Access Controls

We understand the key access control challenges faced by organisations using Oracle E-Business Suite include:

 

  • Access controls are very difficult to report from Oracle E-Business Suite – there is no report to list users with a particular high risk privilege, such as amending supplier bank accounts
  • There are more than 35,000 privileges available, with no documentation of what is high risk
  • Understanding which of these privileges conflict with each other requires expert knowledge of auditing approaches and how these apply in Oracle E-Business Suite
  • Segregation of duties tools typically require significant and costly installations including both software licenses and additional hardware

 

This is why we offer on site consulting services to help you design and implement best practice access controls into both Oracle and supporting administration processes, along with our unique and bespoke Access Analytics – segregation of duties service.

Systems Risk Services Access Analytics – segregation of duties Service Features

 

  • Reporting of users and their access to high risk privileges
  • Reporting of users and their access to conflicting business process privileges
  • Highlighting where users have been granted privileges intentionally or through unexpected Oracle loopholes such as the Processes tab or Subledger Journal entries
  • Reporting of Oracle Responsibilities and their privileges, including highlighting those that have high risk or unsegregated access

Systems Risk Services Access Analytics – segregation of duties Service Benefits

 

  • Summarised matrices allow organisations to focus on higher risk findings, rather than all possible access
  • Descriptions for access conflicts are shown as business process activities, not complex Oracle form names
  • Cross process conflicts are considered, such as between Purchasing and HR approvals
  • Highlighting access gained through loopholes provides insight into the organisation’s security awareness and training needs