ERP Risk Advisors is pleased to provide our clients with unparalleled expertise with the following services:

Audit Support as a Service for E-Business Suite and ERP Cloud:
We provide data for internal and external auditors to help audit Oracle's E-Business and ERP Cloud applications that provides the following:
  • Test access controls and role design by evaluating sensitive access risks and segregation of duties conflicts
  • Evaluate control design by:
  • reviewing the actual configurations verses expected configurations
  • considering ‘best practice’ configuration design as provided by ERP Risk Advisors
  • Test change control processes by having a population of IT and functional configurations throughout the most commonly used ‘in scope’
    modules and the core applications
Details can be found here.

Oracle E-Business Suite GRC Health Check
This Level I Assessment covers a broad array of best practices noted in the book Oracle E-Business Suite Controls: Foundational Principles written by
Jeffrey T. Hare, CPA CISA CIA.
 Details can be found here.  

Oracle ERP Cloud GRC Health Check
This Level 1 Assessment covers a broad array of best practices.  Detail about this service can be found here.

GRC Software Acquisition and Implementation Services for Oracle E-Business Suite, ERP Cloud, and PeopleSoft
  • Risk Management Cloud for ERP Cloud - including Financial Reporting Compliance (FRC), Advanced Access Controls (AAC), and Advanced
    Financial Controls (AFC) - strategic partnership for Oracle's ERP Cloud software
  • CaoSys - CS*Comply, CS*Audit, CS*Provisum (AAP), CS*Provisum (PAR), CS*License, CS*Lookback, CS*Rapid, CS*Impact - strategic
    partnership for Oracle's E-Business Suite software
  • Advanced Controls – Advanced Access Controls Governor (AACG), Configuration Controls Governor (CCG), Preventive Controls Governor
    (PCG), Transaction Controls Governor (TCG) for Oracle’s E-Business Suite software
  • Smart ERP – SoD and sensitive access monitoring for Oracle’s PeopleSoft software
Request for Proposal / Request for Information development for the following requirements:
  • SOD / sensitive access risk monitoring and remediation
  • Industry leading  SoD / sensitive access rule set
  • Advanced audit trail development – trigger / logs
  • User and role re-certification / access reviews
  • Continuous Controls Monitoring
  • Sensitive data monitoring and protection
  • License analysis

We are partners with various industry leading software providers.  
Contact us for a list of software providers for E-Business Suite, ERP Cloud, and

Application Security / Role Design Services for Oracle E-Business Suite, ERP Cloud, or PeopleSoft
  • Upgrade security – application security and role design as part of upgrade
  • Implementation security – application security and role design as part of implementation

Managed Services for GRC software
Allow us to manage your GRC software providing the following services:
  • Rule development and upgrades - SoD and Sensitive access rules
  • CaoSys GRC administration for E-Business Suite
  • Oracle Advanced Controls Suite - AACG and CCG administration for E-Business Suite
  • Risk Management Cloud including Advanced Access Controls for ERP Cloud
  • Remote admin for GRC software that you choose.  Experienced with a variety of software for E-Business Suite, ERP Cloud, and PeopleSoft.
  • Generating reports for controls testing
  • Controls testing on behalf of management
  • Generating reports and facilitating re-certification of users and roles

Pre-Implementation Services
Project Audit Services – independent of Project Management Office
  • Implementation Audit
  • Upgrade Audit
Project Quality Assurance Services - integrated with Project Management Office
  • Implementation QA Service
  • Upgrade QA Service
Security Design Services
  • Upgrade security – application security only or full security
  • Implementation security – application security only or full security

Post-Implementation Services
  • Change management process design
  • Control design review
  • Control operating effectiveness audit or review

Assessment Services – Pre- or Post-Implementation
  • Application security design review – implementation or upgrade
  • Segregation of duties design review – implementation or upgrade
  • Change management effectiveness – patch, configuration, security, development
  • Privileged user access monitoring
  • Program effectiveness review
  • Best practices assessment – compliance with Oracle’s published best practices for Securing your E-Business Suite
  • Sensitive data identification and classification

Training Services
Internal controls and security training for (CPE offered) for:
  • Internal audit
  • IT staff
  • Functional users
  • Combined teams

Contact Us
If you are interested in any of the above offerings, contact us here.
Other links:
About Us