Oracle's E-Business Suite offers a wide variety of applications which require specific audit programs. Auditors and those implementing and supporting Oracle's E-Business Suite need actionable information about the associated risks and controls.
This course is available on-site at your location, or offered through open enrollment in San Francisco,CA.
This foundational three-day course will take you from a basic understanding to an intermediate understanding of application risks and controls for the most commonly implemented applications along with the elements common to all implementations. We will delve deeply into application security and other IT general controls and provide you with a several SQL queries frequently used in assessments.
This course is available on-site at your location, or offered through open enrollment 7/13/20 - 7/17/20.
Learning Objectives
- Oracle Overview, technical architecture overview, presentation layer, application layer, database layer, impact on change control,
- Common Elements and Modules, key flexfields, descriptive flexfields, values sets, security rules, cross-validation rules, system profile options, user profile options,
- Organization Structure, business groups, ledgers/sets of books, legal entities, operating units, inventory organizations,
- Master Data Overview, item master, customer master, supplier master, bank master,
- Building a Proper Audit Trail, audit trail deficiencies, why an audit trail, audit trail technologies, building a proper audit trail, what to audit,
- Oracle Security Basics, users, roles and responsibilities, menus, request groups, security profiles, global security profiles, organization access, role-based security,
- Application Security Best Practices, sensitive data, privileged users, SQL forms risks and controls,
- Change Management Best Practices for Oracle E-Business Suite, object-oriented development change management, security change management, patch change management, configuration change management,
- Designing and Auditing Application Controls, types of application controls, IIA guidance, overriding application controls, benchmarking
- Best Practices for Protecting Sensitive Data, statutory requirements, typical sensitive data, identifying and classifying sensitive data, impact on application security, impact on database security, ways to secure data - application and database technologies, impact on change management process and SDLC
- General Ledger: Risks and Controls, key configurations, key transactions, key risks, key controls, key segregation of duties
- Assets: Risks and Controls, key configurations, key transactions, key risks, key controls, key segregation of duties
- Cash Management: Risks and Controls, key configurations, key transactions, key risks, key controls, key segregation of duties
- Procure to Pay: Risks and Controls, key configurations, key transactions, key risks, key controls, key segregation of duties
- Order to Cash: Risks and Controls , key configurations, key transactions, key risks, key controls, key segregation of duties
- Inventory: Risks and Controls , key configurations, key transactions, key risks, key controls, key segregation of duties
- Hire to Termination:Risk and Controls, key configurations, key transactions, key risks, key controls, key segregation of duties