tag:blogger.com,1999:blog-43116404429216695542024-03-13T23:57:10.170-07:00ERP Risk Advisors blogERP Risk Advisors CEO Jeffrey T. Hare, CPA CISA CIA blogs about GRC Best Practices for organizations running Oracle Applications.Unknownnoreply@blogger.comBlogger57125tag:blogger.com,1999:blog-4311640442921669554.post-10346480049849820042018-08-14T08:26:00.002-07:002018-08-14T08:26:58.621-07:00Two Day Training Class: Auditing Oracle's® Fusion ERP Cloud Application<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 id="yui_3_15_0_2_1534251036577_1457" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-size: 13px; font-variant: normal; letter-spacing: normal; margin: 1.3px 0px; orphans: 2; padding: 0px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_7" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;"><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: inline !important; float: none; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 18px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: nowrap; word-spacing: 0px;">Two Day Training Class: Auditing Oracle's® Fusion ERP Cloud Application</span></span></h2>
<div id="yui_3_15_0_2_1534251036577_1457" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_7" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;"><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br /></span></div>
<div id="yui_3_15_0_2_1534251036577_1457" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_7" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;">Is your company using Oracle's Fusion / ERP Cloud apps? Consider joining us for upcoming training from an audit perspective.</span></div>
<div id="yui_3_15_0_2_1534251036577_1457" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_7" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;"><br style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;" /></span></div>
<div id="yui_3_15_0_2_1534251036577_1453" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_2_1534251036577_1455" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;">Auditing Oracle's® Fusion ERP Cloud Application - ASE151</span></div>
<div id="yui_3_15_0_2_1534251036577_1453" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_2_1534251036577_1455" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;"><br /></span></div>
<div id="yui_3_15_0_2_1534251036577_1459" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_20" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;">New York - 13-14-Sep<br style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;" />San Francisco - 8-9-Nov</span></div>
<div id="yui_3_15_0_2_1534251036577_1482" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_24" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;"><br style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;" /></span></div>
<div id="yui_3_15_0_2_1534251036577_1482" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_24" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;">Details can be found on the link below.</span></div>
<div id="yui_3_15_0_2_1534251036577_1451" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 1.3px; margin-left: 0px; margin-right: 0px; margin-top: 1.3px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_15_0_4_1534251036577_11" style="background-image: none; border-bottom-color: rgb(0, 0, 0); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 0, 0); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 0, 0); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 0, 0); border-top-style: none; border-top-width: 0px; color: black; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; min-height: 0px; outline-color: transparent; outline-style: none; outline-width: 0px; overflow-x: visible; overflow-y: visible; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: auto;"><a href="https://www.misti.com/event-details?eventID=16387&orgCode=10" id="yui_3_15_0_4_1534251036577_14" style="color: #324fe1; text-decoration: none;">https://www.misti.com/event-details?eventID=16387&orgCode=10</a></span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-36361067412577275662018-07-31T13:19:00.001-07:002018-07-31T13:19:48.409-07:00CaoSys and ERP Risk Advisors Announce Preventive Provisioning for Free for E-Business Suite Users <div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2 style="margin: 2.66px 0px 0px;">
<span style="color: #2f5496; font-family: Calibri Light; font-size: medium;">CaoSys and ERP Risk Advisors Announce Preventive Provisioning for Free for
E-Business Suite Users </span></h2>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><b></b><span style="font-size: medium;"></span><span style="color: #2f5496;"></span><span style="font-family: Calibri Light;"></span><br />
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">CaoSys and ERP Risk Advisors is pleased to announce a"Preventive Provisioning for Free" offering for organizations using Oracle
E-Business Suite.<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">“We recognize that some organizations are using cloud and
client/server software packages that can’t restrict access to segregation of
duties conflicts and sensitive access risks” says ERP Risk Advisors CEO, Jeff
Hare, CPA CIA CIA.<span style="margin: 0px;"> </span>“The goal is not just
to identify who has this access, but to block new users from getting them in
the future or at least to have them go through an approval process where
mitigating controls would be documented”</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">CaoSys offers the best in breed solution CS*Comply as part
of its overall GRC software suite.<span style="margin: 0px;">
</span>CS*Comply is the most commonly implemented application in its broad
package of solutions that address many other compliance needs.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">“We have paired our best in class solution, CS*Comply, with
a rapid implementation by our key partner, ERP Risk Advisors, to be able to
bring this offering to the market” says CaoSys CEO Craig O’Neill.<span style="margin: 0px;"> </span>“We are excited to be able to provide
organizations who have chosen competitive products with the opportunity to
enhance their controls by using CS*Comply’s preventive control features.”</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">CS*Comply allows an organization to put individual
segregation of duties (SoD) conflicts and sensitive access rules in either PREVENT or
APPROVE mode.<span style="margin: 0px;"> </span>PREVENT mode would block the
access and is often used for high risk SoD conflicts such as the ability to
Enter Purchase Orders and Enter Goods Receipts.<span style="margin: 0px;">
</span>PREVENT mode is also used to block access in Production to sensitive
access risks such as forms that allow SQL injection or that allow General
Ledger balances or journal entries to be purged.<span style="margin: 0px;"> </span>APPROVE mode submits the conflict or risk to
a risk owner or process owner that can evaluate if the user being granted the
access is appropriate.<span style="margin: 0px;"> </span>The APPROVE mode
is used in cases where certain sensitive access risks such as the ability to
maintain user role assignments or enter suppliers is appropriate for the user
to which the assignment is being made.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">CaoSys and ERP Risk Advisors will implement and support
CaoSys’ CS*Comply module, which contains the preventive controls in PREVENT or
APPROVE mode, for the cost that organizations are currently paying for their
cloud provider or client/server software provider on an annual basis.</span><span style="font-size: 8pt; line-height: 107%; margin: 0px;">**</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: Calibri;">Obtain information about this offering by emailing <span style="margin: 0px;"><a href="https://www.blogger.com/null"><u><span style="color: #0563c1;">sales@caosys.com</span></u></a></span>
or <span style="margin: 0px;"><a href="https://www.blogger.com/null"><u><span style="color: #0563c1;">sales@erpra.net</span></u></a></span>
or visiting <span style="margin: 0px;"><a href="http://www.caosys.com/"><span style="color: #0563c1;">www.CaoSys.com</span></a></span>
or <span style="margin: 0px;"><a href="http://www.erpra.net/"><span style="color: #0563c1;">www.ERPRA.net</span></a></span>.<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-size: 8pt; line-height: 107%; margin: 0px;">**</span><span style="font-family: Calibri;"> some restrictions apply.<span style="margin: 0px;"> </span>Contact us for details.</span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="font-family: Calibri;"></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-34257163655860852572018-07-04T15:16:00.001-07:002018-07-04T16:20:50.741-07:00Press Release: ERP Risk Advisors announces new Audit Support as a Service services for Oracle's E-Business Suite and ERP Cloud applications<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Press Release: ERP Risk Advisors announces new Audit Support as a Service offerings for Oracle's E-Business Suite and ERP Cloud applications</h2>
ERP Risk Advisors is pleased to announce two new Software as a Service (SaaS) offerings for Oracle's ERP applications - E-Business Suite and ERP Cloud.<br />
<br />
This "Audit Support as a Service" offering will provide internal and external auditors with much better and more comprehensive data needed to audit these two applications.<br />
<br />
ERP Risk Advisors, CEO, Jeffrey T. Hare, CPA CIA CISA states the problem:<br />
<br />
"We are often brought in by organizations that have audit findings to help clients remediate their control deficiencies. As we help clients with their remediation, we often find many other significant control design issues that should have been identified by the internal and external auditors. Two things drive our findings. First, there is a lack of maturity in understanding by internal and external auditors of these specific systems and risks specific to each system. Second, auditors don't have the right data to help analyze these risks and related controls"<br />
<br />
ERP Risk Advisors has been focused on helping clients design and test controls for over 15 years. The new Audit Support as a Service offerings will provide the following data for Oracle's E-Business Suite and ERP Cloud applications:<br />
<ul style="text-align: left;">
<li>Test access controls and role design by evaluating sensitive access risks and segregation of duties conflicts</li>
<li>Evaluate control design by:</li>
<ul>
<li>reviewing the actual configurations verses expected configurations</li>
<li>considering ‘best practice’ configuration design as provided by ERP Risk Advisors</li>
</ul>
<li>Test change control processes by having a population of IT and functional configurations throughout the most commonly used ‘in scope’ modules and the core applications</li>
</ul>
<div>
ERP Risk Advisors CEO, Jeff Hare, continues:</div>
<div>
<br /></div>
<div>
"There are significant gaps in the understanding of systems auditors are responsible for reviewing. Each ERP system has its own characteristics that must be taken into account as part of the audit. No longer can auditors audit 'around' the system. Auditors need a better understanding of the system and need better data to perform an audit that is complete and accurate. I would encourage you to take a look at this recent article I wrote on this topic called "<span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;">Why
the PCAOB and External Auditors Should be Concerned about Substantive Only
Audits </span>" which can be found <a href="http://jeffreythare.blogspot.com/2018/07/why-pcaob-and-external-auditors-should.html" target="_blank">here</a>. This explains this need in more detail. We look forward to helping internal and external auditors improve their effectiveness and efficiencies in auditing Oracle's E-Business Suite and ERP Cloud applications through the use of this service"</div>
<div>
<br /></div>
<div>
More about this service and other services offered by ERP Risk Advisors can be found <a href="http://erpra.net/Services.html" target="_blank">here</a>.</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-55339187910375009282018-07-04T14:30:00.000-07:002018-07-04T14:31:48.523-07:00Why the PCAOB and External Auditors Should be Concerned about Substantive-Only Audits<div dir="ltr" style="text-align: left;" trbidi="on">
<b><span style="font-family: "calibri"; font-size: large;"></span></b><br />
<h2 align="center" style="margin: 2.66px 0px 0px; text-align: center;">
<span style="color: #2f5496; font-family: "calibri light"; font-size: medium;">Why the PCAOB and External Auditors
Should be Concerned about Substantive-Only Audits</span></h2>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><b></b><span style="font-size: medium;"></span><span style="color: #2f5496;"></span><span style="font-family: "calibri light";"></span><br />
<br />
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">This article is long overdue, but still one I have been
dreading to release.<span style="margin: 0px;"> </span>I know the audit
firms could come under significant additional scrutiny from regulators such as
the PCAOB.<span style="margin: 0px;"> </span>However, there are
significant risks organizations are facing because of poorly designed controls
and inadequate audit procedures.<span style="margin: 0px;"> </span>It is
2018, more than 15 years after the passage of the Sarbanes-Oxley act and it is
time to shine the light on areas that board members and investors would be appalled
by if they understood this topic. With this said, here is my article...</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">In evaluating how to approach an audit, in general, and
specific business processes within any audit, in particular, external auditors
sometimes choose to audit ‘around the system’.<span style="margin: 0px;">
</span>That is, they ignore the way systems are designed and test the given
process or control without regards to how the system is designed.<span style="margin: 0px;"> </span>They do so by identifying a population of
transactions related to the process and testing the activity through sampling
as required by their internal standards and consistent with the regulator(s)
that oversee their audits (PCAOB, OCC, various government agencies, etc).</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">There are consistent gaps in the approach that external audit
firms take that could leave the chosen populations incomplete.<span style="margin: 0px;"> </span>Therefore, I will make the argument that a
substantive-only audit is a flawed approach and one that external audit
partners and regulators should be concerned about.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">To illustrate this flaw, I will use arguably the most
important control related to the integrity of the financial statements – the
control over manual (non-standard) journal entries.<span style="margin: 0px;"> </span>Manual journal entries inherently pose a high
risk to the integrity of the financial statements because they can move any
balance between any account within the trial balance.<span style="margin: 0px;"> </span>In my experience, most external auditors
don’t know how to properly identify a population of journal entries that equate
to a manual journal entry.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">I identify the following types of journal entries that could
exist within an ERP system:</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">1.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Manually created in the system within the
general ledger itself</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">2.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Uploaded from a spreadsheet – manual or
non-standard type</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">3.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Uploaded from a spreadsheet – created by another
system (i.e. manual interface)</span><br />
<br /></div>
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">4.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="font-family: "calibri";">Uploaded
from a spreadsheet – looking as if it came from a subledger</span><br />
<span style="font-family: "calibri";"><br /></span></div>
<span style="margin: 0px;"></span>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">5.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Interfaced from another system (i.e. automated
interface)</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">6.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Transferred from a subledger</span></div>
<br />
<div style="margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">7.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Manually created in a subledger and transferred
as if it were a subledger entry</span></div>
<span style="font-family: "calibri";"></span><br />
<div style="margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
</div>
<span style="font-family: "calibri";">
</span>
<h2 style="margin: 2.66px 0px 0px;">
<span style="font-family: "calibri";">
<span style="color: #000015; font-family: "calibri light"; font-size: medium;"><br /></span></span></h2>
<span style="font-family: "calibri";">
<h2 style="margin: 2.66px 0px 0px;">
<span style="color: #000015; font-family: "calibri light"; font-size: medium;">… continued in full article - see below for link ...</span></h2>
<h2 style="margin: 2.66px 0px 0px;">
<span style="color: #2f5496; font-family: "calibri light"; font-size: medium;"><br /></span></h2>
<h2 style="margin: 2.66px 0px 0px;">
<span style="color: #2f5496; font-family: "calibri light"; font-size: medium;">Conclusions</span></h2>
<div style="margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
</div>
<div style="margin: 0px 0px 10.66px;">
Because of the way JE controls are typically designed (i.e.
to ignore subledger JE’s) organizations using Oracle’s E-Business Suite or ERP
Cloud applications would need to configure each system differently in order to
prohibit a user from creating a journal entry from a Source that is not subject
to the manual / non-standard JE controls.<span style="margin: 0px;">
</span>In other words, even in the case where an audit is not placing reliance
on any application controls (i.e. a fully substantive audit), the improper
configuration of a system COULD cause the functional auditors to leave out a
portion of the JE’s that should be in their control population.<span style="margin: 0px;"> </span></div>
<h2 style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; font-family: "calibri"; font-size: 24px; font-style: normal; font-variant: normal; font-weight: 700; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 2.66px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="margin: 0px;"><span style="background-color: transparent; color: #000015; display: inline; float: none; font-family: "calibri light"; font-size: 18.06px; font-variant: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="color: #000015; font-family: "calibri light"; font-size: medium; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">… continued in full article - see below for link …</span></span></span></h2>
</span><br />
<div style="margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="font-family: "calibri";"><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br /></span></div>
Access the full article <a href="http://erpra.net/PCAOB_article_July2018.html" target="_blank">here</a></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-25550963194397183032018-06-16T14:18:00.000-07:002018-06-16T14:18:01.957-07:00Oracle E-Business Suite Controls: Foundational Principles is finished!<div dir="ltr" style="text-align: left;" trbidi="on">
<a class="js-post-title-link title-link" data-app-link="" href="https://www.linkedin.com/groups/12100219/12100219-6413850267854393348" style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; border-bottom-color: rgb(0, 140, 201); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 140, 201); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 140, 201); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 140, 201); border-top-style: none; border-top-width: 0px; box-sizing: border-box; color: #008cc9; cursor: pointer; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 26px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 700; letter-spacing: normal; line-height: 32px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: underline; text-indent: 0px; text-transform: none; transition-delay: 0s; transition-duration: 0.1s; transition-property: color; transition-timing-function: cubic-bezier(0.25, 0.1, 0.25, 1); vertical-align: baseline; white-space: normal; word-spacing: 0px;">Oracle E-Business Suite Controls: Foundational Principles is finished!</a><br />
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br />
<span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Oracle E-Business Suite Controls: Foundational Principles is finished!</span><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Tetelestai, as the Greeks would say. Meaning - it is finished.</span><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Four years since I first started an the update to this book... You can purchase this at: </span><a class="js-link post-link" href="https://www.linkedin.com/redir/redirect?url=http%3A%2F%2Fwww%2Elulu%2Ecom%2Fshop%2Fjeffrey-t-hare-cpa-cisa-cia%2Foracle-e-business-suite-controls-foundational-principles-2nd-edition%2Fpaperback%2Fproduct-23679820%2Ehtml&urlhash=kqRf&_t=tracking_anet" style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; border-bottom-color: rgb(0, 140, 201); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 140, 201); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 140, 201); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 140, 201); border-top-style: none; border-top-width: 0px; box-sizing: border-box; color: #008cc9; cursor: pointer; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; transition-delay: 0s; transition-duration: 0.1s; transition-property: color; transition-timing-function: cubic-bezier(0.25, 0.1, 0.25, 1); vertical-align: baseline; white-space: normal; word-spacing: 0px;" target="_blank">http://www.lulu.com/shop/jeffrey-t-hare-cpa-cisa-cia/oracle-e-business-suite-controls-foundational-principles-2nd-edition/paperback/product-23679820.html</a><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">.</span><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">If you want to support more publication of best practices like this, please consider purchasing this book. 100% of the proceeds of the book will support Rapha House. Rapha House is a Christian ministry whose mission is "We exist to love, rescue, & heal children who have been rescued from trafficking & sexual exploitation." So your purchase of this book will not only serve to help motivate me to write more articles and books, but will also serve to protect 'the least of these' among us. See more at </span><a class="js-link post-link" href="https://www.linkedin.com/redir/redirect?url=www%2ERaphaHouse%2Ecom&urlhash=mgBk&_t=tracking_anet" style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; border-bottom-color: rgb(0, 140, 201); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgb(0, 140, 201); border-left-style: none; border-left-width: 0px; border-right-color: rgb(0, 140, 201); border-right-style: none; border-right-width: 0px; border-top-color: rgb(0, 140, 201); border-top-style: none; border-top-width: 0px; box-sizing: border-box; color: #008cc9; cursor: pointer; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; transition-delay: 0s; transition-duration: 0.1s; transition-property: color; transition-timing-function: cubic-bezier(0.25, 0.1, 0.25, 1); vertical-align: baseline; white-space: normal; word-spacing: 0px;" target="_blank">www.RaphaHouse.com</a><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"> </span><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">For those of you that have seen the musical - Hamilton - the phrase 'why do you write like you're running out of time' from the song 'Non Stop' comes to mind. More articles and books to come. </span><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">#HamiltonQuotesForTheWinAlex #Matthew25_40 #NonStop</span><br style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; box-sizing: border-box; color: rgba(0, 0, 0, 0.7); font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" /><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: rgba(0, 0, 0, 0.7); display: inline !important; float: none; font-family: "Source Sans Pro",Helvetica,Arial,sans-serif; font-size-adjust: none; font-size: 15px; font-stretch: 100%; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">#oracleebusinesssuite #OracleBestPractices #NotThrowingAwayMyShot</span><br />
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-Vvuoblh1k1M/WyV8B1cprRI/AAAAAAAABeA/v7zZksQwrgUqPZh1FPNTVAYToHLP8fbTACLcBGAs/s1600/Book%2BCover%2Bpic_final.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1287" data-original-width="862" height="320" src="https://3.bp.blogspot.com/-Vvuoblh1k1M/WyV8B1cprRI/AAAAAAAABeA/v7zZksQwrgUqPZh1FPNTVAYToHLP8fbTACLcBGAs/s320/Book%2BCover%2Bpic_final.png" width="214" /></a></div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-24864693041809993582018-05-22T13:46:00.000-07:002018-05-22T13:48:41.220-07:00CaoSys and ERP Risk Advisors Announces New Accelerated Implementation and Subscription Pricing for their Segregation of Duties Solution, CS*Comply<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
CaoSys and ERP Risk Advisors Announce New Accelerated Implementation and Subscription Pricing for their Segregation of Duties Solution, CS*Comply</h2>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">CaoSys is pleased to announce their leading SoD solution,
CS*Comply, for Oracle E-Business Suite is now available with Subscription
pricing.<span style="margin: 0px;"> </span>CaoSys has partnered with ERP
Risk Advisors to provide accelerated implementation services for its flagship
SoD solution such that implementation services can be bundled into subscription
costs.</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">“We’ve seen a trend that our customers and prospects are
looking for lower initial costs that can be addressed in an operating budget
rather than requiring a capital expense” said Craig O’Neill, CTO at CaoSys.<span style="margin: 0px;"> </span>“We are excited to announce that our flagship
SoD solution, CS*Comply, is now available in a new simple subscription pricing model that
provides our high-quality software for customers looking for a lower entry cost.”</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">CaoSys has partnered with ERP Risk Advisors since 2008 to
implement its GRC suite.<span style="margin: 0px;"> </span>ERP Risk
Advisors has also built risk-based content for CS*Comply and can provide risk
advisory services as part of the implementation of the suite.</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">“We are excited to provide accelerated implementation
services for the CaoSys GRC suite that can get the basics of each solution ‘up
and running’ then provide follow on training and consulting in the following
months” says ERP Risk Advisors CEO, Jeffrey Hare CPA CIA CISA. “We are <span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;">committed</span>
to provide on-going touch points each month to help CaoSys customers derive
more value from each of the solutions they have licensed.”</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">CaoSys and ERP Risk Advisors now offer best of breed
software, content, high-quality risk advisory services and ongoing support all
for a low fix monthly subscription fee. This new solution offering will be
available from May 14<sup><span style="font-size: x-small;">th</span></sup>.</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";"><a href="https://www.blogger.com/null" name="_Hlk513734419">Obtain information about this offering
