CaoSys and ERP Risk Advisors Announce Preventive Provisioning for Free for E-Business Suite Users
CaoSys and ERP Risk Advisors is pleased to announce a”Preventive Provisioning for Free” offering for organizations using Oracle E-Business Suite.
“We recognize that some organizations are using cloud and client/server software packages that can’t restrict access to segregation of duties conflicts and sensitive access risks” says ERP Risk Advisors CEO, Jeff Hare, CPA CIA CIA.“The goal is not just to identify who has this access, but to block new users from getting them in the future or at least to have them go through an approval process where mitigating controls would be documented”
CaoSys offers the best in breed solution CS*Comply as part of its overall GRC software suite.CS*Comply is the most commonly implemented application in its broad package of solutions that address many other compliance needs.
“We have paired our best in class solution, CS*Comply, with a rapid implementation by our key partner, ERP Risk Advisors, to be able to bring this offering to the market” says CaoSys CEO Craig O’Neill.“We are excited to be able to provide organizations who have chosen competitive products with the opportunity to enhance their controls by using CS*Comply’s preventive control features.”
CS*Comply allows an organization to put individual segregation of duties (SoD) conflicts and sensitive access rules in either PREVENT or APPROVE mode.PREVENT mode would block the access and is often used for high risk SoD conflicts such as the ability to Enter Purchase Orders and Enter Goods Receipts.PREVENT mode is also used to block access in Production to sensitive access risks such as forms that allow SQL injection or that allow General Ledger balances or journal entries to be purged.APPROVE mode submits the conflict or risk to a risk owner or process owner that can evaluate if the user being granted the access is appropriate.The APPROVE mode is used in cases where certain sensitive access risks such as the ability to maintain user role assignments or enter suppliers is appropriate for the user to which the assignment is being made.
CaoSys and ERP Risk Advisors will implement and support CaoSys’ CS*Comply module, which contains the preventive controls in PREVENT or APPROVE mode, for the cost that organizations are currently paying for their cloud provider or client/server software provider on an annual basis.**
Jeffrey Hare, CPA CIA CISA is the founder and CEO of ERP Risk Advisors. His extensive background includes public accounting (including Big 4 experience), industry, and Oracle Applications consulting experience. Jeffrey has been working in the Oracle Applications space since 1998 with implementation, upgrade, and support experience. Jeffrey is a Certified Public Accountant (CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal Auditor (CIA).