Larry Harrington: How ERP Security Enables Audit and Compliance

By:

September 16, 2019

As the former Chair of the Institute of Internal Auditors and Former Chief Audit Executive for Raytheon Company, Larry Harrington discusses how ERP security enables the audit and compliance process within organizations, aligning CISOs with the internal audit team and maintaining compliance 24/7. “Today, ERP systems are so complicated… it’s really important to look at security from a different perspective,” Harrington explains. “How do we do a continuous auditing process so we make sure that all the crown jewels are protected 365 days a year.” Check out the rest of the video below!

Tags, , , ,
About the Author
Mariano Nunez

Mariano Nunez

CEO & Co-founder

As CEO and Co-Founder of Onapsis, Mariano drives the strategic direction of the company. Under his leadership, Onapsis has become one of the fastest-growing technology and cybersecurity companies in the world. With 20+ years of experience in the cybersecurity industry, both as an executive and as a cyber security expert, Mariano was the first to publicly present on cybersecurity risks affecting ERP platforms and how to mitigate them at major conferences such as RSA, Black Hat and SANS. Mariano’s contributions to the cybersecurity community include developing the first open-source SAP and ERP Penetration Testing frameworks, and uncovering critical zero-day vulnerabilities in SAP, Oracle, IBM, and Microsoft applications. Mariano’s insights are regularly featured in major media outlets such as CNN, Reuters, Wall Street Journal, Nasdaq, Fortune and The New York Times.

More about this author
Back To Blog

Further Reading

Blog

Meet the Ona – Elke Bastian

Meet Elke Bastian: Background & Roots Hi, my name is Elke Bastian. I live in Saarbrücken, Germany, together with my partner and my 14-year-old daughter. We are located directly on the French border and also close to Luxembourg. From a professional perspective, I am a product marketing enthusiast and enjoy collaborating with all other marketing…

Read More
Blog

Common Vulnerabilities in SAP Systems

Missing Authorization Checks, Information Disclosure, and Cross-Site Scripting (XSS) were the top three patched vulnerabilities in 2025. Missing Authorization Checks alone accounted for nearly one-third of all security notes, as many SAP functionalities fail to default to protected states. These flaws leave systems exposed to data theft, unauthorized modification, and service disruption, making timely application…

Read More
Blog

10 Critical Questions to Ask Your SAP Security Vendor

Selecting an SAP security partner is a high-stakes decision. Generic cybersecurity tools cannot effectively secure the business-critical applications that run the global economy. When evaluating a vendor, determine if they simply scan for known issues or if they offer a comprehensive, research-driven platform capable of stopping sophisticated threats. Use these 10 questions to cut through…

Read More