by emailing </a><a href="https://www.blogger.com/null"><span style="margin: 0px;">info@caosys.com</span></a><span style="margin: 0px;">
or </span><a href="https://www.blogger.com/null"><span style="margin: 0px;">sales@erpra.net</span></a><span style="margin: 0px;"> or visiting </span><a href="http://www.caosys.com/"><span style="margin: 0px;"><span style="color: #0563c1;">www.CaoSys.com</span></span></a><span style="margin: 0px;"> or </span><a href="http://www.erpra.net/"><span style="margin: 0px;"><span style="color: #0563c1;">www.ERPRA.net</span></span></a><span style="margin: 0px;">.<span style="margin: 0px;"> </span></span></span></div>
<div style="text-align: left;">
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="font-family: "calibri";"></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-36854261700466514182018-04-17T17:14:00.000-07:002018-04-17T17:14:22.856-07:00ERP Risk Advisors at Collaborate 2018_Major Announcements<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="msg-title" id="yui_3_15_0_2_1524010251978_1993" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: #3f3f3f; display: inline-block; font-family: "Helvetica Neue",Helvetica,Arial,san-serif,Roboto; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 28px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-width: 587.7px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<h2 alt="ERP Risk Advisors at Collaborate 2018_Major Announcements" class="fs-14 fw-600 sprint" data-subject="ERP Risk Advisors at Collaborate 2018_Major Announcements" id="yg-msg-subject" style="cursor: pointer; font-size: 14px; font-weight: 600; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; overflow: hidden; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-overflow: ellipsis; white-space: nowrap;">
</h2>
<h2 style="text-align: center;">
ERP Risk Advisors at Collaborate 2018_Major Announcements</h2>
</div>
<div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike><br /></strike></div>
<div>
<br /></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">ERP Risk Advisors will be
presenting again this year at Collaborate 18 in Las Vegas, April 22-26. </span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">At Collaborate we will be
announcing and discussing in more detail several major enhancements to our
partner network and services as follows:</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Audit Support as a Service for
E-Business Suite and ERP Cloud – Complete data necessary to audit either
application including configurations, a change management population, and SoD
conflicts / Sensitive Access rule reporting</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Content Unlimited for ERP Cloud –
SoD and Sensitive Access rule subscription service for Oracle’s Risk Management
Cloud</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Training of project teams and
auditors on Risks and Controls for ERP Cloud</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">E-Business Suite license review
service through CaoSys’ CS*License solution</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Support of Oracle’s Risk Management
Cloud for ERP Cloud </span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Quarterly Risk Advisory webinar for
ERP Cloud – focusing on governance, risk management, and control design issues
throughout the application including bugs and enhancement requests</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px 48px; text-indent: -0.25in;">
<span style="color: #333333; font-family: Symbol; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"> </span></span></span><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Several new Risk Advisory articles
for ERP Cloud</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<br /></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">If you are attending Collaborate, please
visit us at Booth 1330 and plan on attending one or more of
these sessions:</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Sunday 22<sup>nd</sup> - 3 p.m. - </span><a href="https://app.attendcollaborate.com/event/member/448561"><span style="font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="color: #17488a;">Foundational Concepts in Security and Controls in
the ERP Cloud</span></span></a><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">
(South Seas G) </span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Monday 23<sup>rd</sup> - 11 a.m. - </span><a href="https://app.attendcollaborate.com/event/member/448440"><span style="font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="color: #17488a;">GRC SIG</span></span></a><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"> – Change Management Best Practices</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Wednesday 25<sup>th </sup>- 9:45
a.m. </span><a href="https://app.attendcollaborate.com/event/member/446549"><span style="font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="color: #17488a;">Foundational Concepts in Security and Controls in
PeopleSoft</span></span></a><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"> (Reef B)</span></div>
<br />
<div style="line-height: 107%; margin: 0px 0px 10.66px;">
<span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;">Thursday – 26<sup>th</sup>
(ADDITIONAL FEE) - 8:30 a.m. to 1:00 p.m. </span><a href="https://app.attendcollaborate.com/event/member/471623"><span style="font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"><span style="color: #17488a;">Security and Controls Foundational Concepts for
Oracle E-Business Suite</span></span></a><span style="color: #333333; font-family: "Helvetica",sans-serif; font-size: 12pt; line-height: 107%; margin: 0px;"> – (Jasmine C)</span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-61836851815506047802018-04-16T17:41:00.002-07:002018-04-16T17:43:58.863-07:00ERP Cloud: Certified Resources for Risk Management Cloud<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: center;">
ERP Cloud: Risk Management Cloud Certifications and Services</h2>
<h3 style="text-align: center;">
*** PRESS RELEASE ***</h3>
<br />
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60532" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_16_0_ym19_1_1523914364565_60531" style="font-size: 16px;">ERP Risk Advisors is pleased to announce a second of our resources is certified on the Financial Reporting Compliance (FRC) module of the Risk Management Cloud. Donna Curtis was one of the first to attain certification on FRC and recently Sam Monarch has recently become certified as well. </span></div>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60530" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-size: 16px;"> </span></div>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60529" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_16_0_ym19_1_1523914364565_60528" style="font-size: 16px;">Many organizations have licensed the Risk Management Cloud and can take advantage of our accelerated implementation services including a two-week proof of concept engagement and six-week accelerated implementation of the FRC module.</span></div>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60527" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-size: 16px;"> </span></div>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60526" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span id="yui_3_16_0_ym19_1_1523914364565_60525" style="font-size: 16px;">ERP Risk Advisors is the premier niche consulting firm who focuses on Oracle applications, with an emphasis on ERP Cloud, E-Business Suite, and PeopleSoft.</span></div>
<div class="yiv1116492466MsoNormal" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-size: 16px;"> </span></div>
<div class="yiv1116492466MsoNormal" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-size: 16px;">Contact us at <a href="http://erpra.net/contactus.html" rel="nofollow" shape="rect" style="background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0%; background-position-y: 0%; background-repeat: repeat; background-size: auto; color: #0563c1; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: underline;" target="_blank">http://erpra.net/contactus.html</a> for more information.</span></div>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60541" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-family: "Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; orphans: 2; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-size: 16px;"> </span></div>
<div class="yiv1116492466MsoNormal" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
Donna Curtis bio:</div>
<div id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222533" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 10.66px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<ul id="yui_3_16_0_ym19_1_1523914364565_60524" style="display: block; list-style-image: none; list-style-position: outside; list-style-type: disc; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 2px; padding-bottom: 0px; padding-left: 40px; padding-right: 40px; padding-top: 0px;" type="disc">
<li class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60523" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;"><span id="yui_3_16_0_ym19_1_1523914364565_60522">ERP Risk Advisors Cloud Practice Lead</span></li>
</ul>
</div>
<ul id="yui_3_16_0_ym19_1_1523914364565_60515" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; list-style: disc; margin: 2px 0px 0px; orphans: 2; padding: 0px 40px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" type="disc">
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222535" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;">20+ years as an Oracle EBS/GRC/Cloud consultant</li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222537" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;">Aided Oracle in the writing of the Oracle Financial Reporting Compliance Certification exam </li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222539" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;"><span id="yui_3_16_0_ym19_1_1523914364565_60514">Experience includes Big 4 consulting as well as small boutique firms </span></li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222541" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;"><span id="yui_3_16_0_ym19_1_1523914364565_60542">Certified Cloud Security Implementation Specialist, Certified FRC Implementation Specialist</span></li>
</ul>
<div class="yiv1116492466MsoNormal" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<br /></div>
<div class="yiv1116492466MsoNormal" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
Sam Monarch bio:</div>
<div id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222547" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 10.66px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<ul style="display: block; list-style-image: none; list-style-position: outside; list-style-type: disc; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 2px; padding-bottom: 0px; padding-left: 40px; padding-right: 40px; padding-top: 0px;" type="disc">
<li class="yiv1116492466MsoNormal" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;">ERP Risk Advisors Oracle GRC Practice Lead</li>
</ul>
</div>
<ul id="yui_3_16_0_ym19_1_1523914364565_60544" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; list-style: disc; margin: 2px 0px 0px; orphans: 2; padding: 0px 40px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" type="disc">
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222549" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;"><span id="yui_3_16_0_ym19_1_1523914364565_60543">29+ GRC Implementations covering all areas of Risk & Compliance</span></li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222551" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;">Expert Reviewer (SME) - Governance, Risk, and Compliance Handbook for Oracle Applications; Packt Publishing</li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222553" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;">Functional and Technical Leader in Oracle GRC, ERP Cloud Risk Management and CaoSys Product Suites </li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222555" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;">Experience includes Big 4 audit defense utilizing GRC technologies</li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222557" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;"><span id="yui_3_16_0_ym19_1_1523914364565_60545">Author of comprehensive IT Department SOPs, structured to optimize the business processes allowing clients to become both compliant and efficient.</span></li>
<li class="yiv1116492466MsoNormal" id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222559" style="color: black; display: list-item; font-family: sans-serif; margin: 0px;"><span id="yui_3_16_0_ym19_1_1523914364565_60546">Certified FRC Implementation Specialist</span></li>
</ul>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60547" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
</div>
<div class="yiv1116492466MsoNormal" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
About ERP Risk Advisors:</div>
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60563" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: block; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
</div>
<div id="yiv1116492466yui_3_16_0_ym19_1_1523564235946_222574" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin-bottom: 10.66px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div class="yiv1116492466MsoNormal" id="yui_3_16_0_ym19_1_1523914364565_60562" style="display: block; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">
<span id="yui_3_16_0_ym19_1_1523914364565_60561" style="color: black;">ERP Risk Advisors is a leading provider of Risk Advisory services for organizations using Oracle Applications. We provide consulting and training services related to compliance, security, risk management, and controls. We also assist organizations in implementing GRC-related software from industry-leading companies. ERP Risk Advisors is a proud VAR of CaoSys as well as several other leading software companies.</span></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-54378413302129551502018-04-06T18:51:00.000-07:002018-04-06T18:51:55.227-07:00ERP Cloud: Two new risk advisors articles published and available to end users of ERP Cloud<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: center;">
ERP Cloud: Two new risk advisors articles published and available to end users of ERP Cloud</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-z9U1-bx7LAA/WHASqCVHhtI/AAAAAAAABMI/FkvjXKeS_eATjb-gKA1RnJ5rcTXlqcyTQCPcBGAYYCw/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="53" data-original-width="150" src="https://4.bp.blogspot.com/-z9U1-bx7LAA/WHASqCVHhtI/AAAAAAAABMI/FkvjXKeS_eATjb-gKA1RnJ5rcTXlqcyTQCPcBGAYYCw/s1600/logo3146278_sm_jpeg.jpg" /></a></div>
<h3 style="text-align: center;">
Thought Leadership Others Follow</h3>
<br />
ERP Risk Advisors is pleased to announce the publishing of two new articles for ERP Cloud in our Risk Advisory series. Both of these articles <b><i>are only available to end user organizations</i></b> that are considering implementing, are implementing, or have implemented Oracle's ERP Cloud software.<br />
<br />
The topics are:<br />
<ul style="text-align: left;">
<li>How Two ... Could Undermine Your Manual Journal Entry Controls</li>
<li>Critical Risks in Managing System...</li>
</ul>
If you are an end user organization, you can request these articles at:<br />
<a href="http://erpra.net/ArticleAccessForm.html" target="_blank">http://erpra.net/ArticleAccessForm.html </a><br />
<span style="color: black;"><u></u><b></b><br /></span><div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; letter-spacing: normal; margin: 8.96px 0px 0px; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; unicode-bidi: embed; white-space: normal; word-break: normal; word-spacing: 0px;">
<span style="color: black; font-family: inherit;">Please keep ERP Risk Advisors in mind for any services you have related to ERP Cloud</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; letter-spacing: normal; margin: 8.96px 0px 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; unicode-bidi: embed; white-space: normal; word-break: normal; word-spacing: 0px;">
<u><span style="color: black; font-family: inherit;">Services and offerings – ERP Cloud</span></u></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="color: black; font-family: inherit; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">•Comprehensive Risk Assessment / Controls Design</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 7.04px 0px 0px 36.48px; orphans: 2; text-align: left; text-decoration: none; text-indent: -36.48px; text-transform: none; unicode-bidi: embed; white-space: normal; word-break: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><span style="color: black;"></span><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="color: black; font-family: inherit; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">•Role Assessment, Remediation and Design</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><span style="color: black;"></span><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="color: black; font-family: inherit; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">•Reports & Analytics Development for Controls Monitoring</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="font-family: inherit;"><span style="color: black;"></span><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; margin: 0px; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="color: black; font-family: inherit; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px;">•Risk Management Cloud Implementation & Support:</span></div>
<ul style="-webkit-text-stroke-width: 0px; background-color: transparent; font-family: Times New Roman; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<li><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: left;">
<span style="color: black; font-family: inherit;">Financial Reporting Compliance (FRC) </span></div>
</li>
<li><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: left;">
<span style="color: black; font-family: inherit;">Advanced Financial Controls (AFC)</span></div>
</li>
<li><div style="margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; text-align: left;">
<span style="color: black; font-family: inherit;">Advanced Access Controls (AAC)</span></div>
</li>
</ul>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="color: black;"></span>Regards,<br />
Jeffrey T. Hare, CPA CIA CISA</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-92120872010455128962018-04-05T20:14:00.001-07:002018-04-05T20:14:18.163-07:00Oracle E-Business Suite Controls: Foundational Principles is just around the corner...<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
<span style="-webkit-text-stroke-width: 0px; background-color: transparent; display: inline !important; float: none; font-family: Times New Roman; font-style: normal; font-variant: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: pre-wrap; word-spacing: 0px;"><u><span style="color: black;">Oracle E-Business Suite Controls: Foundational Principles is just around the corner...</span></u></span><span style="-webkit-text-stroke-width: 0px; background-color: transparent; display: inline !important; float: none; font-family: -apple-system,system-ui,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Fira Sans,Ubuntu,Oxygen,Oxygen Sans,Cantarell,Droid Sans,Lucida Grande,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Emoji,Segoe UI Symbol,Hiragino Kaku Gothic Pro,Meiryo,Hiragino Sans GB W3,Noto Naskh Arabic,Droid Arabic Naskh,Geeza Pro,Simplified Arabic,Noto Sans Thai,Thonburi,Dokchampa,Droid Sans Thai,Droid Sans Fallback,".SFNSDisplay-Regular",Heiti SC,Microsoft Yahei; font-style: normal; font-variant: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"></span></h2>
<div class="feed-shared-update__description feed-shared-inline-show-more-text feed-shared-inline-show-more-text--expanded ember-view" id="ember4984" style="-webkit-text-stroke-width: 0px; background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0px; background-position-y: 0px; background-repeat: repeat; background-size: auto; border-bottom-color: rgba(0, 0, 0, 0.9); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgba(0, 0, 0, 0.9); border-left-style: none; border-left-width: 0px; border-right-color: rgba(0, 0, 0, 0.9); border-right-style: none; border-right-width: 0px; border-top-color: rgba(0, 0, 0, 0.9); border-top-style: none; border-top-width: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.9); display: block; font-family: -apple-system,system-ui,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Fira Sans,Ubuntu,Oxygen,Oxygen Sans,Cantarell,Droid Sans,Lucida Grande,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Emoji,Segoe UI Symbol,Hiragino Kaku Gothic Pro,Meiryo,Hiragino Sans GB W3,Noto Naskh Arabic,Droid Arabic Naskh,Geeza Pro,Simplified Arabic,Noto Sans Thai,Thonburi,Dokchampa,Droid Sans Thai,Droid Sans Fallback,".SFNSDisplay-Regular",Heiti SC,Microsoft Yahei; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; line-height: 20px; margin-bottom: 0px; margin-left: 16px; margin-right: 16px; margin-top: 0px; max-height: none; max-width: 928px; orphans: 2; outline-color: invert; outline-style: none; outline-width: 0px; overflow: hidden; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; position: relative; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<div class="Sans-15px-black-70% feed-shared-main-content ember-view" dir="ltr" id="ember4985" style="background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0px; background-position-y: 0px; background-repeat: repeat; background-size: auto; border-bottom-color: rgba(0, 0, 0, 0.75); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgba(0, 0, 0, 0.75); border-left-style: none; border-left-width: 0px; border-right-color: rgba(0, 0, 0, 0.75); border-right-style: none; border-right-width: 0px; border-top-color: rgba(0, 0, 0, 0.75); border-top-style: none; border-top-width: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.75); font-family: -apple-system,system-ui,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Fira Sans,Ubuntu,Oxygen,Oxygen Sans,Cantarell,Droid Sans,Lucida Grande,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Emoji,Segoe UI Symbol,Hiragino Kaku Gothic Pro,Meiryo,Hiragino Sans GB W3,Noto Naskh Arabic,Droid Arabic Naskh,Geeza Pro,Simplified Arabic,Noto Sans Thai,Thonburi,Dokchampa,Droid Sans Thai,Droid Sans Fallback,".SFNSDisplay-Regular",Heiti SC,Microsoft Yahei; font-size: 14px; font-weight: 400; height: 280px; line-height: 20px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left; vertical-align: baseline; white-space: pre-wrap; width: 520px; word-wrap: break-word;">
<span class="ember-view" id="ember4988" style="background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0px; background-position-y: 0px; background-repeat: repeat; background-size: auto; border-bottom-color: rgba(0, 0, 0, 0.75); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgba(0, 0, 0, 0.75); border-left-style: none; border-left-width: 0px; border-right-color: rgba(0, 0, 0, 0.75); border-right-style: none; border-right-width: 0px; border-top-color: rgba(0, 0, 0, 0.75); border-top-style: none; border-top-width: 0px; box-sizing: border-box; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;"><span style="background-attachment: scroll; background-clip: border-box; background-color: transparent; background-image: none; background-origin: padding-box; background-position-x: 0px; background-position-y: 0px; background-repeat: repeat; background-size: auto; border-bottom-color: rgba(0, 0, 0, 0.75); border-bottom-style: none; border-bottom-width: 0px; border-image-outset: 0; border-image-repeat: stretch; border-image-slice: 100%; border-image-source: none; border-image-width: 1; border-left-color: rgba(0, 0, 0, 0.75); border-left-style: none; border-left-width: 0px; border-right-color: rgba(0, 0, 0, 0.75); border-right-style: none; border-right-width: 0px; border-top-color: rgba(0, 0, 0, 0.75); border-top-style: none; border-top-width: 0px; box-sizing: border-box; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: invert; outline-style: none; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">Can it be over soon??? I have been laboring over updating my E-Business Suite Application Security book for years and have one more chapter to write before it goes into final review...<br /><br />It will be called "Oracle E-Business Suite Controls: Foundational Principles" and I hope, hope, hope to have it done by the end of April.<br /><br />So... ready for it to be completed so it can be a resource for organizations running Oracle E-Business Suite.<br /><br />The book has more than doubled in size an is approach 400 pages... It will likely have to be hard cover because of its size. We'll see...<br /><br />Then... it will be onward towards writing a similar book for ERP Cloud.</span></span></div>
</div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-40164737439999643632018-03-06T10:04:00.001-08:002018-03-06T10:10:10.026-08:00New Webinar and New LinkedIn Group focusing on GRC issues for Oracle’s ERP Cloud software<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2 style="margin: 0px 0px 10.66px; text-align: left;">
New Webinar and New LinkedIn Group focusing on GRC issues for Oracle’s ERP
Cloud software</h2>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">ERP Risk Advisors is excited to present our ERP Cloud Risk
Advisory Series.<span style="margin: 0px;"> </span>Join us for our first webinar
in this series title - How One Configuration Could Undermine Your Manual
Journal Entry Controls. <span style="margin: 0px;"> </span>Join CEO,
Jeffrey T. Hare, CPA CISA CIA and our ERP Cloud Practice Manager, Donna Curtis
for this webinar. </span></div>
<span style="font-family: "calibri";">This webinar will provide you with one CPE credit, but is
only open to end user organizations. No anonymous emails, consulting firms, or
audit firms will be allowed to participate.</span><br />
<br />
<span style="font-family: "calibri";">Register here:</span><br />
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";"><a href="https://attendee.gotowebinar.com/register/5232145217226870017"><span style="color: #0563c1;">https://attendee.gotowebinar.com/register/5232145217226870017</span></a>
</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">With this new Risk Advisory series, we are also excited to
announce a new LinkedIn Group focused on GRC issues for Oracle’s ERP Cloud
software.<span style="margin: 0px;"> </span>Sign up for this group here:</span></div>
<span style="font-family: "calibri";"><a href="https://www.linkedin.com/groups/12100219"><span style="color: #0563c1;">https://www.linkedin.com/groups/12100219</span></a>
</span><br />
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="font-family: "calibri";"></span></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-4311640442921669554.post-35061088360749475902018-02-01T10:17:00.000-08:002018-02-01T10:17:16.296-08:00ERP Risk Advisors to present at OAUG's Risk Week<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
ERP Risk Advisors to present at OAUG's Risk Week</h2>
<br />
ERP Risk Advisors founder and CEO, Jeffrey T. Hare, CPA CIA CISA, will be presenting at OAUG's risk week. His presentation is titled "<a href="https://oaug.org/education-events/elearning/item/7123-erp-risk-advisors-and-caosys-the-premier-grc-offering-for-oracle-e-business-suite" rel="noopener" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: #29a3e0; font-family: sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; outline-color: invert; outline-style: none; outline-width: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; transition-delay: 0s; transition-duration: 0.2s; transition-property: all; transition-timing-function: cubic-bezier(0, 0, 1, 1); white-space: normal; word-spacing: 0px;" target="_blank"><strong style="font-weight: 600;">ERP Risk Advisors and CaoSys: The Premier GRC Offering for Oracle E-Business Suite</strong></a>"<br />
