AZN Menus Pose Big Risks in EBS – And What to Do About It AZN Menus Background AZN menus were introduced by Oracle around 11.5.3 to help provide a more rapid implementation to the SMB business segment. They provide users with a graphical depiction of a process flow and the ability access the functions directly from the graphical navigation. When an AZN menu is contained in a menu, the […] March 15, 2024
A Revolution of Resovolutions Part of our 2024 Resovolutions is to revolutionize the way organizations identify, manage, and mitigate risk in their ERP systems. Application security design and management risks produce a significant, immature control within organizations. Management knows these risks are often not being managed properly. The benefits seem to outweigh the risks when you consider: The long-term cost […] February 28, 2024
ERP Risk Advisors CEO Comments on the Acquisition of FastPath by Delinea Last week, news broke of the acquisition of FastPath by Delinea. Acquisitions continue to occur at a rapid pace in the IGA/PAM/Application Access Controls software space. There has been significant consolidation over the past few years as these spaces in the industry are converging and maturing. Delinea is a leader in the PAM space. FastPath […] February 26, 2024
User Profile Values Risks and Controls Background: Oracle provides a form to allow users to maintain certain profile options. The form is “Personal Profile Values”, and the function is “Profile User Values”. See an 11i screen shot of the form below: And an R12 version of the same form: This form allows an application user to set profile options to be […] February 19, 2024
ERP Risk Advisors’ 2024 New Years Resolutions [Resovolutions] Everyone loves setting New Year’s Resolutions. Given my history having a heart attack in 2019, I encourage you to set goals arounds eating healthy and consistent exercise (link to January newsletter story). You could say I’ve been around the block a few times, having spent 25+ years in the ERP applications space as a client, […] January 26, 2024
Remediation Recommended – Manage Proxies Configuration Overview: The ability to proxy your access to someone else is active in Production since an upgrade to 12.2.4 of EBS. It may also be available in some 12.1.3 environments where a ATG patch has been applied to backport it. This is functionality that is not desirable and needs to be disabled. Remediation: Remediation can […] January 12, 2024
The Inner Struggle When Reality Hits: How Crisis Impacts Your Faith New Year – New Me…. In the new year, we like to focus on new goals, new aspirations, even “a new me”. But how do you face the new year when life’s inner struggles impact your mind? Having a traumatic, life-changing medical issue changes you and can challenge your faith in God. In March 2019, […] December 28, 2023
ERP Access Controls and Risk Advisory Services – a Cut Above Without the Additional Cost Application Access Controls form the foundation of your control environment in your ERP system. However, these new SaaS systems have become quite complex. And organizations tend not to have a program to develop and manage these controls. This is why more and more organizations are partnering with outside advisory firms to help. So, what are […] November 21, 2023
Bright Light Shines on Massive Failures of External Auditors with “Painful” Consequences The lack of maturity of external auditing procedures is finally attracting more of the attention it deserves. The US’s Public Company Accounting Oversight Board (PCAOB) and the UK’s Financial Reporting Council (FRC) are publicly challenging external auditors to improve their processes. Two Causes for Concern Emerge in One Month In October 2023, two articles emerged […] October 25, 2023