Upcoming ERP Risk Advisors webinars_July 2017

Upcoming ERP Risk Advisors webinars_July 2017

You are invited to attend three upcoming webinars taking place over the next couple of weeks as follows:

Don’t give up on your Oracle Advanced Controls investment – Tuesday, July 11

How to automate controls using CaoSys’ newest features – Wednesday, July 12

Identifying and Monitoring Multi-Platform and Cross-Platform Access Control Risks with SafePaas – Wednesday, July 26

“Don’t give up on your Oracle Advanced Controls investment” will be held at two times Tuesday, July 11 – 9 a.m. EST and 4 p.m. EST. 

Have you’ve spent into the six figures on your Oracle Advanced Controls implementation and are wondering how to leverage your investment into something of value.  In this webinar we will share how the expertise, content, and risk-based methodology of ERP Risk Advisors can easily extend the usefulness of your investment and add value to your controls environment.  We will first look at current trends in the audit community and discuss how to leverage your Oracle Advanced Controls investment to address these trends.  Register at: https://attendee.gotowebinar.com/register/5792990699975558914

“How to automate controls using CaoSys’ newest features” will be held at two times Wednesday, July 12 – 9 a.m. EST and 4 p.m. EST. 

With Oracle no longer offering premier support on their Advanced Controls suite customers are wondering about their long-term options with their E-Business Suite on-premise solution.  In this webinar we will provide an overview of the CaoSys GRC suite and showcase some of its newer features that can be helpful to automate controls.  Register at: https://attendee.gotowebinar.com/register/4664617991482616322

"Identifying and Monitoring Multi-Platform and Cross-Platform Access Control Risks” will be held at two times on Wednesday, July 26 – 7 am. EST and Noon EST. 

Most organizations have multiple software applications to help run their business.  Often there are several ERP and legacy applications that are considered in-scope from a compliance perspective.  Hear from industry expert, Jeffrey T. Hare, CPA CISA CIA about common cross-platform and multi-platform control risks and how organizations can mature their control environment through necessary manual controls, automated controls, and access controls.  Webinar held in conjunction with SafePaas.  Register at: https://register.gotowebinar.com/rt/5153873178082543873

ERP Risk Advisors Announces Oracle Advanced Controls Premier Support

ERP Risk Advisors Announces Oracle Advanced Controls Premier Support

As most customers are aware Oracle announced an end to the continued development of its Advanced Controls Suite and the end of Premier Support as of September 2016 (See MOS Note: 2143036.1). Oracle has been developing a replacement known as the Risk Management Cloud which is still in its early versions.   

This change in strategy has left its customers in a difficult position since the applications in Oracle’s GRC Advanced Controls Suite are considered critical to meet their compliance requirements.  

 Many of these same customers have also had less than perfect implementations and incomplete SoD conflict and Sensitive Access rules.  This has led to a lack of reliance on the tools by their external auditors and an inadequate coverage of risk. 

ERP Risk Advisors has historically been focused on the implementation of a competitive product in this space from CaoSys and has built the premier content library and accompanying risk advisory services. 

The transition within the Oracle GRC space has allowed ERP Risk Advisors to hire some high quality resources and so we are pleased to announce a premier support program for customers currently using Oracle's Advanced Controls Suite. 


For those customers that want to continue using Oracle's Advanced Controls Suite, we will offer remote GRC Admin services to allow you to enhance or maintain your reliance on your solution.  To start the engagement, we will perform an assessment and provide you a roadmap.  In most organizations we will be able to perform the assessment in a week. Our core support offering will primarily focus on AACG and CCG, but could also include PCG and TCG.  If you haven't licensed PCG or haven't implemented it, we believe we can implement preventive controls (albeit manual) during your provisioning process to help keep your environment clean.  We will also help you leverage the data from AACG to perform your quarterly re-certification process at the Supervisor and Process Owner levels.

