Tuesday, January 23, 2018

Welcome to 2018! Big news for ERP Risk Advisors!!!

Welcome to 2018!  Big news for ERP Risk Advisors!!!

With a new year brings exciting news at ERP Risk Advisors.  Happy New Year! We wish you the best for 2018.

First, we are pleased to welcome a new member to our team, Donna Curtis, who will be heading up our ERP Cloud practice after just recently leaving a big 4 firm as a Manager.  She brings over 20 years of experience in the IT industry as a leading talent in the Oracle EBS/Cloud and Advanced Controls space with full life cycle implementations on multiple projects (30+).  We are excited to have Donna on board.

Next, ERP Risk Advisors has launched partnerships with several new GRC software providers including SafePaas, Smart ERP, Oracle, Sentinel Software, and Fast Path.  We now offer full risk advisory services for E-Business Suite, ERP Cloud, and PeopleSoft.  We are THE niche firm in the Oracle GRC space and can provide high quality risk advisory services at a much lower price than the big 4 firms.

Additionally, we also have continued to deepen our most strategic relationship with CaoSys in the E-Business Suite space.  With Oracle de-supporting their Advanced Controls Suite, CaoSys has become the only fully integrated software for E-Business Suite and just so happens to produce excellent software.  We have collaborated with CaoSys to launch two new solutions – CS*License and CS*Lookback – which we know will be well-received by the market.  See enclosed datasheets for these offerings.  These solutions compliment an already superb suite of software that includes CS*Comply, CS*Audit, CS*Provisum, and CS*Rapid.  Find our more about CaoSys at www.CaoSys.com  

Finally, in 2017 I wrote three thought-leadership white papers called “The One Series” where I identified one configuration, one function, and one profile option that could undermine your manual Journal Entry controls.  I have published a new article with another configuration, AutoPost Criteria, that could potentially undermine your manual Journal Entry controls.  We are going to give end user organizations a one year head start before releasing this publicly.  You can access it only in the Internal Controls Repository (ICR) which is only open to end user organizations (or you can email admin@erpra.net and ask for it if you’d rather not sign up for the ICR).

If you haven’t read the other three articles, I’d invite you to download them from our homepage at www.erpra.net.   

We are exhibiting at Collaborate 18 in Las Vegas this April and invite you to stop by our booth and say hello. 

We are planning an update to my current book on E-Business Suite and will be expanding it to be called Oracle E-Business Suite Controls: Foundational Principles.  We also hope to have a book on ERP Cloud published before Collaborate called Oracle ERP Cloud Controls: Foundational Principles. 

If I can answer any questions or if ERP Risk Advisors can be of help in any way, please reach out to me at jhare@erpra.net or on my cell at 970-324-1450.  Please also consider connecting with me via Twitter, LinkedIn, and my blog, links are below.

Jeffrey T. Hare

Twitter: @jeffreythare
Blog: jeffreythare.blogspot.com
LinkedIn: linkedin.com/in/jeffreythare

Tuesday, January 16, 2018

ERP Risk Advisors: Don’t Give Up on Your Advanced Controls Investment

ERP Risk Advisors: Don’t Give Up on Your Advanced Controls Investment

Oracle has announced it will no longer sell their Advanced Controls suite for Oracle E-Business Suite and has ended premier support.  Many organizations have made a substantial investment in the implementation and use of these solutions and are left wondering what is next for their investment.

Join ERP Risk Advisors CEO, Jeffrey Hare, and our Advanced Controls Practice Manager, Sam Monarch as they discuss how organizations can extend their investment and still meet their compliance objectives.  Watch the full webinar at: https://youtu.be/xvW_eqMoIvg

Contact us at admin@erpra.net with questions or for more information about these services.

More detail about our services can be found in our prior blog on this topic:

Tuesday, January 9, 2018

ERP Risk Advisors and CaoSys Announce Two New Ground-Breaking Solutions for Oracle E-Business Suite

ERP Risk Advisors and CaoSys Announce Two New Ground-Breaking Solutions for Oracle E-Business Suite

ERP Risk Advisors and CaoSys have collaborated to build two new ground-breaking solutions for organizations running Oracle E-Business Suite: CS*License and CS*Lookback.

ERP Risk Advisors and CaoSys have been strategic partners since 2008 and have designed, developed, and released two new solutions that are highly valuable for compliance purposes.