<br />
The presentation will include a discussion of common issues being identified by external and internal auditors and how the CaoSys suite of GRC-related applications can be used to address these needs.<br />
<br />
The CaoSys GRC software suite is, by far, the leader in software in the E-Business Suite GRC space having been implemented at leading organizations throughout the world CaoSys customer base includes the largest on-line retailer in the world with undoubtedly the largest install base, a high-tech manufacturer who is top 10 in the world in transaction volume for EBS, and many other leading Fortune 500 companies.<br />
<br />
ERP Risk Advisors has developed content and specialized risk advisory services to supplement CaoSys' industry-leading software. Our content library includes more than 1,000 rules - 600+ of the rules are sensitive access rules, providing visibility to risks throughout the applications. This includes nearly 400 rules of activities are expected to go through the Change Management process which allow you to easily evaluate if functions that should be managed by IT are isolated to those that understand and execute the change control expectations.<br />
<br />
Our webinar will be held Friday, <span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: #666666; display: inline !important; float: none; font-family: sans-serif; font-size: 15px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">09 February 2018 at 1 p.m. EST.</span><br />
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br />
Join us at our Risk Week webinar hosted by OAUG by signing up here:<br />
<a href="https://oaug.org/education-events/elearning/item/7123-erp-risk-advisors-and-caosys-the-premier-grc-offering-for-oracle-e-business-suite">https://oaug.org/education-events/elearning/item/7123-erp-risk-advisors-and-caosys-the-premier-grc-offering-for-oracle-e-business-suite</a>.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-33642133380202545242018-01-23T23:05:00.001-08:002018-01-23T23:08:03.758-08:00Welcome to 2018! Big news for ERP Risk Advisors!!!<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2 style="margin: 2.66px 0px 0px; text-align: left;">
Welcome to 2018!<span style="margin: 0px;"> </span>Big news for ERP
Risk Advisors!!!</h2>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><b></b><span style="font-size: medium;"></span><span style="color: #2f5496;"></span><span style="font-family: "calibri light";"><br /></span>
<span style="font-family: "calibri";">With a new year brings exciting news at ERP Risk
Advisors.<span style="margin: 0px;"> </span>Happy New Year! We wish you
the best for 2018.</span><br />
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">First, we are pleased to welcome a new member to our team,
<a href="http://www.linkedin.com/in/donnalcurtis/" target="_blank">Donna Curtis</a>, who will be heading up our ERP Cloud practice after just recently
leaving a big 4 firm as a Manager.<span style="margin: 0px;"> </span>She
brings over 20 years of experience in the IT industry as a leading talent in
the Oracle EBS/Cloud and Advanced Controls space with full life cycle
implementations on multiple projects (30+).<span style="margin: 0px;">
</span>We are excited to have Donna on board.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">Next, ERP Risk Advisors has launched partnerships with
several new GRC software providers including SafePaas, Smart ERP, Oracle,
Sentinel Software, and Fast Path.<span style="margin: 0px;"> </span>We now
offer full risk advisory services for E-Business Suite, ERP Cloud, and
PeopleSoft.<span style="margin: 0px;"> </span>We are THE niche firm in the
Oracle GRC space and can provide high quality risk advisory services at a much
lower price than the big 4 firms.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">Additionally, we also have continued to deepen our most
strategic relationship with CaoSys in the E-Business Suite space.<span style="margin: 0px;"> </span>With Oracle de-supporting their Advanced
Controls Suite, CaoSys has become the only fully integrated software for
E-Business Suite and just so happens to produce excellent software.<span style="margin: 0px;"> </span>We have collaborated with CaoSys to launch
two new solutions – CS*License and CS*Lookback – which we know will be
well-received by the market.<span style="margin: 0px;"> </span>See enclosed
datasheets for these offerings.<span style="margin: 0px;"> </span>These
solutions compliment an already superb suite of software that includes
CS*Comply, CS*Audit, CS*Provisum, and CS*Rapid.<span style="margin: 0px;">
</span>Find our more about CaoSys at <a href="http://www.caosys.com/" target="_blank"><span style="color: #0563c1;">www.CaoSys.com</span></a>
<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">Finally, in 2017 I wrote three thought-leadership white
papers called “The One Series” where I identified one configuration, one
function, and one profile option that could undermine your manual Journal Entry
controls.<span style="margin: 0px;"> </span>I have published a new article
with another configuration, AutoPost Criteria, that could potentially undermine
your manual Journal Entry controls.<span style="margin: 0px;"> </span>We
are going to give end user organizations a one year head start before releasing
this publicly.<span style="margin: 0px;"> </span>You can access it only in
the <a href="https://groups.yahoo.com/neo/groups/oracleappsinternalcontrols/info" target="_blank">Internal Controls Repository</a> (ICR) which is only open to end user
organizations (or you can email <a href="mailto:admin@erpra.net" target="_blank">admin@erpra.net</a>
and ask for it if you’d rather not sign up for the ICR).</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">If you haven’t read the other three articles, I’d invite you
to download them from our homepage at <a href="http://www.erpra.net/"><span style="color: #0563c1;">www.erpra.net</span></a>.
<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">We are exhibiting at Collaborate 18 in Las Vegas this April and
invite you to stop by our booth and say hello.<span style="margin: 0px;">
</span></span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">We are planning an update to my current book on E-Business
Suite and will be expanding it to be called <u>Oracle E-Business Suite
Controls: Foundational Principles</u>.<span style="margin: 0px;">
</span>We also hope to have a book on ERP Cloud published before Collaborate
called <u>Oracle ERP Cloud Controls: Foundational
Principles</u>.<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">If I can answer any questions or if ERP Risk Advisors can be
of help in any way, please reach out to me at <a href="https://www.blogger.com/null">jhare@erpra.net</a>
or on my cell at 970-324-1450.<span style="margin: 0px;"> </span>Please
also consider connecting with me via Twitter, LinkedIn, and my blog, links are
below.</span></div>
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-family: "calibri";">Regards,</span></div>
<b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><span style="font-size: 16pt; line-height: 107%; margin: 0px;">Jeffrey T. Hare</span></i></b><br />
<br />
<div style="margin: 0px 0px 10.66px;">
<span style="font-size: 10pt; line-height: 107%; margin: 0px;">Twitter: @jeffreythare</span></div>
<span style="font-size: 10pt; line-height: 107%; margin: 0px;">Blog: jeffreythare.blogspot.com</span><br />
<span style="font-family: "calibri" , sans-serif; font-size: 10pt; line-height: 107%; margin: 0px;">LinkedIn:
linkedin.com/in/jeffreythare</span><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-91840174425492385272018-01-16T16:29:00.000-08:002018-01-16T19:42:43.638-08:00ERP Risk Advisors: Don’t Give Up on Your Advanced Controls Investment<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
ERP Risk Advisors: Don’t Give Up on Your Advanced Controls Investment</h2>
<br />
<span style="font-family: "calibri";">Oracle has announced it will no longer sell their Advanced
Controls suite for Oracle E-Business Suite and has ended premier support.<span style="margin: 0px;"> </span>Many organizations have made a substantial
investment in the implementation and use of these solutions and are left wondering
what is next for their investment. </span><br />
<br />
<div style="margin: 0px;">
<span style="font-family: "calibri";">Join ERP Risk Advisors CEO, Jeffrey Hare, and our Advanced
Controls Practice Manager, Sam Monarch as they discuss how organizations can
extend their investment and still meet their compliance objectives.<span style="margin: 0px;"> </span>Watch the full webinar at: <a href="https://youtu.be/xvW_eqMoIvg"><span style="color: #0563c1;">https://youtu.be/xvW_eqMoIvg</span></a> </span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="font-family: "calibri";"><br /></span>
Contact us at admin@erpra.net with questions or for more information about these services.<br />
<br />
More detail about our services can be found in our prior blog on this topic:<br />
<a href="http://jeffreythare.blogspot.com/2017/06/erp-risk-advisors-announces-oracle.html" target="_blank">http://jeffreythare.blogspot.com/2017/06/erp-risk-advisors-announces-oracle.html </a> </div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-16557075285337561562018-01-09T08:45:00.000-08:002018-01-09T08:49:00.394-08:00ERP Risk Advisors and CaoSys Announce Two New Ground-Breaking Solutions for Oracle E-Business Suite<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
ERP Risk Advisors and CaoSys Announce Two New Ground-Breaking Solutions for Oracle E-Business Suite</h2>
<div style="text-align: left;">
ERP Risk Advisors and CaoSys have collaborated to build two new ground-breaking solutions for organizations running Oracle E-Business Suite: CS*License and CS*Lookback.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
ERP Risk Advisors and CaoSys have been strategic partners since 2008 and have designed, developed, and released two new solutions that are highly valuable for compliance purposes.</div>
<div style="text-align: left;">
<br /></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;"><span style="font-family: "calibri";">CS*License is a unique and innovative solution for understanding
your organization’s risks related to licensing for Oracle E-Business Suite. This solution maps 100% of Functions and Concurrent Programs to the Application they are associated with and provides suggested mapping for objects that aren't associated with an Application. CS*License can provide you visibility into where your organization stands with respect to your Oracle E-Business Suite license with Oracle.</span></span></div>
<div style="text-align: left;">
<br /></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="font-family: "calibri";">CS*License includes the
following:</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Predefined rules for all Functions and
Concurrent Programs, currently built up to 12.2.7</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Updates for new content as Oracle provides
upgrades – as part of annual support</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Ability to override default applications to
which a Function or Concurrent Program is mapped</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Ability to map Applications to your licensing
buckets</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Summary and Detailed reports to help you analyze
your exposure – including down to Menu and Navigation Paths to identify how the
object is accessed</span></div>
<div style="text-align: left;">
<span style="font-family: "calibri";"><br /></span></div>
<span style="font-family: "calibri";"></span><br />
<div style="text-align: left;">
<span style="font-family: "calibri";"><br /></span></div>
<span style="font-family: "calibri";">
</span>
<div align="left" style="margin: 0px; text-align: left;">
<span style="font-family: "calibri";"><span style="margin: 0px;">CS*Lookback is a unique and innovative solution that helps you
determine who has done what within your Oracle E-Business Suite applications;
this is an invaluable tool that greatly assists with lookback procedures and
other audit related tasks.</span></span></div>
<span style="font-family: "calibri";">
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="margin: 0px;">CS*Lookback includes the following…</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Analyze
data based on configurable groups of tables and users</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Analyze
an entire schema and even the entire database</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Perform
a lookback analysis across common time rolling periods, such as “This week”,
“This Month”, “This quarter”, “This year”, etc.</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Perform
a lookback analysis of any user defined time period</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">On-screen
interactive reporting allows you to drill into the data from many angles</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Powerful
out-of-the-box summary level analysis and detailed reporting</span></div>
<div style="text-align: left;">
<span style="margin: 0px;"><br /></span></div>
<div style="text-align: left;">
<span style="margin: 0px;">CS*License and CS*Lookback compliment other leading GRC solutions for Oracle E-Business Suite including:</span></div>
<div style="text-align: left;">
<b><u><br /></u></b></div>
<div style="text-align: left;">
<b><u>CS*Comply</u></b></div>
<span style="margin: 0px;"><div style="text-align: left;">
<span style="margin: 0px;">CS*Comply is the most effective way to deal
with access control risks such as Segregation of Duties and Single Function Risks.<span style="margin: 0px;"> </span>CS*Comply offers best-in-class reporting and
preventive controls.</span></div>
<div style="text-align: left;">
<br /></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;">CS*Comply includes the following…</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Over 1,000 pre-defined rules across the most commonly used modules
covering over 36,000 known function based combinations – the most comprehensive
set of rules available on the market.<span style="margin: 0px;"> </span></span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Our pre-defined content covers nearly 4,500 security objects,
including nearly 3,000 functions and 1,400 high risk concurrent programs and
can easily be extended to address custom objects developed by US Steel</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Comprehensive reporting and analysis of SoD/Single function risks</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Powerful, easy to use analysis / reporting tools</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Dozens of other reports / best practice monitoring tools to help
with access controls</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Multiple preventive controls to help you take a pro-active
approach to risk</span></div>
<div style="text-align: left;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt; margin: 0px;"><span style="-webkit-text-stroke-width: 0px; background-color: transparent; color: black; display: inline !important; float: none; font-family: "symbol"; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">· </span>Remediation Toolkit, Collusion Detection, Menu
Cloning, Request Group Cloning, and much more)</span></div>
</span><div style="text-align: left;">
<span style="margin: 0px;"><b><u><i><br /></i></u></b></span></div>
<span style="margin: 0px;"><div style="text-align: left;">
<b><u>CS*Audit</u></b></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;">CS*Audit is the most effective way to satisfy
audit requirements as it relates to capturing and monitoring change to data
within Oracle E-Business Suite.<span style="margin: 0px;"> </span>CS*Audit
also features an easy to configure near-real-time notification of changes being
made.</span></div>
<div style="text-align: left;">
<br /></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;">CS*Audit includes the following…</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Extensive library of pre-defined policies with mapping of related
meta-data</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Rule driven, fine-grained auditing and monitoring of changes to
data</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Near-real-time notification engine</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Documentary approvals </span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Powerful reporting options</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Capture change management information to provide to your auditors</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Data security in our reporting repository where sensitive data is
audited</span></div>
<div style="text-align: left;">
<b><u><br /></u></b></div>
</span><div style="text-align: left;">
<span style="margin: 0px;"><b><u>CS*Provisum</u></b></span></div>
<span style="margin: 0px;"><div style="text-align: left;">
<span style="margin: 0px;">CS*Provisum consists of two main components,
Periodic Access Review (PAR) and Automated Assignment Provisioning
(Provisioning (AAP). <span style="margin: 0px;"> </span></span></div>
<div style="text-align: left;">
<br /></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;">CS*Provisum (AAP) provides an efficient and
effective means of automating the request and assignment of access within
Oracle.<span style="margin: 0px;"> </span>CS*Provisum (AAP) includes the
following…</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Initiation of responsibility request by the user, manager, or
process owner</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Visibility to potential SoD / single function risks as part of the
approval process</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Supervisor and/or process owner approval of access requests; no
approval required can also be configured</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Ability to create the user account when requests are approved</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Superior visibility to pending and approved access requests</span></div>
<div style="text-align: left;">
<br /></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;">CS*Provisum (PAR) provides an efficient and
effective means of validating user access on a regular basis. </span><span style="margin: 0px;">CS*Provisum (PAR) includes the following…</span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span>Multiple review types (Process/Module owner,
supervisor and transfer reviews)</div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span>“Selective” reviews for specific types of access
(i.e. SoX Review, Financials Review, etc.)</div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span>Integrated with CS*Comply to provide visibility
of SoD risk during the review process</div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span>Assignment de-provisioning is automated (no need
to involve Security/System Administrator)</div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span>Review delegation, automated
reminders/escalation and much more</div>
<div style="text-align: left;">
<b><u><br /></u></b></div>
<div style="text-align: left;">
<b><u>CS*Rapid</u></b></div>
<div align="left" style="margin: 0px; text-align: left;">
<span style="margin: 0px;">CS*Rapid is a unique and innovative solution for delivering
real-time operational reports and application extensions for Oracle E-Business
Suite. </span>CS*Rapid includes the
following:</div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Allows
you to bring in-scope SOX reports into Oracle EBS so you can remove your data
warehouse from your in-scope applications </span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="margin: 0px;">Is
fully integrated with Oracle E-Business Suite </span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; font-size: 11pt; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt; margin: 0px;">A familiar
look and feel </span></div>
<div style="text-align: left;">
<span style="font-family: "symbol"; font-size: 11pt; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt; margin: 0px;">No up-front
licensing costs, no additional hardware or software required</span></div>
</span><div style="text-align: left;">
<span style="margin: 0px;"><span style="font-family: "symbol"; font-size: 11pt; margin: 0px;"><span style="margin: 0px;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri" , sans-serif; font-size: 11pt; margin: 0px;">Your
operational reporting requirements can go from concept to the users’ menu in
minutes.</span></span><span style="margin: 0px;"><b><i></i></b></span></div>
<div style="text-align: left;">
<span style="margin: 0px;"><br /></span></div>
<div style="text-align: left;">
<span style="margin: 0px;">Contact ERP Risk Advisors (http://erpra.net/contactus.html) or CaoSys (http://caosys.com/mcw.php) for more information about these new software and service offerings. </span></div>
<div style="text-align: left;">
</div>
</span><br />
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="font-family: "calibri";"><b><br /></b></span></div>
<div style="text-align: left;">
<br /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-91624980962756814662017-07-05T12:43:00.000-07:002017-07-05T12:43:22.160-07:00Upcoming ERP Risk Advisors webinars_July 2017<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2 style="margin: 0px 0px 11px; text-align: left;">
Upcoming ERP Risk Advisors webinars_July 2017</h2>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">You are invited to attend three upcoming webinars taking place
over the next couple of weeks as follows:</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Don’t give up on your
Oracle Advanced Controls investment – Tuesday, July 11</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">How to automate controls using CaoSys’ newest features – Wednesday,
July 12</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Identifying and Monitoring Multi-Platform and Cross-Platform
Access Control Risks with SafePaas – Wednesday, July 26</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">“Don’t give up on your Oracle Advanced Controls investment”
will be held at two times Tuesday, July 11 – 9 a.m. EST and 4 p.m. EST.<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Have you’ve spent into the six figures on your Oracle
Advanced Controls implementation and are wondering how to leverage your
investment into something of value.<span style="margin: 0px;"> </span>In
this webinar we will share how the expertise, content, and risk-based methodology
of ERP Risk Advisors can easily extend the usefulness of your investment and
add value to your controls environment.<span style="margin: 0px;">
</span>We will first look at current trends in the audit community and discuss
how to leverage your Oracle Advanced Controls investment to address these
trends.<span style="margin: 0px;"> </span>Register at: <a href="https://attendee.gotowebinar.com/register/5792990699975558914"><span style="color: #0563c1;">https://attendee.gotowebinar.com/register/5792990699975558914</span></a>
</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">“How to automate controls using CaoSys’ newest features” will
be held at two times Wednesday, July 12 – 9 a.m. EST and 4 p.m. EST.<span style="margin: 0px;"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">With Oracle no longer offering premier support on their
Advanced Controls suite customers are wondering about their long-term options
with their E-Business Suite on-premise solution.<span style="margin: 0px;"> </span>In this webinar we will provide an overview
of the CaoSys GRC suite and showcase some of its newer features that can be
helpful to automate controls.<span style="margin: 0px;"> </span>Register
at: <a href="https://attendee.gotowebinar.com/register/4664617991482616322"><span style="color: #0563c1;">https://attendee.gotowebinar.com/register/4664617991482616322</span></a>
</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<br />
<div style="margin: 0px 0px 11px;">
"<a href="https://www.blogger.com/null" name="_Hlk487018305"><span style="font-family: Calibri;">Identifying and Monitoring
Multi-Platform and Cross-Platform Access Control Risks” will be held at two
times on Wednesday, July 26 – 7 am. EST and Noon EST.<span style="margin: 0px;"> </span></span></a></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;"><span style="margin: 0px;">Most organizations
have multiple software applications to help run their business.<span style="margin: 0px;"> </span>Often there are several ERP and legacy
applications that are considered in-scope from a compliance perspective.<span style="margin: 0px;"> </span>Hear from industry expert, Jeffrey T. Hare,
CPA CISA CIA about common cross-platform and multi-platform control risks and
how organizations can mature their control environment through necessary manual
controls, automated controls, and access controls.<span style="margin: 0px;"> </span>Webinar held in conjunction with
SafePaas.<span style="margin: 0px;"> </span>Register at: </span><a href="https://register.gotowebinar.com/rt/5153873178082543873"><span style="margin: 0px;"><span style="color: #0563c1;">https://register.gotowebinar.com/rt/5153873178082543873</span></span><span style="margin: 0px;"></span></a><span style="margin: 0px;">
</span></span></div>
<span style="margin: 0px;"></span>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><span style="font-family: Calibri;"></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-89695543438057134312017-06-15T18:50:00.000-07:002017-06-15T18:50:45.150-07:00ERP Risk Advisors Announces Oracle Advanced Controls Premier Support<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
ERP Risk Advisors Announces Oracle Advanced Controls Premier Support</h2>
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">As most customers are aware Oracle
announced an end to the continued development of its Advanced Controls Suite
and the end of Premier Support as of September 2016 (See MOS Note: 2143036.1). Oracle has been developing
a replacement known as the Risk Management Cloud which is still in its early
versions. </span><br />
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">This change in strategy has left its
customers in a difficult position since the applications in Oracle’s GRC
Advanced Controls Suite are considered critical to meet their compliance
requirements. </span><br />
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;"> </span><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Many of these same customers have
also had less than perfect implementations and incomplete SoD conflict and
Sensitive Access rules. This has led to a lack of reliance on the tools
by their external auditors and an inadequate coverage of risk. </span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">ERP Risk Advisors has historically
been focused on the implementation of a competitive product in this space from
CaoSys and has built the premier content library and accompanying risk advisory
services. </span></div>
<br />
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">The transition within the Oracle GRC
space has allowed ERP Risk Advisors to hire some high quality resources and so
we are pleased to announce a premier support program for customers currently
using Oracle's Advanced Controls Suite. </span><br />
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">
<br style="mso-special-character: line-break;" />
</span><br />
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">For those customers that want to
continue using Oracle's Advanced Controls Suite, we will offer remote GRC Admin
services to allow you to enhance or maintain your reliance on your solution.