The engagement would start with an initial assessment and will include:

1. Infrastructure health check to include the patch level related to each of your Oracle Advanced Controls licensed products.
2. Evaluation of the completeness of the SoD and Sensitive Access rules
3. Review of your configuration of each of the modules - primarily AACG and CCG
4. Discussions with management as to how much reliance has been placed on the software and related business processes in your external audits
5. Review of key SQL scripts to evaluate your role design from a 10,000 foot level
6. Review of the results of key rules, if implemented already, that all auditors are currently evaluating
7. Review of a limited set of critical configurations such as Journal Sources and Profile Option Values
8. An evaluation of your patch level related to each of your licensed Advanced Controls solutions that are being used

The deliverables for the engagement would include:

1. In some cases, we'll be able to finalize the identification of what should be considered in scope rules.  Usually within a limited engagement we can get to 90+% accuracy, but often it requires a meeting with the external auditors to validate to get to the 100% level.  This is the key deliverable that most GRC consulting firms haven't been able to deliver, but ERP Risk Advisors can deliver with excellence.
2. High level feedback on role design - where we see risk in the usage of seeded Menus, seeded Request Groups, seeded Responsibilities, and seeded Users
3. An evaluation of the current SoD conflicts and Sensitive Access rules as to their completeness and accuracy.  We will identify the significant gaps when compared to what we anticipate would be the expectations of your audit firm.
4. A roadmap for maturing your user provisioning process and the re-certification process
5. A roadmap for updating your rules library to be complete and accurate as well as mapped to your auditors requirements
6. This engagement may also include some specific feedback on Sensitive Access rules and SoD conflicts depending on the quality and completeness of your current rule set.
7. Recommendations on patching your Advanced Controls modules, as needed, and where justified

Once we perform our initial assessment, we would be in a position to offer premium support for your Oracle GRC Advanced Controls suite.  Our support would be tailored to your organization's requirements, but would include the following as our core offering:

1. All service requests (SRs) surrounding the Oracle GRC Advanced Controls Suite.
2. Updating your rules library to include more risks - up and to including our full risk library. Adding additional risks from our library as we identify them.  
3. A comprehensive remediation plan with prioritization based on risk and scoping based on level of effort
4. Identifying SoD conflicts and Sensitive Access Risks introduced since the prior quarter for management's review and disposition
5. Developing reports with the detail for a comprehensive quarterly access review process for Supervisors (at the role level) and Process Owners (at the rule level for the key in-scope rules)
6. Implementation of changes to current roles and development of new roles required (still using Responsibilities, not User Management) as time permits
7. Revisiting and updating the roadmap to present to senior management

In addition to the above, we could also provide the following services as a supplement to our core offerings:

1.      Auditing changes to the objects related to roles (Roles, Responsibilities, Menu, Request Groups) to evaluate completeness and accuracy of the change management process

2.      Identifying whether any of the in scope reports have been changed in the last quarter (period) so that the process owners know they need to re-test the completeness and accuracy of the reports (as is now being required by the public accounting firms and the PCAOB)

3. Auditing changes to other configurations that should be subject to the change management process (scope tbd)
4. Auditing the completeness and accuracy of the approvals related to the User Provisioning process

If you are interested in discussing these services with us, please use our Contact page and we'll get back to you as soon as possible.

Regards,

Jeffrey T. Hare, CPA CISA CISA
CEO

Sam Monarch

Oracle GRC Practice Lead

ERP Risk Advisors now support's Oracle Advanced Controls Suite

ERP Risk Advisors now support's Oracle Advanced Controls Suite

ERP Risk Advisors has hired a new highly-qualified resource that knows Oracle’s Advanced Controls suite very, very well.  We can now bring to our clients the most comprehensive risk-based rules matrix in the market for use with the AACG module.  Our rule set includes nearly 1,900 Functions and nearly 1,500 Concurrent Programs identified with specific risks documented for each one.

Sam Monarch has been hired to head up our Oracle GRC software practice.  Sam has over 12 years’ experience with Oracle’s GRC software and over 20 full cycle implementations.

We can help you prepare for your external audits by helping to scope the Sensitive Access and Segregation of Duties rules that relevant to your organization.  We can also implement GRC software to help you monitor these risks from top software providers like CaoSys and now can offer you similar services if you’ve made the investment in Oracle’s Advanced Controls suite.

Please keep us in mind for your Oracle GRC software needs, now including services for Oracle’s Advanced Controls suite.

Contact us at http://erpra.net/contactus.html if you are interested in hearing more about our services offerings.

Regards,

Jeffrey T. Hare, CPA CISA CIA

CEO, ERP Risk Advisors