Critical FedRamp Enhancements Needed by Oracle for ERP / HCM Cloud Oracle ERP / HCM Cloud is an evolving suite of applications. Most organizations considering implementing ERP/HCM Cloud probably believe the “foundation” of the applications is solid. Unfortunately, that is still not the case. We currently track over 200 enhancement requests that we and others have submitted. There are some significant gaps for public and private […] July 9, 2024
ERP Access Controls and Risk Advisory Services – a Cut Above Without the Additional Cost Application Access Controls form the foundation of your control environment in your ERP system. However, these new SaaS systems have become quite complex. And organizations tend not to have a program to develop and manage these controls. This is why more and more organizations are partnering with outside advisory firms to help. So, what are […] November 21, 2023
Financial Fiasco: Birmingham City Council Takes Center Stage Once Again Birmingham City Council are once again in the news, and given the severity of the financial situation, it will once again highlight the significant overspend for the failed ERP Cloud implementation. This news is hard to see since ERP implementations typically do not end with massive cost overruns and are not necessarily considered a “failure”. […] September 27, 2023
ERP Risk Advisor’s CEO comments on MGM Resort’s Cyber Attack Our CEO, Jeff Hare, CPA CIA CISA Comments on the MGM Resorts Cyberattack Sadly, we see another significant, and successful cyberattack with MGM Resorts being the latest victim. What we understand from the information available, is the breach could have a material impact on the company’s financial results. Additionally, this is the first major corporate […] September 15, 2023
Are Auditors Looking at Privileges that Allow a User to Override / Bypass Workflows? Despite having been in the Oracle applications space for over 20 years it is still a mystery to me what external auditors do or don’t do in their audit. Recently on vacation I ran into an IT auditor from a big … September 9, 2021
ERP Cloud: Cheshire Police UK Police Department using ERP Cloud given “Significant Deficiency” by Grant Thornton partially due to “Segregation of Duties” issues and system accounts. May 26, 2021
ERP Cloud: Delegation of Workflow Approvals ERP / HCM Cloud allows users to delegate their workflow approval authority to others. This can be permanent or on a temporary basis, referred to as Vacation Rules. In this video, we will present the four … November 17, 2020
ERP Cloud: Securing Audit Policies In this video we will talk about how to properly security Audit Policy configurations. The ability to maintain Audit Policies can be found in three seeded roles as of patch level 20B. It is critical that none … July 21, 2020
ERP Cloud: Updates on Enhancements for Security and Compliance In working with our customers on Oracle ERP Cloud projects we have been working hard to enter Service Requests, get Enhancement Requests, and post ideas in the Ideas Lab. The goal is to identify key … June 9, 2020
ERP Cloud – Impact of Deleting a User on the Audit Trail ERP Cloud allows you to delete a User, even after the account has been used to enter or modify data. In this video, we will explore the impact on the Audit Trail of deleting such as User. June 5, 2020
ERP Cloud: The Subledger Accounting Privileges that Could Undermine your Journal Entry Control Design Perhaps the most important control organizations implement is the control related to the review and approval of journal entries. Most organizations using ERP Cloud implement the journal … May 26, 2020
ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords Password controls 101… when setting up a new user or resetting a password for an existing user, the system does NOT require the User to change their password. This is either a bug or a major … May 23, 2020
ERP Cloud: Possible bug with SOA Suite and Two Critical Enhancement Requests For organizations running ERP Cloud, Audit Policies form the foundation of your control. In this video, we will be discussing the bug and two critical enhancements that are needed: May 19, 2020
ERP Cloud: The One Configuration that Could Undermine your Journal Entry Control Design Perhaps the most important control organizations implement is the control related to the review and approval of journal entries. Most organizations using ERP Cloud implement the journal … May 12, 2020
ERP Cloud: Delegation of Roles – and Bypassing the User Provisioning Process Oracle allows some roles to assigned to a User to be delegated to another user without having to go through the approval process. This would allow an assignment of a role that all organizations … May 7, 2020
ERP Cloud: Setting up a Read Only User One challenge of User Administration is providing a User with the ability to inquire on data in some forms and provide them update abilities in other forms. There are no seeded roles that provide … April 28, 2020
One of the Most Significant Fraud Risks for Organizations Using ERP Cloud All organizations running ERP Cloud should be concerned about fraud. The Association of Certified Fraud Examiners’ 2018 Report to the Nation identifies that 89% of fraud is misappropriation of assets … April 21, 2020
The SI industry is stacked against a ‘complete and secure’ ERP implementation The SI industry is stacked against a ‘complete and secure’ #ERPCloud implementation? SIs don’t win bids by providing a scope that includes controls and role design. Very little, if any, customization of … April 2, 2020
ERP Cloud Role Design in 2020 We have recently been sharing our thoughts on LinkedIn on the challenges with Oracle ERP Cloud role design. The majority of implementations go live with purely seeded roles. There is an assumption … March 27, 2020
ERP Cloud: Certified Resources for Risk Management Cloud ERP Risk Advisors is pleased to announce a second of our resources is certified on the Financial Reporting Compliance (FRC) module of the Risk Management Cloud. Donna Curtis was one of the first … April 17, 2018