To start the engagement, we will perform an assessment and provide you a
roadmap. In most organizations we will be able to perform the assessment
in a week. Our core support offering will primarily focus on AACG and CCG, but
could also include PCG and TCG. If you haven't licensed PCG or haven't
implemented it, we believe we can implement preventive controls (albeit manual)
during your provisioning process to help keep your environment clean. We
will also help you leverage the data from AACG to perform your quarterly
re-certification process at the Supervisor and Process Owner levels.</span><br />
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">The engagement would start with an
initial assessment and will include:</span></div>
<br />
<ol start="1" type="1">
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Infrastructure health check to include the patch level related
to each of your Oracle Advanced Controls licensed products.</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Evaluation of the completeness of the SoD and Sensitive
Access rules</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Review of your configuration of each of the modules -
primarily AACG and CCG</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Discussions with management as to how much reliance has
been placed on the software and related business processes in your
external audits</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Review of key SQL scripts to evaluate your role design
from a 10,000 foot level</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Review of the results of key rules, if implemented
already, that all auditors are currently evaluating</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Review of a limited set of critical configurations such
as Journal Sources and Profile Option Values</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">An evaluation of your patch level related to each of
your licensed Advanced Controls solutions that are being used</span></li>
</ol>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">The deliverables for the engagement
would include:</span></div>
<br />
<ol start="1" type="1">
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">In some cases, we'll be able to finalize the
identification of what should be considered in scope rules. Usually
within a limited engagement we can get to 90+% accuracy, but often it
requires a meeting with the external auditors to validate to get to the
100% level. This is the key deliverable that most GRC consulting
firms haven't been able to deliver, but ERP Risk Advisors can deliver with
excellence.</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">High level feedback on role design - where we see risk
in the usage of seeded Menus, seeded Request Groups, seeded
Responsibilities, and seeded Users</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">An evaluation of the current SoD conflicts and
Sensitive Access rules as to their completeness and accuracy. We
will identify the significant gaps when compared to what we anticipate
would be the expectations of your audit firm.</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">A roadmap for maturing your user provisioning process
and the re-certification process</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">A roadmap for updating your rules library to be
complete and accurate as well as mapped to your auditors requirements</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">This engagement may also include some specific feedback
on Sensitive Access rules and SoD conflicts depending on the quality and
completeness of your current rule set.</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Recommendations on patching your Advanced Controls
modules, as needed, and where justified</span></li>
</ol>
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Once we perform our initial
assessment, we would be in a position to offer premium support for your Oracle
GRC Advanced Controls suite. Our support would be tailored to your
organization's requirements, but would include the following as our core
offering:</span><br />
<ol start="1" type="1">
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">All service requests (SRs) surrounding the Oracle GRC
Advanced Controls Suite.</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Updating your rules library to include more risks - up
and to including our full risk library. Adding additional risks from
our library as we identify them. </span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">A comprehensive remediation plan with prioritization
based on risk and scoping based on level of effort</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Identifying SoD conflicts and Sensitive Access Risks
introduced since the prior quarter for management's review and disposition</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Developing reports with the detail for a comprehensive
quarterly access review process for Supervisors (at the role level) and
Process Owners (at the rule level for the key in-scope rules)</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Implementation of changes to current roles and
development of new roles required (still using Responsibilities, not User
Management) as time permits</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Revisiting and updating the roadmap to present to
senior management</span></li>
</ol>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">In addition to the above, we could
also provide the following services as a supplement to our core offerings:</span></div>
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">
<br />
<div style="line-height: normal; margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="font-family: "Times New Roman",serif; font-size: 12pt; margin: 0px;"><span style="margin: 0px;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "Times New Roman",serif; font-size: 12pt; margin: 0px;">Auditing changes to the objects
related to roles (Roles, Responsibilities, Menu, Request Groups) to evaluate
completeness and accuracy of the change management process</span></div>
<br />
<div style="line-height: normal; margin: 0px 0px 11px 48px; text-indent: -0.25in;">
<span style="font-family: "Times New Roman",serif; font-size: 12pt; margin: 0px;"><span style="margin: 0px;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "Times New Roman",serif; font-size: 12pt; margin: 0px;">Identifying whether any of the in
scope reports have been changed in the last quarter (period) so that the
process owners know they need to re-test the completeness and accuracy of the
reports (as is now being required by the public accounting firms and the PCAOB)</span></div>
<ol start="3" type="1">
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "Times New Roman",serif; font-size: 12pt; margin: 0px;">Auditing changes to other configurations that should be
subject to the change management process (scope tbd)</span></li>
<li style="color: black; font-family: "Times New Roman",serif; font-size: 12pt; font-style: normal; font-weight: normal; line-height: normal; margin: 0px 0px 11px;"><span style="font-family: "Times New Roman",serif; font-size: 12pt; margin: 0px;">Auditing the completeness and accuracy of the approvals
related to the User Provisioning process</span></li>
</ol>
</span></div>
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">If you are interested in discussing
these services with us, please use our <a href="http://erpra.net/contactus.html"><span style="color: #0563c1;">Contact
page</span></a> and we'll get back to you as soon as possible.</span><br />
<br />
<div style="line-height: normal; margin: 0px;">
</div>
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Regards,</span></div>
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;"><b><i>Jeffrey T. Hare, CPA CISA CISA</i></b></span><br />
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">CEO</span><br />
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;"><b><i>Sam Monarch</i></b></span></div>
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "times new roman" , serif; font-size: 12pt; margin: 0px;">Oracle GRC Practice Lead</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<br /></div>
<br />
<div style="line-height: normal; margin: 0px;">
<br /></div>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-4311640442921669554.post-8498615296493585072017-06-11T19:17:00.000-07:002017-06-12T12:48:36.038-07:00Dear Oracle... Here are some SQL Forms you missed in MOS Note 403537.1 / 1334930.1<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Dear Oracle... Here are some SQL Forms you missed / MOS Note 403537.1 / 1334930.1</h2>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
If you are a CISO / CIO / Signing officer for an organization using an ERP system, you count on your software provider to keep complete and accurate guidance related to significant security risks. We have been helping clients identify risks and implement the necessary internal controls to address those risks. As part of our engagements, we have worked with other consultants who have help identify new risks and we have identified new risks as well. As such, we believe we have identified four forms that allow SQL injection that haven't been documented by Oracle in its Secure Configuration Guide (MOS Note 4035371. with supplemented material in Note 1334930.1). </div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
We respectfully submit this information to Oracle to evaluate and request that Oracle add to their Secure Configuration Guide accordingly. Please provide us with the appropriate updated reference to our blog as part of Appendix H to your document if you deem this information valuable.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Regards,</div>
<div style="text-align: left;">
Jeffrey T. Hare, CPA, CISA CIA</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
To our customers and prospective customers, </div>
<div style="text-align: left;">
We are the premier firm in the world in the risk advisory space related to the Oracle E-Business Suite. I can confidently say that no other firm - large or small - can match the quality of the risk advisory services we provide and at a fraction of the price of what you'd pay at the big four firms. Please keep us in mind as you identify needs for services or software in the Oracle GRC space. We are a VAR, implementation partner, and content provider for CaoSys software. We have resources that can also help implement or improve your implementation of Oracle's ACG and CCG modules. <br />
<br />
Contact us here if you would like to hear more about our services: http://erpra.net/contactus.html. </div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Detail related to the four Forms that we believe allow for SQL injection. Included with each screen shot is the Row Who information for these records. These may be indicative of how long these functions have been in the system. However, we recognize that these dates may not be reliable.</div>
<div style="text-align: left;">
<br /></div>
<h4 style="text-align: left;">
Function 1: </h4>
<h4 style="margin: 0px 0px 11px; text-align: left;">
User Function Name – AutoAccounting Rules</h4>
<h4 style="text-align: left;">
Function Name - PASAADRU</h4>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-c657cFoIirQ/WTlDcPoQeyI/AAAAAAAABTI/n1dbqkmI4VYtfANhUELCMQ-oNkb5hTh2ACLcB/s1600/Function%2B1_1_v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="511" data-original-width="909" height="179" src="https://1.bp.blogspot.com/-c657cFoIirQ/WTlDcPoQeyI/AAAAAAAABTI/n1dbqkmI4VYtfANhUELCMQ-oNkb5hTh2ACLcB/s320/Function%2B1_1_v2.png" width="320" /></a></div>
<div style="text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-3utif9t3yEA/WTi55FcwhOI/AAAAAAAABSM/Oiy_SXq73r84KRpyuXIGlOH6YrAdI-UqQCLcB/s1600/Function%2B1_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="216" data-original-width="305" src="https://1.bp.blogspot.com/-3utif9t3yEA/WTi55FcwhOI/AAAAAAAABSM/Oiy_SXq73r84KRpyuXIGlOH6YrAdI-UqQCLcB/s1600/Function%2B1_2.png" /></a></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"></span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"></span></div>
<div style="text-align: left;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><br clear="all" style="mso-special-character: line-break; page-break-before: always;" />
</span>
</div>
<div style="margin: 0px 0px 11px;">
<br /></div>
<div style="text-align: left;">
</div>
<h4 style="margin: 0px 0px 11px; text-align: left;">
Function 2:</h4>
<h4 style="margin: 0px 0px 11px; text-align: left;">
User Function Name: Define Query Objects</h4>
<h4 style="text-align: left;">
Function Name: AKDQUERY</h4>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-fSoq8pc3md0/WTlDcHU2qTI/AAAAAAAABTE/FKRkqE_bXUc2QUZJcGLBnlLsnjDiLla_ACEw/s1600/Functioin%2B2_1_v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="432" data-original-width="767" height="180" src="https://3.bp.blogspot.com/-fSoq8pc3md0/WTlDcHU2qTI/AAAAAAAABTE/FKRkqE_bXUc2QUZJcGLBnlLsnjDiLla_ACEw/s320/Functioin%2B2_1_v2.png" width="320" /></a></div>
<div style="text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-5rqMxpgUUlk/WTi55fnn_2I/AAAAAAAABSY/-nmvt8z5mBgGkok66ev5Mde9Ojw9E3wBQCEw/s1600/Function%2B2_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="219" data-original-width="299" src="https://2.bp.blogspot.com/-5rqMxpgUUlk/WTi55fnn_2I/AAAAAAAABSY/-nmvt8z5mBgGkok66ev5Mde9Ojw9E3wBQCEw/s1600/Function%2B2_2.png" /></a></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"></span></div>
<div style="text-align: left;">
</div>
<h4 style="margin: 0px 0px 11px; text-align: left;">
<span style="margin: 0px;"></span><span style="margin: 0px;"> </span><br clear="all" style="mso-special-character: line-break; page-break-before: always;" />
</h4>
<h4 style="text-align: left;">
Function 3:</h4>
<h4 style="margin: 0px 0px 11px; text-align: left;">
User Function Name: Delete Constraints / Delete Constraints:
Update</h4>
<h4 style="text-align: left;">
Function Name: BOM_BOMFDCON / BOM_BOMFDCON_UPDATE</h4>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-z6H8GFxOhKY/WTi55TV6kqI/AAAAAAAABSg/c1Sr8t8ReXQyKBWG7oA_gnKdhXGm5xLOQCEw/s1600/Function%2B3_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="506" data-original-width="699" height="231" src="https://3.bp.blogspot.com/-z6H8GFxOhKY/WTi55TV6kqI/AAAAAAAABSg/c1Sr8t8ReXQyKBWG7oA_gnKdhXGm5xLOQCEw/s320/Function%2B3_1.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-YGB7DXjRwDg/WTi55d3Q6dI/AAAAAAAABSc/MtaL1KtAA3A0K71bLGGDunbSnMbLve8egCEw/s1600/Function%2B3_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="217" data-original-width="309" src="https://4.bp.blogspot.com/-YGB7DXjRwDg/WTi55d3Q6dI/AAAAAAAABSc/MtaL1KtAA3A0K71bLGGDunbSnMbLve8egCEw/s1600/Function%2B3_2.png" /></a></div>
<h4 style="text-align: left;">
</h4>
<h4 style="margin: 0px 0px 11px; text-align: left;">
<span style="margin: 0px;"><br /></span></h4>
<h4 style="text-align: left;">
</h4>
<h4 style="margin: 0px 0px 11px; text-align: left;">
<span style="margin: 0px;"></span><span style="margin: 0px;"> Function 4: </span><br clear="all" style="mso-special-character: line-break; page-break-before: always;" />
</h4>
<h4 style="text-align: left;">
User Function Name: Define Custom SQL Fields</h4>
<h4 style="text-align: left;">
Function Name: WMS_WMSCSLBL</h4>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-xVm0ijHv4MM/WTi55uJiiWI/AAAAAAAABSk/0LFrHNh-bTsgzZZrWUbP7yVLxkEB-OBAwCEw/s1600/Function%2B4_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="487" data-original-width="726" height="214" src="https://3.bp.blogspot.com/-xVm0ijHv4MM/WTi55uJiiWI/AAAAAAAABSk/0LFrHNh-bTsgzZZrWUbP7yVLxkEB-OBAwCEw/s320/Function%2B4_1.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-Ut9Avb2hSaY/WTi55ge8NhI/AAAAAAAABSo/MPNKvonbcu062bK6_PMiQdFc9E5048WGQCEw/s1600/Function%2B4_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="219" data-original-width="298" src="https://4.bp.blogspot.com/-Ut9Avb2hSaY/WTi55ge8NhI/AAAAAAAABSo/MPNKvonbcu062bK6_PMiQdFc9E5048WGQCEw/s1600/Function%2B4_2.png" /></a></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"></span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><img height="219" src="file:///C:/Users/jeffr/AppData/Local/Packages/oice_16_974fa576_32c1d314_27cb/AC/Temp/msohtmlclip1/01/clip_image012.png" v:shapes="Picture_x0020_8" width="298" /></span></div>
<div style="text-align: left;">
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
</div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-4311640442921669554.post-2779872995897627972017-05-31T14:40:00.000-07:002017-05-31T14:40:34.894-07:00ERP Risk Advisors now support's Oracle Advanced Controls Suite<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2 style="text-align: left;">
ERP Risk Advisors now support's Oracle Advanced Controls Suite</h2>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">ERP Risk Advisors has hired a new highly-qualified resource
that knows Oracle’s Advanced Controls suite very, very well.</span><span style="margin: 0px;"><span style="font-family: Calibri;"> </span></span><span style="font-family: Calibri;">We can now bring to our clients the most
comprehensive risk-based rules matrix in the market for use with the AACG
module.</span><span style="margin: 0px;"><span style="font-family: Calibri;"> </span></span><span style="font-family: Calibri;">Our rule set includes nearly 1,900
Functions and nearly 1,500 Concurrent Programs identified with specific risks
documented for each one.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Sam Monarch has been hired to head up our Oracle GRC software
practice.</span><span style="margin: 0px;"><span style="font-family: Calibri;"> </span></span><span style="font-family: Calibri;">Sam has over 12 years’
experience with Oracle’s GRC software and over 20 full cycle implementations.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">We can help you prepare for your external audits by helping
to scope the Sensitive Access and Segregation of Duties rules that relevant to
your organization.</span><span style="margin: 0px;"><span style="font-family: Calibri;"> </span></span><span style="font-family: Calibri;">We can also implement
GRC software to help you monitor these risks from top software providers like
CaoSys and now can offer you similar services if you’ve made the investment in
Oracle’s Advanced Controls suite.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Please keep us in mind for your Oracle GRC software needs, now
including services for Oracle’s Advanced Controls suite.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Contact us at http://erpra.net/contactus.html if you are interested in hearing more about our services offerings.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Regards,</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">Jeffrey T. Hare, CPA CISA CIA</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: Calibri;">CEO, ERP Risk Advisors</span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-21992272378549213782017-03-10T06:40:00.000-08:002017-03-10T06:44:28.923-08:00Effective Governance over Profile Option Values in Oracle E-Business Suite<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h1 align="center" style="line-height: normal; margin: 0px; text-align: center;">
<a href="https://3.bp.blogspot.com/-z9U1-bx7LAA/WHASqCVHhtI/AAAAAAAABMI/FkvjXKeS_eAk5LNsUlynxueTO9EPCIbGQCPcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://3.bp.blogspot.com/-z9U1-bx7LAA/WHASqCVHhtI/AAAAAAAABMI/FkvjXKeS_eAk5LNsUlynxueTO9EPCIbGQCPcB/s1600/logo3146278_sm_jpeg.jpg" /></a><v:shapetype coordsize="21600,21600" filled="f" id="_x0000_t75" o:preferrelative="t" o:spt="75" path="m@4@5l@4@11@9@11@9@5xe" stroked="f">
<v:stroke joinstyle="miter">
<v:f eqn="if lineDrawn pixelLineWidth 0">
<v:f eqn="sum @0 1 0">
<v:f eqn="sum 0 0 @1">
<v:f eqn="prod @2 1 2">
<v:f eqn="prod @3 21600 pixelWidth">
<v:f eqn="prod @3 21600 pixelHeight">
<v:f eqn="sum @0 0 1">
<v:f eqn="prod @6 1 2">
<v:f eqn="prod @7 21600 pixelWidth">
<v:f eqn="sum @8 21600 0">
<v:f eqn="prod @7 21600 pixelHeight">
<v:f eqn="sum @10 21600 0">
</v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f>
<v:path gradientshapeok="t" o:connecttype="rect" o:extrusionok="f">
</v:path></v:stroke></v:shapetype><span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">Effective Governance over Profile Option Values</span></span></h1>
<div>
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><br /></span></span></div>
<div>
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span></span><br />
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: "calibri"; font-size: small;">“If only I knew back then what I know now…”</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">A famous phrase with applicability to many of
life’s situations…</span></span></span></div>
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span></span>
<br />
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: "calibri"; font-size: small;">If you’ve implemented an ERP system and stuck around for a
while, eventually you’ll say those words.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;">
</span></span><span style="color: black; font-family: "calibri"; font-size: small;">The implementation of a new ERP system for the first time is like
drinking from a fire hose.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span></span></span></div>
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span></span>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: "calibri"; font-size: small;">If you’ve been live for a couple of years and were part of the
implementation team, I challenge you to do just that.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">Go back and visit your implementations
configurations with the knowledge you now have.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;">
</span></span><span style="color: black; font-family: "calibri"; font-size: small;">No doubt some of the decisions you made during the implementation you’d
