Sarbanes-Oxley and control design best practices require access controls be tested for every in-scope ERP system within an organization’s Risk and Control Matrix (RACM). While this may not be the standard for external auditors, let...
ERP Cloud Custom Role Offerings First, ERP Risk Advisors will be formally announcing our fixed price offering of custom roles for ERP Cloud at the Ascend conference in Las Vegas next month. If you are coming...
Despite having been in the Oracle applications space for over 20 years it is still a mystery to me what external auditors do or don’t do in their audit. Recently on vacation I ran into...
UK Police Department using ERP Cloud given “Significant Deficiency” by Grant Thornton partially due to “Segregation of Duties” issues and system accounts. Read full article here From the article (emphasis added): “The commissioner's Audit Advisory Committee report...
ERP / HCM Cloud allows users to delegate their workflow approval authority to others. This can be permanent or on a temporary basis, referred to as Vacation Rules. In this video, we will present the four ways...
In this video we will talk about how to properly security Audit Policy configurations. The ability to maintain Audit Policies can be found in three seeded roles as of patch level 20B. It is critical...
In working with our customers on Oracle ERP Cloud projects we have been working hard to enter Service Requests, get Enhancement Requests, and post ideas in the Ideas Lab. The goal is to identify key...
ERP Cloud allows you to delete a User, even after the account has been used to enter or modify data. In this video, we will explore the impact on the Audit Trail of deleting such...
Password controls 101… when setting up a new user or resetting a password for an existing user, the system does NOT require the User to change their password. This is either a bug or a...
Perhaps the most important control organizations implement is the control related to the review and approval of journal entries. Most organizations using ERP Cloud implement the journal approval workflow to help automate the control. In...
Greeley, Colorado, May 21, 2020 – Today, we are introducing ERP Armor: Reports. The heart of ERP Armor is the identification and management of risk in a customer’s ERP Solution. ERP Armor blends a proven ERP...
For organizations running ERP Cloud, Audit Policies form the foundation of your control. In this video, we will be discussing the bug and two critical enhancements that are needed: https://www.youtube.com/watch?v=kYs2fZLK9Ww We offer an OTBI report to help...
Perhaps the most important control organizations implement is the control related to the review and approval of journal entries. Most organizations using ERP Cloud implement the journal approval workflow to help automate the control. The...
Oracle allows some roles to assigned to a User to be delegated to another user without having to go through the approval process. This would allow an assignment of a role that all organizations would...
One challenge of User Administration is providing a User with the ability to inquire on data in some forms and provide them update abilities in other forms. There are no seeded roles that provide that...
All organizations running ERP Cloud should be concerned about fraud. The Association of Certified Fraud Examiners’ 2018 Report to the Nation identifies that 89% of fraud is misappropriation of assets such as fraudulent disbursements. Check and payment tampering represent 12% of all fraud and...
Greeley, Colorado, April 9, 2020 – The heart of ERP Armor is the identification and management of risk in a customer’s ERP Solution. ERP Armor blends a proven ERP Risk Architecture with ERP Risk Content developed...
Last week I wrote a blog talking about how the System Implementation industry is biased against a “Complete and Secure” implementation. This week I’d like to address another elephant in the room – institutional bias...
Greeley, Colorado, April 2, 2020 – ERP Risk Advisors, a practical thought leader for managing ERP Risk, providing content and consulting services related to compliance, security, risk management, and controls, today introduces ERP ArmorTM as a...
The SI industry is stacked against a ‘complete and secure’ #ERPCloud implementation? SIs don’t win bids by providing a scope that includes controls and role design. Very little, if any, customization of roles is included...
We have recently been sharing our thoughts on LinkedIn on the challenges with Oracle ERP Cloud role design. The majority of implementations go live with purely seeded roles. There is an assumption that seeded roles...
Greeley, Colorado, April 5, 2019 – ERP Risk Advisors, a practical thought leader for managing ERP Risk, providing content and consulting services related to compliance, security, risk management, and controls, today introduces ERP ArmorTM ,...
Two Day Training Class: Auditing Oracle's® Fusion ERP Cloud Application Is your company using Oracle's Fusion / ERP Cloud apps? Consider joining us for upcoming training from an audit perspective. Auditing Oracle's® Fusion ERP Cloud Application -...
