Organisations will focus more on external threats, move away from disparate system to manage risk in favour of end-of-end enterprise risk management solutions, and combat fraud using real-time transaction analysis, according to IT security company Turnkey Consulting and SAP.
With trends such as BYOD and mobility resulting in an increase in the openness and accessibility of corporate SAP systems, the scope of vulnerabilities that companies face has widened, fundamentally changing the IT risk landscape. Some high profile cyber security attacks have also focus attention on this area.
Though segregation of duties and other internal controls have been the main tools to safeguard SAP systems, Turnkey predicts that in 2014, organisations will start to take external threats more seriously.
From a systems perspective, traditionally enterprises may have operated several disparate systems to manage risk, for example, documenting its control framework using one solution and automating controls through another.
Turnkey expects to see more organisations using an end-to-end enterprise risk management system instead to address all elements, from enterprise risk to access controls.
The wider availability of real-time transaction analysis technology will also provide new opportunities to prevent fraud, rather than simply identify it after the event.
Turnkey gives the example of a small HR department, where the same person may create employee records and run the payroll. Automated controls could be used to flat in real-time if the bank details used during payroll are the same as those of the operator, and prevent the payment if necessary.
The convergence of detective and preventative enables the management of key risks through a ‘control by exception’ approach.