make differently now.</span></span></span></div>
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">Specifically, look at how you set your profile options and
what profile option values you have set since you went live.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">I am guessing that your governance process
related to profile option values has been less than perfect.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">Start with these questions to understand if you have in
place proper governance relating to the approval and maintenance of profile
option values:</span></div>
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;">1.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"><span style="color: black;">
</span></span></span></span><span style="color: black; font-family: "calibri"; font-size: small;">Which profile options should be set in
Production?</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">Or… which profile options
should NOT be set in Production? (yes this implies that some should not be set).</span></div>
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;">2.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"><span style="color: black;">
</span></span></span></span><span style="color: black; font-family: "calibri"; font-size: small;">Who is authorized to approve the setting of new
profile options or changes to existing settings?</span></div>
<div style="margin: 0px 0px 11px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;">3.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;"><span style="color: black;">
</span></span></span></span><span style="color: black; font-family: "calibri"; font-size: small;">At what level(s) should each profile option be
set (Site, Application, Responsibility, User)</span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">Each profile option has unique characteristics and
abilities. </span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">Following is a screen shot of
the System Profile Values form where profile option values can be configured:</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-QcrnQ5-ZA9E/WMIVk4VjLaI/AAAAAAAABN8/a8JiKPV-dA8sKZOBg0wMdn_uela9u_zFgCLcB/s1600/POs_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://4.bp.blogspot.com/-QcrnQ5-ZA9E/WMIVk4VjLaI/AAAAAAAABN8/a8JiKPV-dA8sKZOBg0wMdn_uela9u_zFgCLcB/s320/POs_1.png" width="320" /></a></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><v:shapetype coordsize="21600,21600" filled="f" id="_x0000_t75" o:preferrelative="t" o:spt="75" path="m@4@5l@4@11@9@11@9@5xe" stroked="f">
<v:stroke joinstyle="miter">
<v:f eqn="if lineDrawn pixelLineWidth 0">
<v:f eqn="sum @0 1 0">
<v:f eqn="sum 0 0 @1">
<v:f eqn="prod @2 1 2">
<v:f eqn="prod @3 21600 pixelWidth">
<v:f eqn="prod @3 21600 pixelHeight">
<v:f eqn="sum @0 0 1">
<v:f eqn="prod @6 1 2">
<v:f eqn="prod @7 21600 pixelWidth">
<v:f eqn="sum @8 21600 0">
<v:f eqn="prod @7 21600 pixelHeight">
<v:f eqn="sum @10 21600 0">
</v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f>
<v:path gradientshapeok="t" o:connecttype="rect" o:extrusionok="f">
<o:lock aspectratio="t" v:ext="edit">
</o:lock></v:path></v:stroke></v:shapetype><v:shape id="_x0000_i1028" style="height: 197pt; mso-wrap-style: square; visibility: visible; width: 540pt;" type="#_x0000_t75">
<v:imagedata cropbottom="26965f" cropright="2176f" croptop="6826f" o:title="" src="file:///C:/Users/jeffr/AppData/Local/Temp/msohtmlclip1/01/clip_image001.png">
</v:imagedata></v:shape></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">The above example shows a profile option that can only be
set at the Site and User levels.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">The next example “Printer” can be set at any level.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-sRHw0_vvZVE/WMIVraAw0VI/AAAAAAAABOA/n7rcPjGx5LYEwxQfursc3fuLw8UK230LgCLcB/s1600/POs_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://1.bp.blogspot.com/-sRHw0_vvZVE/WMIVraAw0VI/AAAAAAAABOA/n7rcPjGx5LYEwxQfursc3fuLw8UK230LgCLcB/s320/POs_2.png" width="320" /></a></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><v:shape id="Picture_x0020_2" o:spid="_x0000_i1027" style="height: 197pt; mso-wrap-style: square; visibility: visible; width: 540pt;" type="#_x0000_t75">
<v:imagedata cropbottom="26794f" cropright="1920f" croptop="6827f" o:title="" src="file:///C:/Users/jeffr/AppData/Local/Temp/msohtmlclip1/01/clip_image002.png">
</v:imagedata></v:shape></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">The configuration of each Profile Option is set in the
Profiles form.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">The box “Hierarchy Type
Access Level” defines at which level a Profile Option is Visible and
Updatable.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> <span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;">The
User Access box identifies whether it can be updated via the User Profile
Values form.</span></span></span></div>
<div style="margin: 0px 0px 11px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-yq9Yc2GbP2Y/WMIVtS04eDI/AAAAAAAABOY/546Ft1PMJKkJVjWe1ivWlC_8jwKhqNT-ACPcB/s1600/POs_3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="229" src="https://3.bp.blogspot.com/-yq9Yc2GbP2Y/WMIVtS04eDI/AAAAAAAABOY/546Ft1PMJKkJVjWe1ivWlC_8jwKhqNT-ACPcB/s320/POs_3.png" width="320" /></a></div>
<span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"><span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><br /></span></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"><span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><br /></span></span></span></div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"><span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><br /></span></span></span></div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><v:shape id="Picture_x0020_1" o:spid="_x0000_i1026" style="height: 387.35pt; mso-wrap-style: square; visibility: visible; width: 540pt;" type="#_x0000_t75">
<v:imagedata o:title="" src="file:///C:/Users/jeffr/AppData/Local/Temp/msohtmlclip1/01/clip_image003.png">
</v:imagedata></v:shape></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">Following is a screen shot of the User Profile Values form (aka Personal Profile Values):</span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-SLz7SWVYz0s/WMK53tg5ZOI/AAAAAAAABOo/KO28zIInxpUSh_zNKmHKBXGpFyn4IzaoACLcB/s1600/POs_4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://3.bp.blogspot.com/-SLz7SWVYz0s/WMK53tg5ZOI/AAAAAAAABOo/KO28zIInxpUSh_zNKmHKBXGpFyn4IzaoACLcB/s320/POs_4.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><v:shape id="Picture_x0020_3" o:borderbottomcolor="yellow pure" o:borderleftcolor="yellow pure" o:borderrightcolor="yellow pure" o:bordertopcolor="yellow pure" o:spid="_x0000_i1025" style="height: 354pt; mso-wrap-style: square; visibility: visible; width: 540pt;" type="#_x0000_t75">
<v:imagedata cropright="14247f" croptop="10298f" o:title="" src="file:///C:/Users/jeffr/AppData/Local/Temp/msohtmlclip1/01/clip_image004.png">
<w:bordertop type="single" width="6">
<w:borderleft type="single" width="6">
<w:borderbottom type="single" width="6">
<w:borderright type="single" width="6">
</w:borderright></w:borderbottom></w:borderleft></w:bordertop></v:imagedata></v:shape></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">Risks and Controls related to the Personal Profile Values
form will be covered in another blog.'</span><br />
<span style="color: black; font-family: calibri; font-size: small;"><br /></span>
<span style="color: black; font-family: calibri; font-size: small;">You can download a template to use as a starting point for your risk assessment here: <a href="http://erpra.net/BookResources.html">http://erpra.net/BookResources.html</a>. Your organization could </span><span style="color: black; font-family: calibri; font-size: small;">used the outcome of the risk assessment as a basis for a desktop procedures for those that have the authority to make profile option value changes in Production. </span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">If you want to know more about Profile Options and why you should
care, I’d suggest watching the video for the full webinar we did on this topic
at: </span><a href="https://www.youtube.com/watch?v=NGa_rGAetLc"><span style="color: #0563c1; font-family: "calibri"; font-size: small;">https://www.youtube.com/watch?v=NGa_rGAetLc</span></a><span style="color: black; font-family: "calibri"; font-size: small;">.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><br />
<span style="color: black; font-family: "calibri"; font-size: small;"><br /></span>
<span style="color: black; font-family: "calibri"; font-size: small;">One other topic of interest may be how to address the profile option "Utilities: Diagnostics" from a SOX audit perspective. I covered that in an earlier blog that you can review at: <a href="http://jeffreythare.blogspot.com/2017/01/why-utilities-diagnostics-should-not-be.html">http://jeffreythare.blogspot.com/2017/01/why-utilities-diagnostics-should-not-be.html</a>. </span></div>
<div style="margin: 0px 0px 11px;">
<br /></div>
<h2 style="margin: 3px 0px 0px;">
<span style="font-size: medium;">Recommended Services from ERP Risk Advisors related to this topic</span></h2>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">We are a free health check that includes reviewing how</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">your organization has set many of the high
risk profile options. </span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">See more about
this free service at: </span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><a href="http://erpra.net/Services.html"><span style="color: #0563c1; font-family: "calibri"; font-size: small;">http://erpra.net/Services.html</span></a><span style="color: black; font-family: "calibri"; font-size: small;"> .</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span></div>
<div style="margin: 0px 0px 11px;">
<span style="color: black; font-family: "calibri"; font-size: small;">If you are an auditor, keep in mind that we also do
outsourced IT audit work.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span><span style="color: black; font-family: "calibri"; font-size: small;">We are thorough, risk-based,
and will work with you to develop a scope that fits your budget.</span></div>
<div style="margin: 0px 0px 11px;">
<br /></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><span style="font-size: small;"></span><span style="font-family: "times new roman";"></span><span style="color: black;"></span><br clear="all" style="mso-special-character: line-break; page-break-before: always;" />
</span>
<div style="margin: 0px 0px 11px;">
<br /></div>
</span></span></div>
<h1 align="center" style="line-height: normal; margin: 0px; text-align: center;">
</h1>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-60756410447727966052017-02-07T10:24:00.001-08:002017-03-09T18:46:18.254-08:00Security Standards for Oracle E-Business Suite: DMZ Configuration Guide<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;"><a href="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" /></a></span><span style="color: #2e74b5; font-family: "calibri light";">Security Standards for Oracle E-Business Suite: DMZ Configuration Guide</span></h2>
<div style="margin: 3px 0px 0px;">
<br /></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">In my last blog (see </span><a href="http://jeffreythare.blogspot.com/2017/01/security-standards-for-oracle-e.html"><span style="color: #0563c1; font-family: "calibri";">http://jeffreythare.blogspot.com/2017/01/security-standards-for-oracle-e.html</span></a><span style="font-family: "calibri";">)
we discussed Oracle’s Secure Configuration Guide (MOS Note 403537.1).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Another critical document that Oracle
publishes is their DMZ configuration document (MOS Note 380490.1).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Every step must be meticulously followed or
your data could be exposed – especially for those with externally facing
applications such as Employee Self Service, iStore, or iRecruitment.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">If you are running iStore and have NOT tokenized your credit
card data, you could be exposing your organization to significant PCI risk
since Oracle provides the ability to decrypt credit card data via a concurrent
program.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Find out more about decryption
risk at: </span><a href="http://erpra.net/files/Decryption_of_Credit_Card_and_Bank_Data_Risks_and_Controls_v3.pdf"><span style="color: #0563c1; font-family: "calibri";">http://erpra.net/files/Decryption_of_Credit_Card_and_Bank_Data_Risks_and_Controls_v3.pdf</span></a><span style="font-family: "calibri";">.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Other good information related to the DMZ configuration and
related risks can be found on our partner firm’s, Integrigy, website at: </span><a href="https://www.integrigy.com/tags/dmzexternal"><span style="color: #0563c1; font-family: "calibri";">https://www.integrigy.com/tags/dmzexternal</span></a><span style="font-family: "calibri";">.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Integrigy is also hosting a webinar on 9-Feb
on this topic.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Sign up at: </span><a href="https://www.integrigy.com/security-resources/common-mistakes-when-deploying-oracle-e-business-suite-internet-webinar"><span style="color: #0563c1; font-family: "calibri";">https://www.integrigy.com/security-resources/common-mistakes-when-deploying-oracle-e-business-suite-internet-webinar</span></a><span style="font-family: "calibri";">.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span></div>
<br />
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Recommended Services from ERP Risk Advisors</span></h2>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">We offer assessment services that can evaluate your
organization’s compliance with part or all the recommendations in this MOS Note
along with other high risks not considered by Oracle.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Additionally, we can help you identify a partner than
tokenize your credit card data to remove most PCI risks from your EBS
environment.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Since some of these risks need to be evaluated by reviewing
access controls, a SaaS service to review role design may also be
appropriate.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We perform that service in
conjunction with our partner, CaoSys.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Contact us at </span><a href="http://www.erpra.net/contactus.html"><span style="color: #0563c1; font-family: "calibri";">erpra.net/contactus.html</span></a><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">for more information about these services or
CaoSys GRC solutions if you are interested in learning more.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We offer our Role / Responsibility analysis consulting
as a service (CS*Proviso) or via installed software (CS*Comply).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">See more about CaoSys GRC solutions at </span><a href="http://www.caosys.com/"><span style="color: #0563c1; font-family: "calibri";">caosys.com</span></a><span style="font-family: "calibri";">.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #418dda; font-family: "calibri";">About ERP Risk Advisors</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">ERP Risk Advisors is a leading provider of Risk Advisory
services for organizations using Oracle Applications.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We provide consulting and training services
related to compliance, security, risk management, and controls.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We also assist organizations in implementing
GRC-related software from industry-leading companies such as Oracle, CaoSys,
Smart ERP Solutions, and MentiSoftware.</span></div>
<br />
<br />
<div style="margin: 0px;">
<span style="color: #418dda; font-family: "calibri";">About Jeffrey T. Hare, CPA CISA CIA</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Jeffrey Hare, CPA CIA CISA is the founder and CEO of ERP
Risk Advisors.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">His extensive background
includes public accounting (including Big 4 experience), industry, and Oracle
Applications consulting experience.</span><span style="margin: 0px;"><span style="font-family: "calibri";">
</span></span><span style="font-family: "calibri";">Jeffrey has been working in the Oracle Applications space since 1998
with implementation, upgrade, and support experience.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey is a Certified Public Accountant
(CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal
Auditor (CIA).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey has worked in
various countries including Austria, Australia, Brazil, Canada, Germany,
Ireland, Mexico, Panama, Saudi Arabia, United Arab Emirates, and United
Kingdom.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey is a graduate of
Arizona State University and lives in northern Colorado with his wife and three
daughters.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">You can reach him at
jhare@erpra.net or (970) 324-1450.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Jeffrey's first solo book project "Oracle E-Business
Suite Controls: Application Security Best Practices" was released in 2009.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">His second book project “Auditing Oracle
E-Business Suite: Common Issues” was released in 2015.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey has written various white papers and
other articles, some of which have been published by organizations such as
ISACA, the ACFE, and the OAUG.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Request
these white papers here.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey is a
contributing author for the book “Best Practices in Financial Risk Management”
published in 2009.</span></div>
<br />
<div style="margin: 0px 0px 11px; text-align: left;">
<span style="font-family: "calibri";">LinkedIn: linkedin.com/in/jeffreythare</span></div>
<div style="margin: 0px 0px 11px; text-align: left;">
<span style="font-family: "calibri";">Twitter: twitter.com/jeffreythare</span></div>
<div style="margin: 0px 0px 11px; text-align: left;">
<span style="font-family: "calibri";">Blog: jeffreythare.blogspot.com</span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-45993613076632897702017-01-30T10:50:00.003-08:002017-02-07T10:19:56.161-08:00Security standards for Oracle E-Business Suite; the good, the bad, the ugly...<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" /></a><span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">Security Standards for Oracle E-Business Suite; the good, the bad the ugly</span></span><br />
<div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><br /></span></div>
<div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">Organizations that use Oracle E-Business Suite rely on the
quality and completeness of the guidance provided to them by Oracle through My
Oracle Support (MOS).</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">There are several
documents that organizations should know like the back of their hand and should
have documented their compliance with the recommendations in detail.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">One such document is MOS Note 403537.1 –
Secure Configuration Guide for Oracle E-Business Suite.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Compliance with this document prior to going
live is a necessity.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Because of changes
being introduced by users, DBAs, security administrators, developers, and via
patches provided by Oracle, compliance needs to be reviewed and re-tested on a
regular basis.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span></span><br />
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">Over the last 10 years we have uncovered several issues with
this document.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We have published our
findings from time to time and Oracle has acknowledged use of our feedback in
their documentation.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;">
</span></span><span style="color: black; font-family: inherit; font-size: small;">Recently we have identified four other issues that we’d like to address
that frankly has us questioning the quality and completeness of the document as
well as questioning the quality and completeness of the internal processes that
should be influencing this document.</span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;"><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">I wrote an article documenting the pros and cons of this
document that I’d encourage you to download and read.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">The MOS Note presents various risks that
organizations need to be aware of and Oracle provides some recommendations
related to these risks.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-size: small;"><span style="font-family: inherit;">You can access
this article </span><a href="http://erpra.net/files/With_Oracle_Sometimes_You_Need_to_Fill_in_the_Blanks_final.pdf" target="_blank"><span style="font-family: inherit;">here</span></a></span><span style="color: black; font-family: inherit; font-size: small;">.</span><span style="margin: 0px;"><span style="color: black; font-family: "calibri"; font-size: small;"> </span></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
<div style="text-align: left;">
</div>
</span><br />
<h4 style="margin: 0px 0px 11px; text-align: left;">
</h4>
<h4 style="margin: 0px 0px 11px; text-align: left;">
