Some of the features that technology solutions must provide, particularly among process manufacturers include:
• User accountability for one’s actions
• Managing ancillary attached data (such as Excel or Word attachments) through an approval, lockdown, and version control process
• Managing efficiency of electronic document handling
The term escape velocity refers to the speed that is necessary for an object to overcome gravity and soar into space. EVS provides direct applications for businesses looking for a catalyst, not just a software package. Process manufacturers require the best software solution coupled with industry experience that will accelerate the velocity with which they race towards their goals. The gravity of status-quo opposes aggressive, cutting edge organizations as they strive towards high quality and short lead time delivery while reducing inventories and operating costs.
The entire article may be read at http://www.accountingsoftware411.com/Press/PressDocView.aspx?docid=9402.
Escape Velocity Systems
www.evs-sw.com
Evan Garber
President
solutions@evs-sw.com
303.494.1765 x114
Data Auditing Quiz: Does Your Compliance Data System Prove Your Innocence?
March 3, 2010 by · Leave a Comment
One if the biggest mistakes I see when visiting client companies, is their underestimation of how well their compliance data system can be audited.
It’s understandable.
When you build a transaction system, your goal is to run the business. When you build a data warehouse, your goal is to analyze the business. But when does it become your goal to audit your business practices?
Usually, auditing business practices and data systems become an executive afterthought. It is in response to some regulation like HIPPA, PCI, or Sarbanes-Oxley ( SOX ). Or, it is when you have received notice that a big contract is being audited by an agency like the General Services Administration (GSA).
In all cases, when you are under-prepared for an audit it will cost you time, money and effort. Find out now if your data system proves your innocence and uncover some data audit-proofing tips for total compliance.
Take This Data Auditing Quiz Now to See If Your Compliance Data System Proves Your Innocence:
1. Does Your Data System Defend You from the Auditor’s Point of View?
Some auditors want to see you survive an audit. But let’s face it. Some auditors are out to get you.
Crusaders trying to prove a point at your expense sometimes spawn audits. So auditors are anticipating that there are bad business practices in place. They feel that it’s their job to uncover your bad business practices and expose you. In their eyes you are guilty until proven innocent.
To defend yourself proactively, you have to approach it from the auditor’s point of view. Just doing the right thing is not enough. You have to be able to prove that you’re doing the right thing. Approaching it from the right frame is essential.
2. Is Your Compliance Data System Built with the Goal of Surviving an Audit?
They way most people attempt to leverage their data systems these days is all wrong.
Here’s why…
When data systems were introduced, they were never built to serve the intentions of an auditor.
The key is not to attempt to leverage these systems at all. The key is to build a compliance data system with the goal of surviving an audit. This is taking business intelligence up a level to audit intelligence.
A compliance data system gets it’s requirements from legislation, standards, past audit findings, and yes … auditors. Your goal here is not to twist and turn your existing systems. That would be the equivalent of trying to do your strategic reporting out of your transactional system.
3. Do You Use An Ordinary, Normal Data Warehouse for Compliance?
Compliance data systems are much more robust than normal data warehouses. Like data warehouses, they will organize data from disparate systems into one central location. And, they will apply transformations as necessary.
However, metadata is taken very seriously. There is a clear explanation for everything that’s in the data system. Audit trails are important from the original requirement to each data point. Response times are usually optimized for ad-hoc querying, so that auditors don’t waste time waiting for the database.
4. Is Your Data System in Real Time?
Real time systems can take you up another level to prove your innocence. The business intelligence buzzword around this technology today is Operational Business Intelligence. These can be great for early warning systems.
As with all new technology though, be careful of the hype. As a result of this new buzz, vendors are preaching the Holy Grail again. The time tested best approach for your data system efforts is to form a good team of professionals, and build it in house.
5. Is Your Data System Cross Functional?
Audit proofing is not a Finance function, or an IT function. It is a cross-functional activity. To get the job done, you will need a good team of auditors, process analysts, subject matter experts, techies and a good coach or project manager.
Most compliance efforts are best practices enforced. So, you will find stakeholders in other departments that will benefit from your total compliance efforts. For example, I recently built a GSA compliance data warehouse for a large company that was funded by their sales department. The VP of Sales was very interested in getting clarity on how discounts were being used. This was a great side benefit for the primary requirement of proving that the government was getting the best discounts.
Leveraging your business intelligence infrastructure to build a compliance data system is an intelligent way to audit-proof your company for total compliance. Start today by writing a project charter for your most important compliance exposure. This two to three day effort will end up saving you huge amounts of time and money.
In a recent GSA compliance effort, John Weathington, The Chief Compliance Coach?, architected and directed the construction of a custom Compliance Data System that fortified a $100 Million contract for Sun Microsystems. Now you can get his FREE 58-page how-to guide to starting a compliance data system that will prove your innocence at: excellentmanagementsystems.com/ebooks/racehorse.jsp
Improving Incident Response by Auditing File Activity with LT Auditor+ 9 for Windows
March 3, 2010 by · Leave a Comment
LT Auditor+ 9 is used to determine the scope of damage after the release of a malicious executable into the network.
Auditing For Dummies
March 2, 2010 by · Leave a Comment
Product Description
Auditing is a process of gathering information, often financial statements and accounting information, and analyzing it to see if the financial information that the company or corporation is providing is reliable. With easy-to-understand explanations and examples, this title gives students pursuing careers in business and accounting a helpful study guide to accompany their courses and help them master the concepts of auditing.
Order from Amazon TODAY —> Auditing For Dummies
