Professional Documents
Culture Documents
Contents
Introduction ....................................................................................................... 3
Overview ............................................................................................................ 4
Internal Controls ................................................................................................ 5
Segregation of Duties – Manual Review ....................................................... 5
Building an Audit Trail – Standard Audit ....................................................... 7
Data Security.................................................................................................. 8
Improving Internal Controls and Saving Time & Money ................................... 9
Handling SOD with CS*Comply...................................................................... 9
Effective Auditing with CS*Audit ................................................................. 11
Data Segregation with CS*Secure ............................................................... 12
Conclusion ........................................................................................................ 14
The CaoSys Solution Suite ................................................................................ 15
Reviewers:
The author would gratefully like to acknowledge the following who helped review this paper…
Introduction
How can you make something better and yet save your organization
time as well as money?
In this paper we will discuss 3 common GRC related topics that are
applicable to organizations using Oracle E-Business Suite. We will also
demonstrate how you can improve your internal controls while saving
time and money.
This paper is part 1 of 2; our second paper in the “Save Time &
Money” series will concentrate on improving core reporting in Oracle
E-Business Suite while saving time and money.
Overview
Now more than ever organizations are questioning why they should
invest in any software at a time when the global economic climate is
feeling the pinch of a bearish market. During these tough times,
application/data security and accountability are even more crucial.
Electing for what may seem an initially less costly route is more often
than not a false economy since it will not fully meet the business
needs and it will not save time or money.
The decision to invest in application audit tools is often taken too late,
in many cases 2 to 3 years after an organisation has invested heavily
in their enterprise applications. The audit profession should be
insisting that all implementations are supported by suitable audit
/GRC tools as part of the original investment.
Internal Controls
Many organizations try to ease the pain of the audit process and
mitigate risk by implementing a number of solutions, two of the more
common are...
The problem with both of the above is that while they are certainly
better than doing nothing, they don’t solve any part of the problem at
hand. Neither will do a very good job of preventing fraud from taking
place and neither will fully satisfy your auditors that you are taking
the appropriate steps to improve your internal controls. So you will
still be susceptible to fraud and your audit process will still be lengthy
and costly.
At whatever point you determine that an audit trail is needed you will
no doubt explore the built-in audit trail that is part of Oracle E-
Business Suite.
The audit functionality provided out of the box does allow you to
Implementing the
standard audit create an audit trail on any part of the Oracle E-Business Suite but it
functionality within Oracle is lacking in many areas, including (but not limited to)…
EBS is better than no audit
trail but it is lacking in
many areas. It is not fine grained or rule driven. You don’t have control
over exactly what is audited on a given table or when to audit
which can lead to audit overkill which is a major problem in its
own right.
It cannot pull in additional metadata at the time of audit. This
can mean the data captured in the audit trail is not easy to
understand.
It is awkward to use. The user interface is clunky and hard to
use.
Audit reporting is not adequate.
It offers no means to allow you to maintain documentary
evidence against the audit trail of reviews and approvals.
It does not allow for real-time notifications to be sent when a
given audit transaction is generated – no means of pro-active
monitoring.
It does not help you know “what” you audit. There is no pre-
seeded content available for use with the standard audit
functionality.
Data Security
The above features basically allow you to segregate data within the
Oracle E-Business based on some predefined context such as
Organization; or in other words it is a means of ensuring only the
appropriate users can see data that is applicable to them. Also, these
features secure data only when accessed through Oracle EBS, they do
not take into account scenario’s where the data is being accessed
outside of the applications (i.e. through tools such as SQL*Plus, TOAD,
Discovers, custom applications).
However, Oracle E-Business Suite does not come with any generic
means of implementing your own data segregation, data hiding
internal controls. As such when you need to segregate data based on
some other context then you have no choice but to look for an
alternative solution.
“So how does the CaoSys Solution Suite help us improve our internal
controls?”
“Okay great, so you can improve our internal controls but in the
current economic climate how can you help our organization save
time and money?”
The CaoSys Solution suite consists of several modules all designed and
built specifically for Oracle E-Business Suite. Those modules related to
CS*Applications is SOD, audit and security are…
available for Oracle
EBS 11i and R12.
CS*Comply Segregation of Duties (SOD)/Access Controls
CS*Audit For building an effective audit trail
CS*Secure Data segregation/hiding based security controls
We will now take a quick look at each of these modules to see how
your internal controls can be greatly improved as well as how you
save time and money.
Not only can CS*Comply help you report on where all your SOD
conflicts are, it can also help you prevent new conflicts from being
When considering the total cost of ownership, you need to take into
account every aspect of what a given solution requires, from software
licensing, to hardware requirements to training requirements, to
installation to implementation and on-going support. CS*Comply can
help ensure that the TCO is kept down through…
Reduced implementation
There could be many reasons why you need to segregate or hide your
data within Oracle E-Business Suite, these could include…
Conclusion
The CaoSys Solution Suite offers cost and time effective solutions to
all of these issues as well as offering various other productivity
solutions that can also save a great deal of time and money.
Email: info@CaoSys.com
Website: www.CaoSys.com
Copying in any form is strictly prohibited without prior written consent of CaoSys Limited.
Various product and service names mentioned are trademarks of CaoSys Limited. Oracle and Oracle E-Business Suite are trademarks or registered
trademarks of Oracle Corporation. Any other names are used for references only and may be trademarks of their respective owners.