Why Utilities Diagnostics Should NOT Be In Scope for SOX - ERP Risk Advisors
896
post-template-default,single,single-post,postid-896,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,footer_responsive_adv,hide_top_bar_on_mobile_header,qode-child-theme-ver-1.0.0,qode-theme-ver-16.7,qode-theme-bridge,wpb-js-composer js-comp-ver-5.5.2,vc_responsive
 

Why Utilities Diagnostics Should NOT Be In Scope for SOX

Why Utilities Diagnostics Should NOT Be In Scope for SOX


Why Utilities Diagnostics Should NOT Be In Scope for SOX

The setting of the Utilities: Diagnostics profile option has been a source of scrutiny for our clients over the past few years.  Some auditors have suggested that access in Production allowed by the setting of Utilities: Diagnostics could provide a back-door way to update financially significant data that a user would not be able to maintain through their normal access.  Access this video at: https://youtu.be/5eXzhv7jTpM. 

This testing was done on an R12 environment and the conclusions should not be applied to 11i or prior environments.

Recommended Services from ERP Risk Advisors

We offer an evaluation of Application Controls design effectiveness along with an analysis of the configurations.  This service can be performed typically in one to three weeks.


Since some of these risks need to be evaluated by reviewing access controls, a SaaS service to review role design may also be appropriate.  We perform that service through our partner, CaoSys.


Contact us at erpra.net/contactus.html  for more information about these services or CaoSys GRC solutions if you are interested in learning more.  We offer our Role / Responsibility analysis consutling as a service (CS*Proviso) or via installed software (CS*Comply).  See more about CaoSys GRC solutions at caosys.com.

Appendix A- Screen Shots of how Utilities: Diagnostics works:
Following are a couple of screen shots related to Utilities: Diagnostics:




Jeffrey T. Hare
jhare@erpra.net

Jeffrey Hare, CPA CIA CISA is the founder and CEO of ERP Risk Advisors. His extensive background includes public accounting (including Big 4 experience), industry, and Oracle Applications consulting experience. Jeffrey has been working in the Oracle Applications space since 1998 with implementation, upgrade, and support experience. Jeffrey is a Certified Public Accountant (CPA), a Certified Information Systems Auditor (CISA), and a Certified Internal Auditor (CIA).

No Comments

Post A Comment