Another Elephant in the Room: “Institutional Bias” in the External Audit Community Last week I wrote a blog talking about how the System Implementation industry is biased against a “Complete and Secure” implementation. This week I’d like to address another elephant in the … April 7, 2020
The SI industry is stacked against a ‘complete and secure’ ERP implementation The SI industry is stacked against a ‘complete and secure’ #ERPCloud implementation? SIs don’t win bids by providing a scope that includes controls and role design. Very little, if any, customization of … April 2, 2020
ERP Armor™ as a Service Press Release Greeley, Colorado, April 2, 2020 – ERP Risk Advisors, a practical thought leader for managing ERP Risk, providing content and consulting services related to compliance, security, risk management, and … April 1, 2020
ERP Cloud Role Design in 2020 We have recently been sharing our thoughts on LinkedIn on the challenges with Oracle ERP Cloud role design. The majority of implementations go live with purely seeded roles. There is an assumption … March 27, 2020
ERP Armor™ Press Release Greeley, Colorado, April 5, 2019 – ERP Risk Advisors, a practical thought leader for managing ERP Risk, providing content and consulting services related to compliance, security, risk management, and … April 4, 2019
Oracle E-Business Suite: SQL injection risk One of the key controls that organizations often define as part of their ITGCs relates to the identification and monitoring of privileged users. An accurate definition of what is deemed to be a ‘privileged user ‘ is … January 30, 2019
The One FUNCTION That Could Undermine Your Journal Entry Controls In R12, Oracle dramatically changed their subledger architecture by introducing SLA – Sub-Ledger Accounting Architecture. This change helps to standardize the way accounting is stored and transferred to … November 9, 2018
The One PROFILE OPTION That Could Undermine Your Journal Entry Controls Most organizations use ADI (client server version in 11i and prior and web version in R12 and later) to develop and upload Journal Entries (JEs). The JEs are subject to ‘manual’ journal entry controls … October 29, 2018
The One CONFIGURATION That Could Undermine Your Journal Entry Controls Background: In Oracle there are various seeded (i.e. provided upon installation of the applications) Sources of Journal Entries (JEs). Organizations implementing the application can also define more … October 22, 2018