Internal Controls over Financial Reporting are a key strategy in managing financial process risk in the organisation. Finance owns the governance obligations over ICFR as the 2nd Line of Defence just as Audit owns the independent assurance as 3rd Line.
A key responsibility is to ensure the Accuracy, Completeness and Authorization of all relevant transactions and activities.
The “User Access” question often falls into a “no-mans land” between the technical IT General Controls and the organisational Business Application/Process Controls.
Our experts will explore experiences of financial risk to material threat in uncontrolled user access and expose some of the weaknesses in governance over “who has access to what”.
Evidence shows that in most large organisations, substantial numbers of current and past employees, service providers and consultants have, despite all identity access policies, inappropriate and even unauthorised access to applications of financial relevance. Often the prime ERP is relatively well served in this regard, but not always. Recent changes to perceptions of the role of the core ERP and satellite systems, increase the risk of inappropriate access.
User Access remains a hidden danger for many organisations, due to the belief that ‘someone else is looking after it”. It is not an IT issue, although technology can help. It is a process ownership and governance issue.
Our experts will share practices on process, data, governance, and technology, and share an approach which can drive improved governance over a process that works, even ‘as a service’.
Our speakers will cover the following topic;
- Financial threat and material risk
- The User Access ‘iceberg’
- SOX and general ICFR obligations
- Experiences & Challenges
- Implementing a Process that works
- Governance & Ownership
If you are unable to attend the live event, please register as normal and we will ensure you receive a copy of the recording and materials post-event.