Related Posts
Do we get any diwali gift??
Hello 🦈s,
Role: SAP ABAP
Current: 8 LPA
I am having offer from LTI for 10.5 Fixed & 1 Mouritech for 12 LPA Fixed.
I have also cleared PwC India interview & HR has told me that they can give me 10.5 as Fixed (Before 12 offer). I have not yet received the offer letter.
Now my question is will PwC consider this offer for the re-negotiation? Or will they not release the offer letter itself?
Also what should be my ask for a SAP ABAP Developer with experience of 3.3 Years?
Thanks in Advance 🙏
Paisa wasoolega mai achche sai.

Additional Posts in Risk Assurance
New to Fishbowl?
unlock all discussions on Fishbowl.




Depends on what information they are accessing. Just because they don’t have “write” privileges doesn’t mean that they should have “read - only” access to PII for example if their job description doesn’t require it. Generally speaking the organization should be following the principle of least privilege necessary to perform their job function and applying that to their access review process.
We tend to review elevated access, so no birthright access roles are placed into our samples. Read only is a low risk roles & tends to be a given birthright role depending on the system. Hope this helps.
Depends what the client does. If it’s a SAAS like blackline I’m normally comfortable scoping roles. If it’s something on prem that can be customized, I usually expect to see everything reviewed unless management clearly defines the scope ahead of time
If I’m looking at an access review process, I usually focus on 1) was it performed as the control states 2) were any changes by the reviewer actually performed in the system 3) were terminated users fully removed. If I’m looking at who actually has access to a system, I tend to focus on admin users or those with write access to the system. As SC1 said, if the system has confidential information, it might be more important to see that least privileges is being enforced, but at the end of the day I also have to ask the client if each of the users with access are authorized. I can’t make that determination myself, unless it’s a segregation of duties issue like in change control situations.
Is this financial/sox? If so what is the risk. Often it is hard to see how read only access generates a potential source of misstatement. Maybe if you have access to confidential information that would generate impairments if disclosed.
Thank you all!
Depends on whos "read-only" ing
Depends on how the control is written. My company writes them in a way where edit only is the only access requiring review
Yeah. I think ours operate the same way.