Audit and Security-related Education Sessions:

101170: Using Orchestrator to Assist in Security Management

Tuesday, April 13 | 3pm – 4pm ET
Presented by Preston Leftwich, Technical Manager at Q Software & Ben O’Malley, Fusion5

Orchestrator is a great tool to automate and integrate tasks – there is no better way to ensure processes are followed the right way, every time.

Security Management is a complex area, where it is particularly important to make sure that the right things happen.  We have tools to make life easier and Orchestrator brings new opportunities to automate processes, such as:

• Notification of Sensitive Access to Tables like the Address Book
• Offboarding
• Passing Roles to Service Now.

Join this session to understand how the technology can save you time, and enforce compliance to processes.

101360: JDE Controls and Efficiency: IT working with Audit to achieve common goals

Wednesday, April 14 | 3:15pm – 4:15pm ET
Presented by Mike Ward, CEO at Q Software & John Souza, Director of Internal Audit at Switch, Ltd.

The worlds of IT and Audit intersect in many ways, but working together can be challenging as few people understand both sides of the equation.

How can you facilitate a better working environment to promote collaboration between IT and Audit to achieve the common goals of sustainable controls and efficiency across the enterprise?  The business wants quick, easy and convenient while the auditors and compliance function want structure, paperwork and an audit trail.  During this session, we will walk through an internal auditor’s experience in how to structure and identify an access management program that meets both demands and how to avoid the most common pitfalls of audit/compliance issues. We will also cover how the business, IT security professionals and auditors can work together to get it right the first time or hit the reset button on an established access security program.

Objectives of the session:

• Practical approach to audit/compliance requirements in an information security program while maintaining business processes efficiencies
• Discuss the most common JD Edwards system-based internal controls, automated processes, documentation and monitoring for IT General Controls
• Share the planning that Switch used for the project, challenges faced, and obstacles overcome. We’ll finish up with successes and goals achieved by having the proper risk management system and controls in place.

101090: Making your Security Controls work effectively? Periodic Access Reviews do not have to be painful

Thursday, April 15 | 9:15am – 10:15am ET
Presented by Preston Leftwich, Technical Manager at Q Software, Clay Jackson, Systems Analyst & Alex Johnston at Regency Centers Corporation

The auditors demand a great deal these days, asking continuous questions about access, but also demanding new controls. This is not just an issue for public companies; all mid-market JDE users will have to come to terms with managing Periodic Access Reviews (or User Certification).  But these processes can create a huge administrative overhead, which Regency Centers were determined to automate.

Secondly the business was very keen to put focus on monitoring for unauthorized changes to master data on their E1 system.  Many people are simply not aware of the issues, but users who can access the batch security table can modify processes and even enable themselves self-approving batches.

The IT team from Regency will present on how they put in controls in these two areas, which save considerable amounts of time (and therefore money), and also significantly reduce fraud risks.

Lessons:

• How to automate Periodic Access Reviews in order to save time and money
• How to audit changes to key tables in order to catch fraudulent activity.