Conclusion </h4>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">I have identified several major issues with this MOS note.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Why isn’t Oracle updating their documentation
when they release new forms that allow SQL injection?</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Could it be the problem is with their
development standards and peer review process?</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;">
</span></span><span style="color: black; font-family: inherit; font-size: small;">Are they not identifying these risks as part of their development
process?</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">If so, isn’t that a bigger
concern.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Perhaps this is why they have
backed off making ‘best practice’ recommendations.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;"><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">Why doesn’t Oracle see the ability to decrypt credit card
and bank account data as a security risk?</span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;"><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
<div style="text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;">How is it these deficiencies exist in their documentation
(failure to identify that JTF_FM_QUERY is a view and that they aren’t
monitoring the </span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;">ALR_ACTIONS table) and have gone
unnoticed for over three years from the release of this guidance in September
2011?</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span></span><span style="color: black; font-family: inherit; font-size: small;">The only logical conclusion
is they are not implementing and testing their own guidance.</span></div>
<div style="text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;"><br /></span></div>
<div style="text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;">Over the past few years, we have noted deficiencies in the
easiest of these recommendations – seeded application users and seeded database
users.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We have also identified four new
functions which allow SQL injection that have not been updated in their
documentation.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">At one point, there were
five, but two of them have been since added to their documentation.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We have published the three functions above.</span></div>
<div style="text-align: left;">
<span style="color: black; font-size: small;"><span style="font-family: inherit;"></span><br /></span></div>
<div style="text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;">My concern is that organizations relying on this guidance
have a false sense of ‘security’ if they follow this guidance.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Following this ‘guidance’ is certainly
necessary at a minimum, but additional risks exist that Oracle isn’t adding to
their documentation.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We’d love to see
Oracle increase its effectiveness which can only be done by taking a hard look
at their internal standards and setting a regular schedule for testing their
guidance and updating this documentation.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;">
</span></span><span style="color: black; font-family: inherit; font-size: small;">Compliance with this document is necessary, but with Oracle, sometimes
you need to fill in the blanks…</span></div>
<div style="text-align: left;">
<span style="font-size: medium;"><br /></span></div>
</span><br />
<h4 style="text-align: left;">
Recommended Services from ERP Risk Advisors</h4>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">We offer assessment services that can evaluate your
organization’s compliance with part or all of the recommendations in this MOS
Note along with other high risks not considered by Oracle.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">This engagement can range from one to six
weeks.</span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-size: small;"><span style="font-family: inherit;"></span><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">Since some of these risks need to be evaluated by reviewing
access controls, a SaaS service to review role design may also be
appropriate.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We perform that service
through our partner, CaoSys.</span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-size: small;"><span style="font-family: inherit;"></span><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
<div style="text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;">Contact us at </span><a href="http://www.erpra.net/contactus.html"><span style="color: #0563c1; font-family: inherit; font-size: small;">erpra.net/contactus.html</span></a><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">for more information about these services or
CaoSys GRC solutions if you are interested in learning more.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We offer our Role / Responsibility analysis consulting
as a service (CS*Proviso) or via installed software (CS*Comply).</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">See more about CaoSys GRC solutions at </span><a href="http://www.caosys.com/"><span style="color: #0563c1; font-family: inherit; font-size: small;">caosys.com</span></a><span style="color: black; font-family: inherit; font-size: small;">.</span></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
</span><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><div style="margin: 0px; text-align: left;">
<span style="color: #418dda; font-family: inherit; font-size: small;"><br /></span></div>
</span><br />
<h4 style="margin: 0px; text-align: left;">
About ERP Risk Advisors</h4>
<div style="margin: 0px; text-align: left;">
<br /></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">ERP Risk Advisors is a leading provider of Risk Advisory
services for organizations using Oracle Applications.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We provide consulting and training services
related to compliance, security, risk management, and controls.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">We also assist organizations in implementing
GRC-related software from industry-leading companies such as Oracle, CaoSys,
Smart ERP Solutions, and MentiSoftware.</span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: #418dda; font-family: "calibri"; font-size: small;"><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<h4 style="text-align: left;">
About Jeffrey T. Hare, CPA CISA CIA</h4>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"></span><br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: inherit; font-size: small;">Jeffrey Hare, CPA CIA CISA is the founder and CEO of ERP
Risk Advisors.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">His extensive background
includes public accounting (including Big 4 experience), industry, and Oracle
Applications consulting experience.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;">
</span></span><span style="color: black; font-family: inherit; font-size: small;">Jeffrey has been working in the Oracle Applications space since 1998
with implementation, upgrade, and support experience.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Jeffrey is a Certified Public Accountant
(CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal
Auditor (CIA).</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Jeffrey has worked in
various countries including Austria, Australia, Brazil, Canada, Germany,
Ireland, Mexico, Panama, Saudi Arabia, United Arab Emirates, and United
Kingdom.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">Jeffrey is a graduate of
Arizona State University and lives in northern Colorado with his wife and three
daughters.</span><span style="margin: 0px;"><span style="color: black; font-family: inherit; font-size: small;"> </span></span><span style="color: black; font-family: inherit; font-size: small;">You can reach him at
jhare@erpra.net or (970) 324-1450</span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black; font-family: "times new roman"; font-size: small;"><br /></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<br />
<div style="text-align: left;">
</div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span>
<div style="margin: 0px 0px 11px; text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"><span style="color: black;"><span style="font-family: inherit; font-size: small;">Jeffrey's first solo book project </span><u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;">Oracle E-Business Suite Controls: Application Security Best Practices</span></span></u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;"> was released in 2009. He published a second book called</span></span><u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;"> Auditing Oracle E-Business Suite: Common Issues</span></span></u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;"> in 2015. </span></span><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;"> </span></span><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;">He is working on an expansion of his first book which will be called </span></span><u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;">Oracle E-Business Suite Controls: Foundational Principle</span></span></u><u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;">s</span></span></u><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;"> and is working on an update for his second book</span></span><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;">. </span></span><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;"> </span></span><span style="line-height: 15px;"><span style="font-family: inherit; font-size: small;">Both are expected to be released in 2017.<br /><br />He has written various white papers and other articles, some of which have been published by organizations such as ISACA, the ACFE, and the OAUG. Jeffrey is a contributing author for the book “Best Practices in Financial Risk Management” published in 2009.</span></span></span></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px; text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;"><br /></span>
<span style="color: black; font-family: inherit; font-size: small;">LinkedIn: linkedin.com/in/jeffreythare</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px; text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;">Twitter: twitter.com/jeffreythare</span></div>
<div style="text-align: left;">
</div>
<div style="margin: 0px 0px 11px; text-align: left;">
<span style="color: black; font-family: inherit; font-size: small;">Blog: jeffreythare.blogspot.com</span></div>
<div style="text-align: left;">
</div>
<div style="line-height: normal; margin: 0px; text-align: left;">
<br /></div>
</span><br />
<div style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: large;">
</span></div>
<div style="text-align: left;">
<br /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-9410355906878865582017-01-13T09:11:00.003-08:002017-01-13T14:33:34.954-08:00Why Utilities Diagnostics Should NOT Be In Scope for SOX<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a></div>
<div>
<a href="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><b><span style="color: #2e74b5; font-family: "calibri light"; font-size: large;"></span></b><br /></a></div>
<div>
<a href="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-eL6QRfj5PyM/WHkIUGNyk0I/AAAAAAAABMU/K9Xo-afZGeQKkezBsgXRS19tHfXf-XcswCLcB/s1600/logo3146278_sm_jpeg.jpg" /></a></div>
<br />
<span style="color: #2e74b5; font-family: "calibri light";"></span><br />
<h2 style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light";">
</span><span style="color: #2e74b5; font-family: "calibri light";"><span style="margin: 0px;"><span style="font-size: large;">Why Utilities Diagnostics Should </span></span><span style="margin: 0px;"><span style="font-size: large;">NOT Be In Scope for SOX</span></span></span></h2>
<span style="color: #2e74b5; font-family: "calibri light";">
</span>
<br />
<h2 style="text-align: left;">
<span style="color: #2e74b5; font-family: "calibri light";">
</span></h2>
<span style="color: #2e74b5; font-family: "calibri light";">
</span><span style="font-family: "calibri";">The setting of the Utilities: Diagnostics profile option has
been a source of scrutiny for our clients over the past few years.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Some auditors have suggested that access in
Production allowed by the setting of Utilities: Diagnostics could provide a back-door
way to update financially significant data that a user would not be able to
maintain through their normal access.</span><span style="margin: 0px;"><span style="font-family: "calibri";">
</span></span><span style="font-family: "calibri";">Access this video at: </span><a href="https://youtu.be/5eXzhv7jTpM"><span style="color: #0563c1; font-family: "calibri";">https://youtu.be/5eXzhv7jTpM</span></a><span style="font-family: "calibri";">.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><br />
<span style="font-family: Calibri;"><br /></span>
<span style="font-family: Calibri;">This testing was done on an R12 environment and the conclusions should not be applied to 11i or prior environments.</span><br />
<span style="margin: 0px;"><span style="font-family: "calibri";"><br /></span></span>
<span style="margin: 0px;"><span style="font-family: "calibri";"><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Recommended Services from ERP Risk Advisors</span><br />
<span style="font-size: medium;"></span><span style="color: #2e74b5;"></span><span style="font-family: "calibri light";"></span><br />
</span></span><br />
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="font-family: "calibri";"><span style="font-family: "calibri";">We offer an evaluation of Application Controls design effectiveness along with an analysis of the configurations. This service can be performed typically in one to three weeks.</span></span></span></div>
<span style="margin: 0px;"><span style="font-family: "calibri";">
<br />
</span></span><br />
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="font-family: "calibri";"><span style="font-family: "calibri";">Since some of these risks need to be evaluated by reviewing access controls, a SaaS service to review role design may also be appropriate.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We perform that service through our partner, CaoSys.</span></span></span></div>
<span style="margin: 0px;"><span style="font-family: "calibri";">
<br />
</span></span><br />
<div style="margin: 0px 0px 11px;">
<span style="margin: 0px;"><span style="font-family: "calibri";"><span style="font-family: "calibri";">Contact us at </span><a href="http://www.erpra.net/contactus.html"><span style="color: #0563c1; font-family: "calibri";">erpra.net/contactus.html</span></a><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">for more information about these services or CaoSys GRC solutions if you are interested in learning more.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We offer our Role / Responsibility analysis consutling as a service (CS*Proviso) or via installed software (CS*Comply).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">See more about CaoSys GRC solutions at </span><a href="http://www.caosys.com/"><span style="color: #0563c1; font-family: "calibri";">caosys.com</span></a><span style="font-family: "calibri";">.</span></span></span></div>
<span style="margin: 0px;"><span style="font-family: "calibri";">
</span></span><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Appendix A- Screen Shots of how Utilities: Diagnostics works</span><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">:</span><br />
<span style="margin: 0px;"><span style="font-family: "calibri";">Following are a couple of screen shots related to Utilities: Diagnostics:</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-5sGEUZez-ss/WHkJ-dTZTVI/AAAAAAAABMg/SBagtGCu-mAdooC61TgxKllw_ApFJuMBgCLcB/s1600/Utilities_Diagnostics_1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="251" src="https://2.bp.blogspot.com/-5sGEUZez-ss/WHkJ-dTZTVI/AAAAAAAABMg/SBagtGCu-mAdooC61TgxKllw_ApFJuMBgCLcB/s320/Utilities_Diagnostics_1.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-psVI1v6U8Ys/WHkKBqmB6XI/AAAAAAAABMo/eszShF5xqq00NpcBEqTPrQONWlGNssE4QCLcB/s1600/Utilities_Diagnostics_2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="249" src="https://4.bp.blogspot.com/-psVI1v6U8Ys/WHkKBqmB6XI/AAAAAAAABMo/eszShF5xqq00NpcBEqTPrQONWlGNssE4QCLcB/s320/Utilities_Diagnostics_2.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-vRLDeLMU4tw/WHkKBsV7BVI/AAAAAAAABMk/NQ3pqhoPAa4w5AqBgbXP8rmU_X7fdGdjACLcB/s1600/Utilities_Diagnostics_3.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="266" src="https://1.bp.blogspot.com/-vRLDeLMU4tw/WHkKBsV7BVI/AAAAAAAABMk/NQ3pqhoPAa4w5AqBgbXP8rmU_X7fdGdjACLcB/s320/Utilities_Diagnostics_3.png" width="320" /></a></div>
<span style="margin: 0px;"><span style="font-family: "calibri";"><br /></span></span>
<span style="margin: 0px;"><span style="font-family: "calibri";"><br /></span></span>
<span style="margin: 0px;"><span style="font-family: "calibri";"><br /></span></span>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-78493258996784919152017-01-06T13:57:00.002-08:002017-01-13T09:14:15.283-08:00A Back Door Way to Changing Supplier Addresses in Oracle E-Business Suite<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-z9U1-bx7LAA/WHASqCVHhtI/AAAAAAAABL0/9lwJVUwM-Ggp8MJpBF3AXCvr82_FPFT6QCLcB/s1600/logo3146278_sm_jpeg.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-z9U1-bx7LAA/WHASqCVHhtI/AAAAAAAABL0/9lwJVUwM-Ggp8MJpBF3AXCvr82_FPFT6QCLcB/s1600/logo3146278_sm_jpeg.jpg" /></a><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;"></span></div>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">
</span>
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">
<span style="margin: 0px;"><span style="font-size: large;">A Back Door Way to Changing Supplier </span></span><span style="margin: 0px;"><span style="font-size: large;">Addresses in Oracle E-Business Suite</span></span></span></h2>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">
</span>
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">
</span></h2>
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">
</span>
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;"><br /></span></h2>
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Background:</span></h2>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Most organizations have a control defined over the entry of
and changes to Supplier Master data including the Supplier’s address.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Allowing a user as part of the payment process
to change the address for a check would essentially allow them to circumvent
the expected controls that normally happen through the supplier master
maintenance process.</span></div>
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Risk Presented and Analysis:</span></h2>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">The Allow Address Change option in the Payables Options form
enable a user to make a change to the Supplier’s address to re-direct where a
check it sent.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">This would allow a
fraudster to make a change and give them physical possession of a check that is
not meant for them.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">There are various
ways that fraudster could get that check cashed.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Therefore, this option should never be allowed to be set for
any Operating Unit.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">All changes to a
Supplier’s mailing address should follow your organization’s normal change
process rather than allowing a clerk to make this one-off adjustment when
entering a check.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">If this is currently allowed, it needs to be disabled
(unchecked).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">The process should be to
require an additional address be set up or a change to the default address
through the Supplier Master process.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Following is a screen shot of the Payables Options
configuration form:</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-BuPOO_-0KEI/WHASLYx7EYI/AAAAAAAABLs/wR9pnirezWku-OW2Q9d4U6a1s7Rt7Ho1gCLcB/s1600/Back%2Bdoor%2Bimage%2B1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="295" src="https://1.bp.blogspot.com/-BuPOO_-0KEI/WHASLYx7EYI/AAAAAAAABLs/wR9pnirezWku-OW2Q9d4U6a1s7Rt7Ho1gCLcB/s320/Back%2Bdoor%2Bimage%2B1.png" width="320" /></a></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";"><br /></span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";"><br /></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<v:roundrect arcsize="10923f" filled="f" id="Rounded_x0020_Rectangle_x0020_5" o:gfxdata="UEsDBBQABgAIAAAAIQC75UiUBQEAAB4CAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbKSRvU7DMBSF
dyTewfKKEqcMCKEmHfgZgaE8wMW+SSwc27JvS/v23KTJgkoXFsu+P+c7Ol5vDoMTe0zZBl/LVVlJ
gV4HY31Xy4/tS3EvRSbwBlzwWMsjZrlprq/W22PELHjb51r2RPFBqax7HCCXIaLnThvSAMTP1KkI
+gs6VLdVdad08ISeCho1ZLN+whZ2jsTzgcsnJwldluLxNDiyagkxOquB2Knae/OLUsyEkjenmdzb
mG/YhlRnCWPnb8C898bRJGtQvEOiVxjYhtLOxs8AySiT4JuDystlVV4WPeM6tK3VaILeDZxIOSsu
ti/jidNGNZ3/J08yC1dNv9v8AAAA//8DAFBLAwQUAAYACAAAACEArTA/8cEAAAAyAQAACwAAAF9y
ZWxzLy5yZWxzhI/NCsIwEITvgu8Q9m7TehCRpr2I4FX0AdZk2wbbJGTj39ubi6AgeJtl2G9m6vYx
jeJGka13CqqiBEFOe2Ndr+B03C3WIDihMzh6RwqexNA281l9oBFTfuLBBhaZ4ljBkFLYSMl6oAm5
8IFcdjofJ0z5jL0MqC/Yk1yW5UrGTwY0X0yxNwri3lQgjs+Qk/+zfddZTVuvrxO59CNCmoj3vCwj
MfaUFOjRhrPHaN4Wv0VV5OYgm1p+LW1eAAAA//8DAFBLAwQUAAYACAAAACEAd6bPZMgCAAB0BgAA
HwAAAGNsaXBib2FyZC9kcmF3aW5ncy9kcmF3aW5nMS54bWysVVtv2jAUfp+0/2D5vU1AQAHVrRgb
