27 Mar ERP Cloud Role Design in 2020
We have recently been sharing our thoughts on LinkedIn on the challenges with Oracle ERP Cloud role design. The majority of implementations go live with purely seeded roles. There is an assumption that seeded roles have been designed with Security and Compliance in mind, which is not the case. We have learned it is best not to assume things. That is why we offer a strong Assessment phase before we design or re-design roles in ERP Cloud. The following is a list of reasons you will need to move from seeded to custom roles:
- Most seeded roles have high risk privileges that need to be removed.
- Many seeded roles have inherent SoD issues in them.
- Upgrades will automatically add privileges that may not be appropriate for all users and that may cause SoD issues.
- ERP Cloud quarterly updates are mandatory and cannot be delayed. Most organizations do not have an effective way of identifying SoD and SA issues caused by upgrades.
- The use of seeded roles and hybrid roles will put your organization at risk for fraud and compliance issues.
- Access for IT based on the principle of least privilege cannot be built without custom roles.
- View only access cannot be provided without custom roles.
- There is no inherent ability to do lookback procedures, required by the PCAOB, when elevated access is granted to a user.
ERP Risk Advisors offers a comprehensive Risk Assessment for Oracle EBS and ERP Cloud customers, looking at both role design and Segregation of Duties and Sensitive Access violations using ERP Armor. ERP Armor is the most comprehensive ruleset in the industry for assessing risk. We are offering our most popular component – Fraud Risk Assessment – at no charge in the months of March and April.
ERP Risk Advisors also offers services for design, build, and maintenance for both EBS and ERP Cloud. One essential offer is the Patch Impact Analysis for ERP Cloud, analyzing the impact of your current role design before and after the quarterly patch from Oracle.
Please follow us on Linked In and contact us at firstname.lastname@example.org to learn more about these offers.