Sarbanes-Oxley and control design best practices require access controls be tested for every in-scope ERP system within an organization’s Risk and Control Matrix (RACM). While this may not be the standard for external auditors, let...
ERP Cloud Custom Role Offerings First, ERP Risk Advisors will be formally announcing our fixed price offering of custom roles for ERP Cloud at the Ascend conference in Las Vegas next month. If you are coming...
Despite having been in the Oracle applications space for over 20 years it is still a mystery to me what external auditors do or don’t do in their audit. Recently on vacation I ran into...
Last week I wrote a blog talking about how the System Implementation industry is biased against a “Complete and Secure” implementation. This week I’d like to address another elephant in the room – institutional bias...
The SI industry is stacked against a ‘complete and secure’ #ERPCloud implementation? SIs don’t win bids by providing a scope that includes controls and role design. Very little, if any, customization of roles is included...
We have recently been sharing our thoughts on LinkedIn on the challenges with Oracle ERP Cloud role design. The majority of implementations go live with purely seeded roles. There is an assumption that seeded roles...
Greeley, Colorado, April 5, 2019 – ERP Risk Advisors, a practical thought leader for managing ERP Risk, providing content and consulting services related to compliance, security, risk management, and controls, today introduces ERP ArmorTM ,...
One of the key controls that organizations often define as part of their ITGCs relates to the identification and monitoring of privileged users. An accurate definition of what is deemed to be a 'privileged user...
The One Function That Could Undermine Your Journal Entry Controls Background: In R12, Oracle dramatically changed their subledger architecture by introducing SLA – Sub-Ledger Accounting Architecture. This change helps to standardize the way accounting is stored...
The One Profile Option That Could Undermine Your Journal Entry Controls Background: Most organizations use ADI (client server version in 11i and prior and web version in R12 and later) to develop and upload Journal Entries (JEs)....
The One Configuration that Could Undermine Your Journal Entry Controls Background: In Oracle there are various seeded (i.e. provided upon installation of the applications) Sources of Journal Entries (JEs). Organizations implementing the application can also define...
Oracle EBS Personal Profile Values Form Time to revisit this topic. This is easy pickins for external auditors to lead to a control deficiency. Take a look back at this topic I posted on last year: https://www.erpra.net/effective-governance-over-profile-option-values-in-oracle-e-business-suite/ This blog...
Why the PCAOB and External Auditors Should be Concerned about Substantive-Only Audits This article is long overdue, but still one I have been dreading to release. I know the audit firms could come under significant additional...
New Webinar and New LinkedIn Group focusing on GRC issues for Oracle’s ERP Cloud software ERP Risk Advisors is excited to present our ERP Cloud Risk Advisory Series. Join us for our first webinar in this...
ERP Risk Advisors to present at OAUG's Risk Week ERP Risk Advisors founder and CEO, Jeffrey T. Hare, CPA CIA CISA, will be presenting at OAUG's risk week. His presentation is titled "ERP Risk Advisors and...
With a new year brings exciting news at ERP Risk Advisors. Happy New Year! We wish you the best for 2018. First, we are pleased to welcome a new member to our team, Donna Curtis, who...
