The Importance of Monitoring DMS User Profiles
- The Weekly Spiff!
- Posted by AxioMobile
- Comments Off on The Importance of Monitoring DMS User Profiles
By Sam Flores
How often do you review your company’s DMS user security profiles? You might be surprised at the access some of your employees may have. I have seen cashiers having the ability to void and adjust cash receipts, and accounting clerks with access to payroll information!
There are several reasons why employees could obtain system access to functions or information outside of their scope of work. For example, an employee may have been granted temporary access to perform a vital function in response to another employee calling in sick for the day; or helping cover extra work load during month-end. After the chaos settles, it is very easy to simply forget to change the user’s security profile back to what it originally was!
Many new hire employee profiles are created by simply using an existing employee’s profile and copying the template to a new user ID. New employees often wind up having more access than their current functions will require because an existing user has been there longer and may have been assigned more responsibility.
It is a good practice to periodically run a user security profile report to verify proper segregation of duties and to minimize risk of unauthorized access to confidential or sensitive information (i.e. payroll files, employee social security numbers, addresses) or worse yet, access to inappropriately manipulate or delete transactions or data in the system. Running the profile report by job code is important so that you can easily detect the discrepancies between employee profiles classified to do the same functions.
You do not want an employee to have too much access to the point that an internal control or integrity of your dealership’s data can be compromised. The user should have just enough access, and no more, to effectively do their job.
Your system and your data are only as strong as the people managing it.