<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=523033&amp;fmt=gif">

Managing Security & Compliance In SAP: Internal Fraud

Security and compliance are a hot topic these days, which is why SAP Insider sat down with the SAP experts at Fastpath for a webcast Q&A on the topic of building a security and compliance program for SAP landscapes. This blog series offers valuable insights into dealing with security and audits.

Security and Compliance for SAP, Part 6: Internal Fraud

With SAP’s built-in functionality, supported by technology like Fastpath and experts in security, you can take the pain out of the process. By implementing processes, taking a risk-based approach, and getting the right controls in place, you can meet the demands of your auditors and ensure you have a top-notch security program. The series so far includes:

Part 6 discusses why it’s important to protect internal as well as external security.

SAP Security: Internal Security is Just as Important as Cybersecurity

There is a lot in the news about cybersecurity. But what about internal security over data and transactions? Isn’t that just as important?

Absolutely.

Unfortunately, however, with the marketing of cybersecurity services and scary news stories about external threats and hackers, cybersecurity gets all the attention. While those are all legitimate threats, 60 to 70 percent of the fraud that takes place today is internal. And a security breach from an internal source might not make for an exciting headline, but it still can cause very serious damage.

It is important to have a balance of controls, not only to address those external threats, but also internal threats—where that 60-70 percent number lives. The traditional finance and accounting controls around segregation of duties, around the lack of user access reviews, around the granting of elevated access or privileges to individual users is the problem. And that goes back to who owns security, which is why it's critical to ensure your executives are all on the same page regarding how your organization addresses security.

Many executives are pushed to purchase very expensive cybersecurity solutions and probably have a false premise then that they're covered from a fraud perspective, without realizing they still need to focus on getting the right controls in place from an internal control perspective. In short, make sure your security plan encompasses both internal and external threats.

Don’t just focus on cybersecurity in your security program. Remember to focus just as much energy and resources on internal security. 

Stay tuned for additional blogs in this series. Want them all at a glance? Check out the first blog which will have all 9 links once they are all published.

Can't wait for all of them? Watch the complete on-demand webinar right here.

Watch the On-Demand  SAPInsider Q&A Video