1aSqrUirPruOQ6I5dmabNOzX7/gSiLqqD9t4AJ/bd75zsbm87mqBWq5NpSTBo/MUIy6Zyiu5I/jp
cXM2x8hYKnMqlOQEH7jB11efP13S5U7TpqwYAgRplpTg0tpmmSSGlbym5lw1XIKtULqmFkS9S3JN
XwG5Fsk4TWdJTSuJr05QX6mlaK+rv4ASiv3g+ZrKlhqAFGw51ESOgv07Ml3K9kY3WfOgHXN21z5o
VOUEQ+ckraFFOImG6AZi8iZqdwLoCl07f1UUqCN4Nl/MRgB1gON0MR/PpwGOdxYxsI9m6eJiPMWI
gcd4cjGbpjFfef8xAiu/fYwBJAMZOAwImsbRk+2fFQOLUPFW7WXOc7TlDFZlJziKrKE7LqzvQA9h
YvP+T+1H3nTZaGNvuKqROxCsHS9Hyi8ZbW+NDVR6P1+Z2lRC+JkJ6RRGiSp3Oi/o3ctaaNRSQfBm
k8LH9RtyDtxAcqFOGSuzXebbZrsvKj84oBf4hU3RCnjBfE3DNhWQvKXGPlANtweUcA/tPXwVQr0S
rOIJo1LpX+/pnT9sNFgxeoXbSLD5uaeaYyS+S0PwYjSZAKz1wmR6MQZBDy0vQ4vc12sFVY48O390
/lb0x0Kr+lnpfOWygolKBrkJZlb3wtqCDCa49IyvVv7MVN1QeyuzBq7fyI/C9f+xe6a6iZOysN93
Kitpw9+bVfAN01rtrSqqOMjQVWcQxmb2ILgfpO89l7nr7Ba6LmArCeby7CmL0wMPGNdpPHvDs8at
ShhuPz/jID283PIC7jlcwbFn6F85flwNyhiXNlRnSprzsDHT4cK4d9FF+NTCATrkAjbtiB0Bes8A
0mMHatHfhfKiAMbH4PQjYiH4GOEzK3kKriup9HsAAqqKmYN/WPTQGL/yoHjz3nqX+P/gHvWhfPUb
AAD//wMAUEsDBBQABgAIAAAAIQC2OwQiVAYAAAsaAAAaAAAAY2xpcGJvYXJkL3RoZW1lL3RoZW1l
MS54bWzsWUtvGzcQvhfof1jsvbHeio3Iga1H3MZOgkhJkSOlpXYZc5cLkrKjW5EcCxQomhY9NEBv
PRRtAyRAL+mvcZuiTYH8hQ65D5ESVTtGChhBLMDYnf1mOJyZ/YbkXrn6IKbeEeaCsKTjVy9VfA8n
ExaQJOz4d0aDjy77npAoCRBlCe74cyz8q9sffnAFbU0oSccM8WAU4Rh7YCgRW6jjR1KmWxsbYgJi
JC6xFCfwbMp4jCTc8nAj4OgYBojpRq1SaW3EiCT+NliUylCfwr9ECiWYUD5UZrCXoBhGvzmdkgnW
2OCwqhBiLrqUe0eIdnywGbDjEX4gfY8iIeFBx6/oP39j+8oG2sqVqFyja+gN9F+ulysEhzU9Jg/H
5aCNRrPR2intawCVq7h+u9/qt0p7GoAmE5hp5otps7m7udtr5lgDlF06bPfavXrVwhv26ys+7zTV
z8JrUGa/sYIfDLoQRQuvQRm+uYJvNNq1bsPCa1CGb63g25WdXqNt4TUooiQ5XEFXmq16t5htCZky
uueEbzYbg3YtN75AQTWU1aWGmLJErqu1GN1nfAAABaRIksST8xRP0QRqsosoGXPi7ZMwgsJLUcIE
iCu1yqBSh//q19BXOiJoCyNDW/kFnogVkfLHExNOUtnxPwGrvgF5/eKn1y+eeScPn588/PXk0aOT
h79khiytPZSEptarH77858ln3t/Pvn/1+Gs3Xpj4P37+/PffvnIDYaaLELz85umfz5++/PaLv358
7IDvcDQ24SMSY+HdwMfebRbDxHQIbM/xmL+ZxihCxNTYSUKBEqRGcdjvy8hC35gjihy4XWxH8C4H
inEBr83uWw4PIz6TxGHxehRbwAPG6C7jzihcV2MZYR7NktA9OJ+ZuNsIHbnG7qLEym9/lgK3EpfJ
boQtN29RlEgU4gRLTz1jhxg7ZnePECuuB2TCmWBT6d0j3i4izpCMyNiqpoXSHokhL3OXg5BvKzYH
d71dRl2z7uEjGwlvBaIO50eYWmG8hmYSxS6TIxRTM+D7SEYuJ4dzPjFxfSEh0yGmzOsHWAiXzk0O
8zWSfh3oxZ32AzqPbSSX5NBlcx8xZiJ77LAboTh1YYckiUzsx+IQShR5t5h0wQ+Y/Yaoe8gDStam
+y7BVrpPZ4M7wKymS4sCUU9m3JHLa5hZ9Tuc0ynCmmqA+C0+j0lyKrkv0Xrz/6V1INKX3z1xzOqi
EvoOJ843am+Jxtfhlsm7y3hALj5399AsuYXhdVltYO+p+z11++88da97n98+YS84GuhbLRWzpbpe
uMdr1+1TQulQzineF3rpLqAzBQMQKj29P8XlPi6N4FK9yTCAhQs50joeZ/JTIqNhhFJY31d9ZSQU
uelQeCkTsOzXYqdthaez+IAF2Xa1WlVb04w8BJILeaVZymGrITN0q73YgpXmtbeh3ioXDijdN3HC
GMx2ou5wol0IVZD0xhyC5nBCz+yteLHp8OKyMl+kasULcK3MCiydPFhwdfxmA1RACXZUiOJA5SlL
dZFdncy3mel1wbQqANYRRQUsMr2pfF07PTW7rNTOkGnLCaPcbCd0ZHQPExEKcF6dSnoWN94015uL
lFruqVDo8aC0Fm60L/+XF+fNNegtcwNNTKagiXfc8Vv1JpTMBKUdfwrbfriMU6gdoZa8iIZwYDaR
PHvhz8MsKReyh0SUBVyTTsYGMZGYe5TEHV9Nv0wDTTSHaN+qNSCEC+vcJtDKRXMOkm4nGU+neCLN
tBsSFensFhg+4wrnU61+frDSZDNI9zAKjr0xnfHbCEqs2a6qAAZEwOlPNYtmQOA4sySyRf0tNaac
ds3zRF1DmRzRNEJ5RzHJPINrKi/d0XdlDIy7fM4QUCMkeSMch6rBmkG1umnZNTIf1nbd05VU5AzS
XPRMi1VU13SzmDVC0QaWYnm+Jm94VYQYOM3s8Bl1L1PuZsF1S+uEsktAwMv4ObruGRqC4dpiMMs1
5fEqDSvOzqV27ygmeIprZ2kSBuu3CrNLcSt7hHM4EJ6r84PectWCaFqsK3WkXZ8mDlDqjcNqx4fP
A3A+8QCu4AODD7KaktWUDK7gqwG0i+yov+PnF4UEnmeSElMvJPUC0ygkjULSLCTNQtIqJC3f02fi
8B1GHYf7XnHkDT0sPyLP1xb295vtfwEAAP//AwBQSwMEFAAGAAgAAAAhAJxmRkG7AAAAJAEAACoA
AABjbGlwYm9hcmQvZHJhd2luZ3MvX3JlbHMvZHJhd2luZzEueG1sLnJlbHOEj80KwjAQhO+C7xD2
btJ6EJEmvYjQq9QHCMk2LTY/JFHs2xvoRUHwsjCz7DezTfuyM3liTJN3HGpaAUGnvJ6c4XDrL7sj
kJSl03L2DjksmKAV201zxVnmcpTGKSRSKC5xGHMOJ8aSGtHKRH1AVzaDj1bmIqNhQaq7NMj2VXVg
8ZMB4otJOs0hdroG0i+hJP9n+2GYFJ69elh0+UcEy6UXFqCMBjMHSldnnTUtXYGJhn39Jt4AAAD/
/wMAUEsBAi0AFAAGAAgAAAAhALvlSJQFAQAAHgIAABMAAAAAAAAAAAAAAAAAAAAAAFtDb250ZW50
X1R5cGVzXS54bWxQSwECLQAUAAYACAAAACEArTA/8cEAAAAyAQAACwAAAAAAAAAAAAAAAAA2AQAA
X3JlbHMvLnJlbHNQSwECLQAUAAYACAAAACEAd6bPZMgCAAB0BgAAHwAAAAAAAAAAAAAAAAAgAgAA
Y2xpcGJvYXJkL2RyYXdpbmdzL2RyYXdpbmcxLnhtbFBLAQItABQABgAIAAAAIQC2OwQiVAYAAAsa
AAAaAAAAAAAAAAAAAAAAACUFAABjbGlwYm9hcmQvdGhlbWUvdGhlbWUxLnhtbFBLAQItABQABgAI
AAAAIQCcZkZBuwAAACQBAAAqAAAAAAAAAAAAAAAAALELAABjbGlwYm9hcmQvZHJhd2luZ3MvX3Jl
bHMvZHJhd2luZzEueG1sLnJlbHNQSwUGAAAAAAUABQBnAQAAtAwAAAAA
" o:spid="_x0000_s2051" strokecolor="red" strokeweight="1pt" style="height: 19.5pt; margin-left: 18.3pt; margin-top: 171.85pt; mso-height-percent: 0; mso-height-percent: 0; mso-height-relative: margin; mso-position-horizontal-relative: text; mso-position-horizontal: absolute; mso-position-vertical-relative: text; mso-position-vertical: absolute; mso-wrap-distance-bottom: 0; mso-wrap-distance-left: 9pt; mso-wrap-distance-right: 9pt; mso-wrap-distance-top: 0; mso-wrap-style: square; position: absolute; v-text-anchor: middle; visibility: visible; width: 126.75pt; z-index: 251659264;">
<v:stroke joinstyle="miter">
</v:stroke></v:roundrect><span style="margin: 0px;"><v:shapetype coordsize="21600,21600" filled="f" id="_x0000_t75" o:preferrelative="t" o:spt="75" path="m@4@5l@4@11@9@11@9@5xe" stroked="f">
<v:stroke joinstyle="miter">
<v:f eqn="if lineDrawn pixelLineWidth 0">
<v:f eqn="sum @0 1 0">
<v:f eqn="sum 0 0 @1">
<v:f eqn="prod @2 1 2">
<v:f eqn="prod @3 21600 pixelWidth">
<v:f eqn="prod @3 21600 pixelHeight">
<v:f eqn="sum @0 0 1">
<v:f eqn="prod @6 1 2">
<v:f eqn="prod @7 21600 pixelWidth">
<v:f eqn="sum @8 21600 0">
<v:f eqn="prod @7 21600 pixelHeight">
<v:f eqn="sum @10 21600 0">
</v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f>
<v:path gradientshapeok="t" o:connecttype="rect" o:extrusionok="f">
<o:lock aspectratio="t" v:ext="edit">
</o:lock></v:path></v:stroke></v:shapetype><v:shape id="Picture_x0020_1" o:spid="_x0000_i1026" style="height: 381.6pt; mso-wrap-style: square; visibility: visible; width: 467.4pt;" type="#_x0000_t75">
<v:imagedata cropleft="364f" croptop="7883f" o:title="" src="file:///C:/Users/jeffr/AppData/Local/Temp/msohtmlclip1/01/clip_image001.png">
</v:imagedata></v:shape></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Note that this configuration is org (OU / org_id) specific.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">If you have more than one Operating Unit,
this configuration will need to be evaluated / changed for each Operating Unit
independently. </span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Following is a description of this process from the Oracle
Payables Users Guide:</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 11.5pt; margin: 0px;">Recording a manual payment</span></b></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">1. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">In the
Payments window select the Manual Type.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">2. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Enter a
Trading Partner. The Supplier Number is automatically displayed. If there are
multiple Supplier Sites, select the appropriate site from the list.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">3. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Enter the
Payment document Date. The date must be in an open period. If the Allow
Pre-Date Payables option is enabled, then you can only predate a computer-generated
payment.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">4. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Enter the
Bank Account from which you want to make the payment.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">5. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Select a
Payment Method.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">6. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Select the
type of Payment Document if Printed is selected as the Payment Process Profile.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">7. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Select a
Payment Process Profile.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">8. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">If you have
enabled the Allow Remit-to Account Override Payables option, then you can
select a different, active Remit-to account. The list of values includes bank accounts
assigned to the supplier that have the same payment currency.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial bold"; font-size: 9.5pt; margin: 0px;">Important:
</span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">The system ensures that Quick
payments cannot be created for payment to inactive bank accounts.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">9. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Enter a
Maturity Date if the Bills Payable payment method is selected.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">10. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">Select a
Rate Type.</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<b><span style="font-family: "arial narrow bold"; font-size: 9pt; margin: 0px;">11. </span></b><span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">If
necessary, enter or adjust other information:</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "palatino linotype" , serif; font-size: 10pt; margin: 0px;">•
<span style="background: yellow; margin: 0px;">If you created the payment
for an address different from the supplier site and your Allow Address Change
Payables Option page, Payments tab is enabled, adjust the address. For example,
you may need to send an expense check to a</span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="background: yellow; font-family: "palatino linotype" , serif; font-size: 10pt; line-height: 107%; margin: 0px;">consultant working at a site away from home.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "palatino linotype" , serif; font-size: 10pt; line-height: 107%; margin: 0px;">Following
is an excerpt from the process related to recording a manual payment (which is
often used to generate a ‘one off’ check.</span></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "palatino linotype" , serif; font-size: 10pt; line-height: 107%; margin: 0px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-APi6tcwWfr8/WHASVIrFHOI/AAAAAAAABLw/wAv4-zRpFxYmqpepgoCnptiWUFKpBalAgCLcB/s1600/Back%2Bdoor%2Bimage%2B2_v2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="179" src="https://4.bp.blogspot.com/-APi6tcwWfr8/WHASVIrFHOI/AAAAAAAABLw/wAv4-zRpFxYmqpepgoCnptiWUFKpBalAgCLcB/s320/Back%2Bdoor%2Bimage%2B2_v2.jpg" width="320" /></a></div>
<div style="margin: 0px 0px 11px;">
<span style="font-family: "palatino linotype" , serif; font-size: 10pt; line-height: 107%; margin: 0px;"><br /></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<v:roundrect arcsize="10923f" filled="f" id="Rounded_x0020_Rectangle_x0020_3" o:gfxdata="UEsDBBQABgAIAAAAIQC75UiUBQEAAB4CAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbKSRvU7DMBSF
dyTewfKKEqcMCKEmHfgZgaE8wMW+SSwc27JvS/v23KTJgkoXFsu+P+c7Ol5vDoMTe0zZBl/LVVlJ
gV4HY31Xy4/tS3EvRSbwBlzwWMsjZrlprq/W22PELHjb51r2RPFBqax7HCCXIaLnThvSAMTP1KkI
+gs6VLdVdad08ISeCho1ZLN+whZ2jsTzgcsnJwldluLxNDiyagkxOquB2Knae/OLUsyEkjenmdzb
mG/YhlRnCWPnb8C898bRJGtQvEOiVxjYhtLOxs8AySiT4JuDystlVV4WPeM6tK3VaILeDZxIOSsu
ti/jidNGNZ3/J08yC1dNv9v8AAAA//8DAFBLAwQUAAYACAAAACEArTA/8cEAAAAyAQAACwAAAF9y
ZWxzLy5yZWxzhI/NCsIwEITvgu8Q9m7TehCRpr2I4FX0AdZk2wbbJGTj39ubi6AgeJtl2G9m6vYx
jeJGka13CqqiBEFOe2Ndr+B03C3WIDihMzh6RwqexNA281l9oBFTfuLBBhaZ4ljBkFLYSMl6oAm5
8IFcdjofJ0z5jL0MqC/Yk1yW5UrGTwY0X0yxNwri3lQgjs+Qk/+zfddZTVuvrxO59CNCmoj3vCwj
MfaUFOjRhrPHaN4Wv0VV5OYgm1p+LW1eAAAA//8DAFBLAwQUAAYACAAAACEAMpJDacYCAAB3BgAA
HwAAAGNsaXBib2FyZC9kcmF3aW5ncy9kcmF3aW5nMS54bWysVV1P2zAUfZ+0/2D5HZJCM0qFQV23
okkIUAPi2ThOE82xM9sN7X797rWTtmKISdteUl/fc4+P74d7cbVpFOmkdbXRjI6OU0qkFqao9YrR
x4fF0YQS57kuuDJaMrqVjl5dfvxwwacry9uqFgQYtJtyRivv22mSOFHJhrtj00oNvtLYhnsw7Sop
LH8B5kYlJ2n6KWl4renlnuoL95ysbf0XVMqI77KYc91xB5RKTA93eo1K/Dszn+ru2rZ5e29Rubjt
7i2pC0Yhc5o3kCKa9I4eBmbyKmq1J9iUtkG8KUuyYfQkO08nKXBtGR1n2SgdZ5FPbjwRCJhkZxkC
BCAyxKb9gdXdHyhE9fV9EpAZ5cDiQKJrUaDufr/z6XDnpVnrQhZkKQU0y0pJcrpLA4YNORgoXJ++
/3T7nXA+ba3z19I0BBeMWhSGqkKf8e7G+ahlwIWrmUWtVCib0rjhjKoL3AuGXT3PlSUdV4wuFpDw
kHE48wAGFobiZn81v8lD3vzmsym2SPQMv9As1oAuKKBrxaIGkTfc+XtuYYBgE0bR38GnVOaFUdOv
KKmM/fnWPuKhqcFLyQsMJKPux5pbSYn6ph2j56PxGGh9MMbZ2QkY9tDzfOjR62Zu4JajoC4sEe/V
sCytaZ6MLWZ4Kri4FnA2o8LbwZh7sMEFcy/kbBbWwjQt9zc6b2ECR6EUmP+HzRO3bV8pDx1+a/KK
t/KtWkVsrNZs7U1Z94WMWUWHcj73WyVDIUPupS4ws0vIuoK2ZFTqo8ccOxMKBQj47suzdjJvsVWi
e6ifQ8pAr5eyhFHHIQwKw0Mnd63BhZDax9u5ihcydgwM675h8GnEiHC0QkJkLqHTdtw9wYCMJAN3
lNbjMVSWJSjeBafvCYvBu4hwstH74KbWxr5FoOBW/ckRHxs9Jia0PGy8enIDpP+LwHf90L78BQAA
//8DAFBLAwQUAAYACAAAACEAtjsEIlQGAAALGgAAGgAAAGNsaXBib2FyZC90aGVtZS90aGVtZTEu
eG1s7FlLbxs3EL4X6H9Y7L2x3oqNyIGtR9zGToJISZEjpaV2GXOXC5Kyo1uRHAsUKJoWPTRAbz0U
bQMkQC/pr3Gbok2B/IUOuQ+RElU7RgoYQSzA2J39Zjicmf2G5F65+iCm3hHmgrCk41cvVXwPJxMW
kCTs+HdGg48u+56QKAkQZQnu+HMs/KvbH35wBW1NKEnHDPFgFOEYe2AoEVuo40dSplsbG2ICYiQu
sRQn8GzKeIwk3PJwI+DoGAaI6UatUmltxIgk/jZYlMpQn8K/RAolmFA+VGawl6AYRr85nZIJ1tjg
sKoQYi66lHtHiHZ8sBmw4xF+IH2PIiHhQcev6D9/Y/vKBtrKlahco2voDfRfrpcrBIc1PSYPx+Wg
jUaz0dop7WsAlau4frvf6rdKexqAJhOYaeaLabO5u7nba+ZYA5RdOmz32r161cIb9usrPu801c/C
a1Bmv7GCHwy6EEULr0EZvrmCbzTatW7DwmtQhm+t4NuVnV6jbeE1KKIkOVxBV5qtereYbQmZMrrn
hG82G4N2LTe+QEE1lNWlhpiyRK6rtRjdZ3wAAAWkSJLEk/MUT9EEarKLKBlz4u2TMILCS1HCBIgr
tcqgUof/6tfQVzoiaAsjQ1v5BZ6IFZHyxxMTTlLZ8T8Bq74Bef3ip9cvnnknD5+fPPz15NGjk4e/
ZIYsrT2UhKbWqx++/OfJZ97fz75/9fhrN16Y+D9+/vz3375yA2GmixC8/Obpn8+fvvz2i79+fOyA
73A0NuEjEmPh3cDH3m0Ww8R0CGzP8Zi/mcYoQsTU2ElCgRKkRnHY78vIQt+YI4ocuF1sR/AuB4px
Aa/N7lsODyM+k8Rh8XoUW8ADxugu484oXFdjGWEezZLQPTifmbjbCB25xu6ixMpvf5YCtxKXyW6E
LTdvUZRIFOIES089Y4cYO2Z3jxArrgdkwplgU+ndI94uIs6QjMjYqqaF0h6JIS9zl4OQbys2B3e9
XUZds+7hIxsJbwWiDudHmFphvIZmEsUukyMUUzPg+0hGLieHcz4xcX0hIdMhpszrB1gIl85NDvM1
kn4d6MWd9gM6j20kl+TQZXMfMWYie+ywG6E4dWGHJIlM7MfiEEoUebeYdMEPmP2GqHvIA0rWpvsu
wVa6T2eDO8CspkuLAlFPZtyRy2uYWfU7nNMpwppqgPgtPo9Jciq5L9F68/+ldSDSl989cczqohL6
DifON2pvicbX4ZbJu8t4QC4+d/fQLLmF4XVZbWDvqfs9dfvvPHWve5/fPmEvOBroWy0Vs6W6XrjH
a9ftU0LpUM4p3hd66S6gMwUDECo9vT/F5T4ujeBSvckwgIULOdI6HmfyUyKjYYRSWN9XfWUkFLnp
UHgpE7Ds12KnbYWns/iABdl2tVpVW9OMPASSC3mlWcphqyEzdKu92IKV5rW3od4qFw4o3TdxwhjM
dqLucKJdCFWQ9MYcguZwQs/srXix6fDisjJfpGrFC3CtzAosnTxYcHX8ZgNUQAl2VIjiQOUpS3WR
XZ3Mt5npdcG0KgDWEUUFLDK9qXxdOz01u6zUzpBpywmj3GwndGR0DxMRCnBenUp6FjfeNNebi5Ra
7qlQ6PGgtBZutC//lxfnzTXoLXMDTUymoIl33PFb9SaUzASlHX8K2364jFOoHaGWvIiGcGA2kTx7
4c/DLCkXsodElAVck07GBjGRmHuUxB1fTb9MA000h2jfqjUghAvr3CbQykVzDpJuJxlPp3gizbQb
EhXp7BYYPuMK51Otfn6w0mQzSPcwCo69MZ3x2whKrNmuqgAGRMDpTzWLZkDgOLMkskX9LTWmnHbN
80RdQ5kc0TRCeUcxyTyDayov3dF3ZQyMu3zOEFAjJHkjHIeqwZpBtbpp2TUyH9Z23dOVVOQM0lz0
TItVVNd0s5g1QtEGlmJ5viZveFWEGDjN7PAZdS9T7mbBdUvrhLJLQMDL+Dm67hkaguHaYjDLNeXx
Kg0rzs6ldu8oJniKa2dpEgbrtwqzS3Ere4RzOBCeq/OD3nLVgmharCt1pF2fJg5Q6o3DaseHzwNw
PvEAruADgw+ympLVlAyu4KsBtIvsqL/j5xeFBJ5nkhJTLyT1AtMoJI1C0iwkzULSKiQt39Nn4vAd
Rh2H+15x5A09LD8iz9cW9veb7X8BAAD//wMAUEsDBBQABgAIAAAAIQCcZkZBuwAAACQBAAAqAAAA
Y2xpcGJvYXJkL2RyYXdpbmdzL19yZWxzL2RyYXdpbmcxLnhtbC5yZWxzhI/NCsIwEITvgu8Q9m7S
ehCRJr2I0KvUBwjJNi02PyRR7Nsb6EVB8LIws+w3s037sjN5YkyTdxxqWgFBp7yenOFw6y+7I5CU
pdNy9g45LJigFdtNc8VZ5nKUxikkUigucRhzDifGkhrRykR9QFc2g49W5iKjYUGquzTI9lV1YPGT
AeKLSTrNIXa6BtIvoST/Z/thmBSevXpYdPlHBMulFxagjAYzB0pXZ501LV2BiYZ9/SbeAAAA//8D
AFBLAQItABQABgAIAAAAIQC75UiUBQEAAB4CAAATAAAAAAAAAAAAAAAAAAAAAABbQ29udGVudF9U
eXBlc10ueG1sUEsBAi0AFAAGAAgAAAAhAK0wP/HBAAAAMgEAAAsAAAAAAAAAAAAAAAAANgEAAF9y
ZWxzLy5yZWxzUEsBAi0AFAAGAAgAAAAhADKSQ2nGAgAAdwYAAB8AAAAAAAAAAAAAAAAAIAIAAGNs
aXBib2FyZC9kcmF3aW5ncy9kcmF3aW5nMS54bWxQSwECLQAUAAYACAAAACEAtjsEIlQGAAALGgAA
GgAAAAAAAAAAAAAAAAAjBQAAY2xpcGJvYXJkL3RoZW1lL3RoZW1lMS54bWxQSwECLQAUAAYACAAA
ACEAnGZGQbsAAAAkAQAAKgAAAAAAAAAAAAAAAACvCwAAY2xpcGJvYXJkL2RyYXdpbmdzL19yZWxz
L2RyYXdpbmcxLnhtbC5yZWxzUEsFBgAAAAAFAAUAZwEAALIMAAAAAA==
" o:spid="_x0000_s2050" strokecolor="red" strokeweight="1pt" style="height: 40pt; margin-left: 168pt; margin-top: 260.8pt; mso-position-horizontal-relative: text; mso-position-horizontal: absolute; mso-position-vertical-relative: text; mso-position-vertical: absolute; mso-wrap-distance-bottom: 0; mso-wrap-distance-left: 9pt; mso-wrap-distance-right: 9pt; mso-wrap-distance-top: 0; mso-wrap-style: square; position: absolute; v-text-anchor: middle; visibility: visible; width: 225pt; z-index: 251660288;">
<v:stroke joinstyle="miter">
</v:stroke></v:roundrect><span style="margin: 0px;"><v:shape id="Picture_x0020_6" o:spid="_x0000_i1025" style="height: 303.6pt; mso-wrap-style: square; visibility: visible; width: 540pt;" type="#_x0000_t75">
<v:imagedata o:title="" src="file:///C:/Users/jeffr/AppData/Local/Temp/msohtmlclip1/01/clip_image002.png">
</v:imagedata></v:shape></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Recommendations:</span></h2>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Following are our recommendations related to this risk and
configuration:</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">1.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">“Allow Address Change” should NOT be checked
(enabled) for any Operating Unit</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">2.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Any changes to Payables Options configurations
should be approved by someone responsible for fraud prevention.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">In other words, the Payables Process Owner
should NOT be able to approve a change to this configuration.</span></div>
<br />
<div style="margin: 0px 0px 0px 48px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">3.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">If you have a tool to monitor access control risks,
you should have rules as follows:</span></div>
<br />
<div style="margin: 0px 0px 0px 96px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">a.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">Single function rule related to Payables Options
– verify that the only users with access to this function are those that can
make changes in Prod once approved as part of your organization’s change
management process – typically this means IT users / business analysts.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px 96px; text-indent: -0.25in;">
<span style="margin: 0px;"><span style="margin: 0px;"><span style="font-family: "calibri";">b.</span><span style="font-size-adjust: none; font-stretch: normal; font: 7pt "Times New Roman"; margin: 0px;">
</span></span></span><span style="font-family: "calibri";">SoD rules – Enter AP Payments vs Payables
Options – no one user should have access to the ability to generate AP Payments
(particularly the function that allows single payments to be created) as well
as the ability to maintain Payables Options.</span><span style="margin: 0px;"><span style="font-family: "calibri";">
</span></span><span style="font-family: "calibri";">The SoD rule would be “Enter AP Payments vs Payables Options” – our rule
ID PP048.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Note: For recommendation 3 above, we offer a service to
evaluate access control risks that includes Segregation of Duties conflicts,
single function risks (Restricted Access), and access to sensitive data. Our
rule set is the most comprehensive in the industry.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Find out more about our rule set at: </span><a href="http://erpra.net/Content.html"><span style="color: #0563c1; font-family: "calibri";">erpra.net/Content.html</span></a><span style="font-family: "calibri";">.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Our content includes Rule ID PP109 as a
single function rule to identify who has access to maintain Payables
Options.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Our content also includes Rule
ID PP048 “Enter AP Payments vs Payables Options” since no one user should have
access to the ability to generate AP Payments (particularly the function that
allows single payments to be created) as well as the ability to maintain
Payables Options.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Contact us at </span><a href="http://www.erpra.net/contactus.html"><span style="color: #0563c1; font-family: "calibri";">erpra.net/contactus.html</span></a><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">for more information about CaoSys GRC
solutions if you are interested in learning more.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We offer our Role / Responsibility analysis
solutions as a service (CS*Proviso) or via installed software
(CS*Proviso).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">See more about CaoSys GRC
solutions at </span><a href="http://www.caosys.com/"><span style="color: #0563c1; font-family: "calibri";">caosys.com</span></a><span style="font-family: "calibri";">.</span><br />
<span style="font-family: "calibri";"><br /></span>
<span style="font-family: "calibri";">Download a pdf of this article <a href="https://drive.google.com/file/d/0B7PlNesCzIjjUUc2X2dJMHZuZk0/view?usp=sharing" target="_blank">here</a>.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<br />
<h2 style="margin: 3px 0px 0px;">
<span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Recommended Services from ERP Risk Advisors</span></h2>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";"><span style="margin: 0px;"><span style="font-family: "calibri";"><span style="font-family: "calibri";">We offer an evaluation of Application Controls design effectiveness along with an analysis of the configurations. This service can be performed typically in one to three weeks.</span></span></span></span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Since some of these risks need to be evaluated by reviewing
access controls, a SaaS service to review role design may also be
appropriate.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We perform that service
through our partner, CaoSys.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Contact us at </span><a href="http://www.erpra.net/contactus.html"><span style="color: #0563c1; font-family: "calibri";">erpra.net/contactus.html</span></a><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">for more information about these services or
CaoSys GRC solutions if you are interested in learning more.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We offer our Role / Responsibility analysis
consutling as a service (CS*Proviso) or via installed software
(CS*Comply).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">See more about CaoSys GRC