CS*License is a unique and innovative solution for understanding your organization’s risks related to licensing for Oracle E-Business Suite.   This solution maps 100% of Functions and Concurrent Programs to the Application they are associated with and provides suggested mapping for objects that aren't associated with an Application.   CS*License can provide you visibility into where your organization stands with respect to your Oracle E-Business Suite license with Oracle.

CS*License includes the following:
·        Predefined rules for all Functions and Concurrent Programs, currently built up to 12.2.7
·        Updates for new content as Oracle provides upgrades – as part of annual support
·        Ability to override default applications to which a Function or Concurrent Program is mapped
·        Ability to map Applications to your licensing buckets
·        Summary and Detailed reports to help you analyze your exposure – including down to Menu and Navigation Paths to identify how the object is accessed

CS*Lookback is a unique and innovative solution that helps you determine who has done what within your Oracle E-Business Suite applications; this is an invaluable tool that greatly assists with lookback procedures and other audit related tasks.

CS*Lookback includes the following…
·        Analyze data based on configurable groups of tables and users
·        Analyze an entire schema and even the entire database
·        Perform a lookback analysis across common time rolling periods, such as “This week”, “This Month”, “This quarter”, “This year”, etc.
·        Perform a lookback analysis of any user defined time period
·        On-screen interactive reporting allows you to drill into the data from many angles
·        Powerful out-of-the-box summary level analysis and detailed reporting

CS*License and CS*Lookback compliment other leading GRC solutions for Oracle E-Business Suite including:

CS*Comply is the most effective way to deal with access control risks such as Segregation of Duties and Single Function Risks.  CS*Comply offers best-in-class reporting and preventive controls.

CS*Comply includes the following…
·        Over 1,000 pre-defined rules across the most commonly used modules covering over 36,000 known function based combinations – the most comprehensive set of rules available on the market. 
·        Our pre-defined content covers nearly 4,500 security objects, including nearly 3,000 functions and 1,400 high risk concurrent programs and can easily be extended to address custom objects developed by US Steel
·        Comprehensive reporting and analysis of SoD/Single function risks
·        Powerful, easy to use analysis / reporting tools
·        Dozens of other reports / best practice monitoring tools to help with access controls
·        Multiple preventive controls to help you take a pro-active approach to risk
·    Remediation Toolkit, Collusion Detection, Menu Cloning, Request Group Cloning, and much more)

CS*Audit is the most effective way to satisfy audit requirements as it relates to capturing and monitoring change to data within Oracle E-Business Suite.  CS*Audit also features an easy to configure near-real-time notification of changes being made.

CS*Audit includes the following…
·        Extensive library of pre-defined policies with mapping of related meta-data
·        Rule driven, fine-grained auditing and monitoring of changes to data
·        Near-real-time notification engine
·        Documentary approvals
·        Powerful reporting options
·        Capture change management information to provide to your auditors
·        Data security in our reporting repository where sensitive data is audited

CS*Provisum consists of two main components, Periodic Access Review (PAR) and Automated Assignment Provisioning (Provisioning (AAP).  

CS*Provisum (AAP) provides an efficient and effective means of automating the request and assignment of access within Oracle.  CS*Provisum (AAP) includes the following…
·        Initiation of responsibility request by the user, manager, or process owner
·        Visibility to potential SoD / single function risks as part of the approval process
·        Supervisor and/or process owner approval of access requests; no approval required can also be configured
·        Ability to create the user account when requests are approved
·        Superior visibility to pending and approved access requests

CS*Provisum (PAR) provides an efficient and effective means of validating user access on a regular basis.  CS*Provisum (PAR) includes the following…
·        Multiple review types (Process/Module owner, supervisor and transfer reviews)
·        “Selective” reviews for specific types of access (i.e. SoX Review, Financials Review, etc.)
·        Integrated with CS*Comply to provide visibility of SoD risk during the review process
·        Assignment de-provisioning is automated (no need to involve Security/System Administrator)
·        Review delegation, automated reminders/escalation and much more

CS*Rapid is a unique and innovative solution for delivering real-time operational reports and application extensions for Oracle E-Business Suite.   CS*Rapid includes the following:
·        Allows you to bring in-scope SOX reports into Oracle EBS so you can remove your data warehouse from your in-scope applications
·        Is fully integrated with Oracle E-Business Suite
·        A familiar look and feel
·        No up-front licensing costs, no additional hardware or software required
·        Your operational reporting requirements can go from concept to the users’ menu in minutes.

Contact ERP Risk Advisors (http://erpra.net/contactus.html) or CaoSys (http://caosys.com/mcw.php) for more information about these new software and service offerings.