Presentation is loading. Please wait.

Presentation is loading. Please wait.

Liz Piteo Native Controls in a Microsoft Dynamics Environment.

Published byCleopatra Perkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Liz Piteo Native Controls in a Microsoft Dynamics Environment."— Presentation transcript:

1 Liz Piteo liz@gofastpath.com Native Controls in a Microsoft Dynamics Environment

2 @GPUG Introduction  About Me – Certified in Microsoft Dynamics GP – Certified in Risk and Information Systems Control – 16 years experience in Microsoft Dynamics GP  About Fastpath – Audit and security solutions for Microsoft Dynamics – Over 1000 installations in 30+ countries – Named 2013 Industry Leader by Institute of Internal Auditors

3 @GPUG Agenda  Security Model  Security Reporting  Administrative Access  Segregation of Duties  Audit Trails  Workflow  Surviving the Audit

4 @GPUG Security Model

5 @GPUG Security Model Role > Task > Object POWERUSER Password complexity integrated with AD  New for GP – Limited user 2013 Limited to Inquiry and Reporting New flag on all forms to limit access – Self Service 2015 – Enable/Disable User – Alt/Mod Profile Revert to Default

6 @GPUG Security Reporting  Standard role/task/user reports  Build a Smartlist  Support debugging tool  Converted GP 9 roles  http://www.gpwindow.com/securitysearch.p hp http://www.gpwindow.com/securitysearch.p hp  POWERUSERS don’t show on access reports

7 @GPUG Support Debugging Tool  Available on Partnersource for now  There will be a fee for the product but it’s free now  Some great features include – Easy way to know you’re in a test company – Quickly and easily see security information regarding specific windows (roles and tasks) – Email screenshots of your open windows along with dex.ini and dynamics.set files – And many more!

8 @GPUG Using Smartlist for Security Reporting  Build a Smartlist – 2 new ones included in GP 2013  Smartlist example

9 @GPUG Security Reporting  Knowledgebase article – Frequently asked questions about role-based security in Microsoft Dynamics GP 10.0 and Microsoft Dynamics GP 2010 (Article 951229)  Minimizing the use of ‘sa’ – http://www.gofastpath.com/newsroom/fastpath-white- paper-minimizing-the-use-of-sa-in-microsoft-dynamics-gp http://www.gofastpath.com/newsroom/fastpath-white- paper-minimizing-the-use-of-sa-in-microsoft-dynamics-gp  Support Debugging Tool  Security Information  Security Profiler  Table Import/Export for security  http://aka.ms/SDT http://aka.ms/SDT

10 @GPUG Administrative Access  POWERUSER Role – Programmatic role – Try to limit access by creating your own admin role  ‘sa’ and DYNSA – ‘sa’ no longer required for GP admin activities  Sqladmin role – Assign to GP user to elevate SQL privileges – User provisioning, maintenance, and company creation

11 @GPUG Segregation of Duties  No standard functionality  Build a rule set for your risk profile  Balance preventative with productivity  SQL queries to pull critical access

12 @GPUG Audit Trails  No standard functionality  Activity Tracking – Log in log/out tracking – Successful attempts to open a window – DYNAMICS..SY05000 – 3rd party Audit Trail solutions – Build your own audit trail

13 @GPUG Workflow  New to GP 2015 Workflow now inside GP  Requires Sharepoint services GP 2012 and prior  Standard templates available (POs, batch approval, etc.)  Custom workflow possibility

14 @GPUG Workflow

15 @GPUG Surviving the Audit  Be proactive – Define corporate risk  Design reports and reviews – Periodic and consistent  Provide evidence  Who has access?  What did they do with that access?

16 @GPUG  Questions? liz@gofastpath.com www.gofastpath.com

17 Liz Piteo liz@gofastpath.com Best Practices for setting up Audit Trails in Dynamics GP

18 @GPUG Agenda  How to determine what to audit  Organization’s risk profile/high risk areas  Setting up audit trails  Pitfalls and practices to avoid  What do you do with the audit data after you collect it

19 @GPUG Determining what to audit  Organizational risk  Segregation of duties  Outside controls  High $ impact  Audit requirements

20 @GPUG Risk profile  Where are your high risk areas?  Do you have adequate segregation of duties around those risk areas?  What types of risk do you have  Can you qualify and quantify these risks?  Identify probability and impact of risks

21 @GPUG Audit Trail Best Practices  Base your audits on your risk profile  Find the right balance  Use your reports to filter out information  Start small  Put the ownership of the product/reports into the hands of the BPOs  Review, review, review!!!

22 @GPUG Pitfalls!!  “I want to audit EVERYTHING”  Using audit trail reports as a substitute for operational/financial reports  Inefficient audit reports  500 vs 1,000,000

23 @GPUG What do you do with the data after it’s collected?  Review, review, review!  Who owns the data?  Are the reviews being done in a timely fashion?  Visibility to the who, what, where, when and how

Download ppt "Liz Piteo Native Controls in a Microsoft Dynamics Environment."

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Service Manager for MSPs

Service Manager for MSPs
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
For Developers Who Hate SharePoint.  ~5 years web development experience  1 ½ years SharePoint experience  First worked with SharePoint in Dec. 2006,

For Developers Who Hate SharePoint.  ~5 years web development experience  1 ½ years SharePoint experience  First worked with SharePoint in Dec. 2006,
ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.

ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.
Tom Sheridan IT Director Gas Technology Institute (GTI)

Tom Sheridan IT Director Gas Technology Institute (GTI)
Common Change Management Challenges for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Common Change Management Challenges for Companies Running Oracle Applications Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
ManageEngine ADSolutions Identity and Access Management Auditing & Reporting for Compliance.

ManageEngine ADSolutions Identity and Access Management Auditing & Reporting for Compliance.
Best in Class Controls for AP The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew.

Best in Class Controls for AP The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew.
Full Cycle: AMS’ Loss Control Environment is a full cycle loss control management solution that offers comprehensive management of the entire inspection.

Full Cycle: AMS’ Loss Control Environment is a full cycle loss control management solution that offers comprehensive management of the entire inspection.
Extranet Collaboration Manager Professionally manage your SharePoint Extranet and Users Peter Roth (408) 678-0802

Extranet Collaboration Manager Professionally manage your SharePoint Extranet and Users Peter Roth (408)
Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.

Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.
Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, 2002 5 th Continuous Assurance and Auditing Symposium Newark,

Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark,

Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Enterprise Security for Microsoft Dynamics GP Jeff Soelberg

Enterprise Security for Microsoft Dynamics GP Jeff Soelberg
GPPC Connections 2011 | November 6-8 | Las Vegas, NV Support Debugging Tool for Partners Mark Polino, CPA, I.B.I.S., Inc. Principal Consultant, Microsoft.

GPPC Connections 2011 | November 6-8 | Las Vegas, NV Support Debugging Tool for Partners Mark Polino, CPA, I.B.I.S., Inc. Principal Consultant, Microsoft.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Deployment, Administration and Performance Jeff Soelberg Fastpath Sarah PurdyMicrosoft.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Deployment, Administration and Performance Jeff Soelberg Fastpath Sarah PurdyMicrosoft.

Similar presentations

Ads by Google