solutions at </span><a href="http://www.caosys.com/"><span style="color: #0563c1; font-family: "calibri";">caosys.com</span></a><span style="font-family: "calibri";">.</span></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
<br />
<h2 style="margin: 3px 0px 0px;">
<a href="https://www.blogger.com/null" name="_Toc452998194"><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;"> </span></a></h2>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><br clear="all" style="mso-special-character: line-break; page-break-before: always;" />
</span>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<span style="margin: 0px;"><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">Appendix
A- Definition of Payables Options</span></span><span style="color: #2e74b5; font-family: "calibri light"; font-size: medium;">:</span><br />
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">This query below can be run to identify how this
configuration is set:</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "calibri";">Select *</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "calibri";">From AP_SYSTEM_PARAMETERS_ALL</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<br /></div>
<br />
<div style="line-height: normal; margin: 0px;">
<span style="font-family: "calibri";">The column related to the “Allow Address Change” configuration is UPDATE_PAY_SITE_FLAG.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">A value of ‘Y’ means the capabilities are
allowed – i.e. they CAN change the Supplier Address when a manual payment is
processed, effectively bypassing any controls over the Supplier master.</span></div>
<span style="font-family: "calibri" , sans-serif; font-size: 11pt; line-height: 107%; margin: 0px;"><br clear="all" style="mso-special-character: line-break; page-break-before: always;" />
</span>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<br />
<div style="margin: 0px;">
<span style="color: #418dda; font-family: "calibri";">About ERP Risk Advisors</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">ERP Risk Advisors is a leading provider of Risk Advisory
services for organizations using Oracle Applications.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We provide consulting and training services
related to compliance, security, risk management, and controls.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">We also assist organizations in implementing
GRC-related software from industry-leading companies such as Oracle, CaoSys,
Smart ERP Solutions, and MentiSoftware.</span></div>
<br />
<div style="margin: 0px;">
<br /></div>
<br />
<div style="margin: 0px;">
<span style="color: #418dda; font-family: "calibri";">About Jeffrey T. Hare, CPA CISA CIA</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Jeffrey Hare, CPA CIA CISA is the founder and CEO of ERP
Risk Advisors.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">His extensive background
includes public accounting (including Big 4 experience), industry, and Oracle
Applications consulting experience.</span><span style="margin: 0px;"><span style="font-family: "calibri";">
</span></span><span style="font-family: "calibri";">Jeffrey has been working in the Oracle Applications space since 1998
with implementation, upgrade, and support experience.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey is a Certified Public Accountant
(CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal
Auditor (CIA).</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey has worked in
various countries including Austria, Australia, Brazil, Canada, Germany,
Ireland, Mexico, Panama, Saudi Arabia, United Arab Emirates, and United
Kingdom.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey is a graduate of
Arizona State University and lives in northern Colorado with his wife and three
daughters.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">You can reach him at
jhare@erpra.net or (970) 324-1450.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Jeffrey's first solo book project "Oracle E-Business
Suite Controls: Application Security Best Practices" was released in
2009.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">His second book project “Auditing
Oracle E-Business Suite: Common Issues” was released in 2015.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey has written various white papers and
other articles, some of which have been published by organizations such as
ISACA, the ACFE, and the OAUG.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Request
these white papers here.</span><span style="margin: 0px;"><span style="font-family: "calibri";"> </span></span><span style="font-family: "calibri";">Jeffrey is a
contributing author for the book “Best Practices in Financial Risk Management”
published in 2009.</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<br /></div>
<br />
<div style="margin: 0px;">
<span style="font-family: "calibri";">LinkedIn: linkedin.com/in/jeffreythare</span></div>
<br />
<div style="margin: 0px;">
<span style="font-family: "calibri";">Twitter: twitter.com/jeffreythare</span></div>
<br />
<div style="margin: 0px 0px 11px;">
<span style="font-family: "calibri";">Blog: jeffreythare.blogspot.com</span></div>
<br />
<div style="line-height: normal; margin: 0px;">
<br /></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4311640442921669554.post-66444949501718429122014-01-14T15:54:00.002-08:002014-01-14T15:54:58.616-08:00Reliability of Application Controls in ERP Systems Should be Questioned by Auditors<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Reliability of Application Controls in ERP Systems Should be Questioned by
Auditors<br />By Jeffrey T. Hare, CPA CIA CISA</h2>
<h1>
<o:p></o:p></h1>
<h1>
<o:p></o:p></h1>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="line-height: 200%;">
The guidance related to relying on
Automated (or Application) Controls was originally published by Institute of
Internal Auditors (IIA) in July 2007. The IIA Global Technology Audit Guide
number 8 (GTAG 8) takes into account the guidance provided by the PCAOB in
Auditing Standard No. 12 (Appendix B, in particular). The testing of an automated control typically
requires the skills of both an internal auditor (functional or process auditor)
as well as the skills of an IT auditor.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<div class="MsoNormal" style="line-height: 200%;">
In fact, in GTAG 8, the IIA
recommends that the help of an IT auditor is needed.<a href="file:///C:/Users/Jeff/Dropbox/ERPRA%20Business%20Admin/ERPRA%20Blogs/Reliability%20of%20Application%20Controls%20in%20ERP%20Systems%20Should%20be%20Questioned%20by%20Auditors.docx#_ftn1" name="_ftnref1" title=""><span class="MsoFootnoteReference"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Calibri","sans-serif"; font-size: 11.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">[1]</span></span><!--[endif]--></span></a> IT auditors are typically needed to help test
IT general controls such as controls over changes to the configurations, code
changes, segregation of duties, and access controls.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<div class="MsoNormal" style="line-height: 200%;">
The most common way to test the
automated controls is through a “benchmark strategy.” The IIA guidance summarizes the PCOAB
standard as follows “If general controls that are used to monitor program
changes, access to programs, and computer operations are effective and continue
to be tested on a regular basis, the auditor can conclude that the application
control is effective without having to repeat the previous year’s control test. This is especially true if the auditor
verifies that the application control has not changed since the auditor last
tested the application control.”<span class="MsoFootnoteReference"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Calibri","sans-serif"; font-size: 11.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"><a href="file:///C:/Users/Jeff/Dropbox/ERPRA%20Business%20Admin/ERPRA%20Blogs/Reliability%20of%20Application%20Controls%20in%20ERP%20Systems%20Should%20be%20Questioned%20by%20Auditors.docx#_ftn2" name="_ftnref2" title="">[2]</a></span></span><a href="file:///C:/Users/Jeff/Dropbox/ERPRA%20Business%20Admin/ERPRA%20Blogs/Reliability%20of%20Application%20Controls%20in%20ERP%20Systems%20Should%20be%20Questioned%20by%20Auditors.docx#_ftn2" name="_ftnref2" title=""><!--[endif]--></a></span><o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<span class="MsoFootnoteReference"><span class="MsoFootnoteReference"><br /></span></span></div>
<div class="MsoNormal" style="line-height: 200%;">
Since IT auditors are typically
tasked with testing IT general controls, the IT auditor normally is responsible
for testing ‘program changes, access to programs, and computer operations’ as
well as ‘that the application control has not changed since the auditor last
tested the application control.’<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<div class="MsoNormal" style="line-height: 200%;">
The beauty of ERP systems, such as
Oracle’s E-Business Suite and SAP, is that an application control can be
configured to meet an organization’s different requirements. The ‘configurations’ drive the design of the
control and, therefore, a change to the configuration can change the design of
the control. From a Sarbanes-Oxley
perspective, the PCAOB and your external auditors should care immensely about
whether or not the configurations related to key controls change from year to
year. If these configurations change, the
auditor of the related application control should re-benchmark the control or
test the control in another way.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<h3 style="text-align: left;">
The Problem</h3>
<h2 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h2>
<div class="MsoNormal" style="line-height: 200%;">
The problem faced by most
organizations is there is no change history specifically built into the system
for the configurations related to key controls.
In fact, as most auditors have discovered, little change history exists
in most ERP systems unless the system is built to do so. In ERP systems, such as Oracle’s E-Business
Suite, the change history of a transaction only exists in a few cases and it
rarely exists for configurations.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
This leaves an IT auditor with a
dilemma when trying to test the ‘general controls used to monitor program
changes’ as is required in the IIA and PCAOB guidance. How does an auditor get comfortable that no
change has been made during an audit period?
<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<div class="MsoNormal" style="line-height: 200%;">
Absent audit history created by the
system, ERP systems have built-in ‘row-who’ information. This information typically tells you when a
record is created and when it is last updated.
Therefore, an auditor can reasonably assume that when the ‘last updated
by’ time stamp isn’t within the current audit period (and should be in the
period in which the configuration was ‘baselined’ or earlier) that the
configuration hasn’t been changed. <o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<div class="MsoNormal" style="line-height: 200%;">
There are three problems with relying
on the ‘row who’ information:<o:p></o:p></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: 200%; text-align: left; text-indent: -0.25in;">
</div>
<ul style="text-align: left;">
<li><span style="font-size: 7pt; line-height: normal; text-indent: -0.25in;"> </span><span style="line-height: 200%; text-indent: -0.25in;">Most
systems don’t have the queries predefined</span></li>
<li><span style="font-size: 7pt; line-height: normal; text-indent: -0.25in;"> </span><span style="line-height: 200%; text-indent: -0.25in;">A
false positive can be occur when data from another column is changed</span></li>
<li><span style="font-size: 7pt; line-height: normal; text-indent: -0.25in;"> </span><span style="line-height: 200%; text-indent: -0.25in;">Some
‘back door’ methods of updating the data don’t change the ‘row who’ information</span></li>
</ul>
<o:p></o:p><br />
<div class="MsoListParagraphCxSpMiddle" style="line-height: 200%; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="line-height: 200%; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<h4 style="text-align: left;">
Lack of predefined queries</h4>
<h3 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h3>
<div class="MsoNormal" style="line-height: 200%;">
In an average system, there may be
dozens of configurations related to key controls. Ideally, the software provider would develop
a ‘read only’ role that auditors could use to query the data. Sadly, this information isn’t provided by
most software companies or this information is only available in another
product you need to license such as a GRC suite.<o:p></o:p></div>
<h3 style="line-height: 200%; margin-top: 0in;">
<br /></h3>
<h4 style="text-align: left;">
False positives</h4>
<h3 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h3>
<div class="MsoNormal" style="line-height: 200%;">
Another issue is false positives
whereby a different column is updated than the column related to the key
control. Take a look at this change
history:<o:p></o:p></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr>
<td style="background: #BFBFBF; border: solid windowtext 1.0pt; mso-background-themecolor: background1; mso-background-themeshade: 191; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><u>Change<o:p></o:p></u></b></div>
</td>
<td style="background: #BFBFBF; border-left: none; border: solid windowtext 1.0pt; mso-background-themecolor: background1; mso-background-themeshade: 191; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><u>Column
A<o:p></o:p></u></b></div>
</td>
<td style="background: #BFBFBF; border-left: none; border: solid windowtext 1.0pt; mso-background-themecolor: background1; mso-background-themeshade: 191; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><u>Column
B<o:p></o:p></u></b></div>
</td>
<td style="background: #BFBFBF; border-left: none; border: solid windowtext 1.0pt; mso-background-themecolor: background1; mso-background-themeshade: 191; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><u>Created
Date<o:p></o:p></u></b></div>
</td>
<td style="background: #BFBFBF; border-left: none; border: solid windowtext 1.0pt; mso-background-themecolor: background1; mso-background-themeshade: 191; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.8pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><u>Updated
Date<o:p></o:p></u></b></div>
</td>
</tr>
<tr style="height: 17.5pt; mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 17.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in;">
Initial data entry<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 17.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
Yes<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 17.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
Yes<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 17.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
01-Jan-2014<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 17.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.8pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
01-Jan-2014<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in;">
Change 1<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
No<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
Yes<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
01-Jan-2014<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.8pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
15-Jan-2014<o:p></o:p></div>
</td>
</tr>
<tr>
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in;">
Change 2<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
Yes<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
Yes<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.75pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
01-Jan-2014<o:p></o:p></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 95.8pt;" valign="top" width="128">
<div align="center" class="MsoNormal" style="line-height: 200%; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
19-Jan-2014<o:p></o:p></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="line-height: 200%; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="line-height: 200%; mso-margin-top-alt: auto;">
In this
example, column A’s data is NOT related to the key control and column B’s is
what impacts the design of the key control.
As change 1 and change 2 are made, the updated date changes from 01-Jan-2014
to 15-Jan-2014 to 19-Jan-2014. So if
you are an auditor looking at the change history during 2014 you’d could
falsely draw the conclusion that the configuration related to the key control
(Column B) was changed when actually it was a different column (Column A) that
was changed.<o:p></o:p></div>
<h3 style="line-height: 200%; margin-top: 0in;">
<br /></h3>
<h4 style="text-align: left;">
Back door methods of updating data</h4>
<h3 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h3>
<div class="MsoNormal" style="line-height: 200%;">
Finally, back door methods such as
the use of an unsecured database login or SQL injection could change the data
in column B, but not update the Updated Date column. This risk is especially acute in certain
systems such as Oracle E-Business Suite that provides over 50 forms and web
pages that allow SQL injection (and in some cases ability to execute packages
or OS scripts).<o:p></o:p></div>
<h2 style="line-height: 200%; margin-top: 0in;">
<br /></h2>
<h3 style="text-align: left;">
The Solution</h3>
<h2 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h2>
<div class="MsoNormal" style="line-height: 200%;">
If auditors are to rely on
application controls and have reasonable assurance of operating effectiveness,
a detailed audit trail / change tracking history is essential. Most auditors give organizations a ‘pass’ when
they don’t have detailed change history and take a sample from the change
management tickets rather than insist the client develop the change history so
the sample can be taken from the system.
We believe this approach CANNOT provide reasonable assurance related to
the changes to configurations related to key controls.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
The technology necessary to develop
this change history differs from system to system. In our area of domain expertise, Oracle
E-Business Suite, there are reasonably priced third party systems that can be
deployed using database triggers to create the necessary change history. The benefits of such technology extends well
beyond Sarbanes-Oxley ‘key control’ requirements and can be applied to updates
to master data (such as supplier bank accounts) as well as other requirements
(password resets for critical access accounts, forms that allow SQL injection,
etc.).<o:p></o:p></div>
<h2 style="line-height: 200%; margin-top: 0in;">
<br /></h2>
<h3 style="text-align: left;">
The Conclusion</h3>
<h2 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h2>
<div class="MsoNormal" style="line-height: 200%;">
So here we are in 2014 – nearly
seven years after the issuance of guidance by the IIA and the challenges facing
reliance on automated controls are not much different than those faced when the
guidance was first issued. The time has
come for auditors to hold client’s feet to the fire. As it relates to application controls, either
insist on a system-based audit trail or disqualify the reliance on the
application control. You’ve given a
‘pass’ to your clients for far too long when reasonable assurance cannot
‘reasonably’ be attained using the current approach.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 200%;">
<br /></div>
<h3 style="text-align: left;">
About the Author</h3>
<h2 style="line-height: 200%; margin-top: 0in;">
<o:p></o:p></h2>
<div class="MsoNormal" style="line-height: 200%;">
Jeffrey Hare, CPA CIA CISA is the
founder and CEO of ERP Risk Advisors.
His extensive background includes public accounting (including Big 4
experience), industry, and Oracle Applications consulting experience. Jeffrey has been working in the Oracle Applications
space since 1998 with implementation, upgrade, and support experience. Jeffrey is a Certified Public Accountant
(CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal
Auditor (CIA). He has worked in various
countries including Australia, Austria, Canada, Mexico, Brazil, United Kingdom,
Ireland, Saudi Arabia, and Germany.
Jeffrey is a graduate of Arizona State University and lives in northern
Colorado with his wife and three daughters.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<br />
<div>
<!--[if !supportFootnotes]--><br clear="all" />
<hr align="left" size="1" width="33%" />
<!--[endif]-->
<div id="ftn1">
<div class="MsoFootnoteText">
<a href="file:///C:/Users/Jeff/Dropbox/ERPRA%20Business%20Admin/ERPRA%20Blogs/Reliability%20of%20Application%20Controls%20in%20ERP%20Systems%20Should%20be%20Questioned%20by%20Auditors.docx#_ftnref1" name="_ftn1" title=""><span class="MsoFootnoteReference"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Calibri","sans-serif"; font-size: 10.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">[1]</span></span><!--[endif]--></span></a>
IIA GTAG 8, page 14 “Need for Specialized Audit Resources”<o:p></o:p></div>
</div>
<div id="ftn2">
<div class="MsoFootnoteText">
<a href="file:///C:/Users/Jeff/Dropbox/ERPRA%20Business%20Admin/ERPRA%20Blogs/Reliability%20of%20Application%20Controls%20in%20ERP%20Systems%20Should%20be%20Questioned%20by%20Auditors.docx#_ftnref2" name="_ftn2" title=""><span class="MsoFootnoteReference"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Calibri","sans-serif"; font-size: 10.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">[2]</span></span><!--[endif]--></span></a>
IIA GTAG 8, page 3 “Benchmarking”<o:p></o:p></div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0