Working from home continues
The overwhelming majority of employees do not want to go back to the old way of working. A survey by the BBC showed that only 12% want to go back to the old way, compared to 72% who favor a hybrid method. This means that work can be done both on location and from home (if the job in question allows this). But what does that mean for your organization? And we're not just talking about arranging facilities for the home office, but this shift in work situations also affects company processes.
New and departing employees
Take, for example, the process of employees entering and leaving the company. To set such a procedure in motion, a trigger is always needed. However, one of the most difficult things about a procedure often turns out to be finding a good trigger.
Look, for example, at the exit process. When assessing these processes, we as IT auditors regularly hear: "Our organization is so small, I will hear or see if someone leaves the service". A formal trigger is then missing from the process. With more and more work being done from home, an organization can experience problems with this.
Granting and revoking rights
The essence of the authorization process is authentication (For instance: who is logging in) and authorization (For instance: what is that person allowed to do in the system). It is important that the correct authorizations are granted when the employee enters the workforce and that, when he or she leaves, these authorizations are revoked in time.
This process used to be fairly simple: the manager would drop by the application manager's desk to request authorizations and by the time he or she left, the matter would have been discussed over the coffee machine. This is now far less obvious and therefore more reliance will have to be placed on (formal) procedures.
Mapping your processes
The moral of this story: first set up a correct process and especially think about the triggers. With employees who enter the organization, this is clear: someone needs rights and will take the initiative themselves. With employees who leave the organization, this natural trigger is missing and you will have to create one yourself. It is logical to place this, for example, with an HR department.
And your perhaps wondering about the correctness of those authorizations? That is partly dependent on a good arrangement of roles and rights. Fortunately, working from home doesn't change this.
Do you have questions about the control and security of Dynamics NAV, Dynamics AX, or Dynamics 365 Business Central? With our proven authorization solutions and specialized IT audit consultancy we support you in achieving adequate segregation of duties. Please contact one of our specialists, we are happy to help you!