EBS System Administrator View-Only Creation I’ll keep my message short and simple: below is everything you need to know about EBS System Administrator view-only creation. For assistance or clarification, please reach out to me. Step 1: Create the Following View-Only Functions Start with the following view-only functions: ***Change ABC_ to the proper naming convention for your organization. Each function […] April 8, 2024
AZN Menus Pose Big Risks in EBS – And What to Do About It AZN Menus Background AZN menus were introduced by Oracle around 11.5.3 to help provide a more rapid implementation to the SMB business segment. They provide users with a graphical depiction of a process flow and the ability access the functions directly from the graphical navigation. When an AZN menu is contained in a menu, the […] March 15, 2024
User Profile Values Risks and Controls Background: Oracle provides a form to allow users to maintain certain profile options. The form is “Personal Profile Values”, and the function is “Profile User Values”. See an 11i screen shot of the form below: And an R12 version of the same form: This form allows an application user to set profile options to be […] February 19, 2024
Remediation Recommended – Manage Proxies Configuration Overview: The ability to proxy your access to someone else is active in Production since an upgrade to 12.2.4 of EBS. It may also be available in some 12.1.3 environments where a ATG patch has been applied to backport it. This is functionality that is not desirable and needs to be disabled. Remediation: Remediation can […] January 12, 2024
ERP Access Controls and Risk Advisory Services – a Cut Above Without the Additional Cost Application Access Controls form the foundation of your control environment in your ERP system. However, these new SaaS systems have become quite complex. And organizations tend not to have a program to develop and manage these controls. This is why more and more organizations are partnering with outside advisory firms to help. So, what are […] November 21, 2023
Oracle E-Business Suite: SQL injection risk One of the key controls that organizations often define as part of their ITGCs relates to the identification and monitoring of privileged users. An accurate definition of what is deemed to be a ‘privileged user ‘ is … January 30, 2019
The One FUNCTION That Could Undermine Your Journal Entry Controls In R12, Oracle dramatically changed their subledger architecture by introducing SLA – Sub-Ledger Accounting Architecture. This change helps to standardize the way accounting is stored and transferred to … November 9, 2018
The One PROFILE OPTION That Could Undermine Your Journal Entry Controls Most organizations use ADI (client server version in 11i and prior and web version in R12 and later) to develop and upload Journal Entries (JEs). The JEs are subject to ‘manual’ journal entry controls … October 29, 2018
The One CONFIGURATION That Could Undermine Your Journal Entry Controls Background: In Oracle there are various seeded (i.e. provided upon installation of the applications) Sources of Journal Entries (JEs). Organizations implementing the application can also define more … October 22, 2018
Why Personal Profile Values Form Needs to be Removed Time to revisit this topic. This is easy pickins for external auditors to lead to a control deficiency. Take a look back at this topic I posted on last year: Example 1: The ability to apply or remove Personalizations can be overwritten by the User. October 12, 2018
New Audit Support as a Service for Oracle EBS ERP Risk Advisors announces new Audit Support as a Service offerings for Oracle’s E-Business Suite and ERP Cloud applications. ERP Risk Advisors is pleased to announce two new Software as a Service (SaaS) offerings for Oracle’s ERP applications – E-Business Suite and ERP Cloud. July 3, 2018