SlideShare a Scribd company logo

FulcrumWay - Implement Effective Access Controls within your Oracle ERP System

Download as PPTX, PDF
F
FulcrumWay

This was presented on Feb. 19, 2014 in FulcrumWay's monthly Webinar sessions, which occur on the 3rd Tuesday of every month. Anyone may attend, just go to http://www.fulcrumway.com/events/upcoming-events for details. Hope to see you there!! This presentation addresses: Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study

Technology
1 of 37
Earn Admiration and Love from your CIO and CFO! Implement Effective Access Controls within your Oracle ERP System A Leader in Risk Based Enterprise Controls Management Solutions Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics Webinar – February 19th , 2014 Adil Khan Managing Director Leverage Technology: Move Your Business Forward™ Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright ©. Fulcrum Information Technology, Inc.
Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A Page 2
Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A Page 3
FulcrumWay A Leader in Risk Based Controls Management™ FulcrumWay: is the #1 End-to-End Provider of Risk Based Enterprise Controls Management Solutions for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Advanced Controls, GRC Manager, and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services Software Services: Risk Assessment for ERP systems, Control Design and Management Tools, Controls Catalog, Enterprise Risk Manager, Financial Reporting Manager, Audit Manager USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Auckland, Chennai, Johannesburg, London, Mexico City Page 4
Successful Track Record Government Communications Media/Entertainment FulcrumWay Clients Oil and Gas Financial Services Transportation Manufacturing Healthcare High Tech Page 5 Retail Natural Resources Life Sciences
FulcrumWay™ Insight Proven Expertise Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications Executive Round Tables – GRC Solutions for Energy Industry, Houston, November 2012 OAUG GRC Solution Lab - April 7th – 11th Denver: GRC Case Studies and Best Practices IIA - Presentations - Top Five Reasons for Automating Application Controls Collaborate 14 – GRC Client Appreciation Dinner April 9th , 2014 Las Vegas Webcasts – GRC Best Practices, Trends and Expert Insight Oracle Open World – Annual GRC Dinner on September 23rd , 2014 W Hotel San Francisco LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less Page 6
Top Challenges Access Management Challenges for CIO and CFO ERP Roles need significant changes to meet requirements Access to sensitive data is not protected No audit trail on ERP configuration controls User provisioning does not prevent control violations Segregation of Duty controls are deficient Can not prevent unauthorized Master Data changes Super User activity in not monitored Periodic user Certification is not reliable Terminated employees have access to ERP Page 7
Top Challenges Key Factors impacting Access Control Complexity of ERP System Security Model – An average Oracle EBS R12 customer has over 35,000 functions and 12,500 menus Effectiveness Roles Design – Single Global Roles Template or wide variation based on user needs Completeness of User Provisioning Process – Does user provisioning process include control warnings for approvers? Auditability of ERP Configuration and Data Access – Can you track ALL changes to key setup and or master? Number of ERP environments – Do you need to control access to multiple ERP systems?
Top Challenges Complicated Security Model High Risk of Access Control Deficiencies
Complicated Security Model High Risk of Access Control Deficiencies Top Challenges Evaluate User Access • Test by User • Test by Privilege User Responsibility Menu Manage Segregation of Duties • Identify incompatible Privileges • Predefined & Extensible SOD Rule Sets Function Form
Top Challenges Root Cause Analysis is required for remediation! ERP Security Management is a permutation problem User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 What if we exclude ‘Invoice Batches’ from AP_Invoices_Entry? Submenu: AP_Invoices_Entry Function: Invoice Batches SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: UK_AP_Navigate_GUI12 Menu: AX_Payables_User Responsibility: Payables User Responsibility: Payables Supervisor Payables Users User: Mike Jones
Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A
Access Risk Assessment FulcrumWay Application Risk Assessment Best Practices Manage Exceptions Prepare Assessment Checklist Select ERP Controls from FW Controls Catalogs Establish Test Environment Detect Control Violations Prepare Remediation Plan Analyze Issues Present Project Plan Confirm Findings Implement Access Management System Probe ERP Data FW Risk Advisor/Client Lead FW Risk Advisor/Client Lead/Control Owners Client Executive Sponsors FW/Client Project Team
Access Risk Assessment DataProbe™ extracts the security, setup and master data information DataProbe™ is a desktop utility for the client DBA/manager to provide the data On average it takes our cleints less than an hour to install and extract the ERP security , setup and master data for submission to FulcrumWay risk advisory services
Access Risk Assessment Controls Catalog with over 1,000 advance controls Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities
Access Risk Assessment ERP Test environment consists of ERP configurations and data objects Selected security, setup and data objects are included in the environment ERP Configuration such as 3-way match in payable options, master data such as Users, Responsibilities, Customers, Invoices, Suppliers, Assets and Payments records are analyzed for control failure risks
Access Risk Assessment Advanced Analytics to analyze ERP Risks Pre-built Risk Analytics. Risk Reports available for client review Risk Advisors identifies controls violations and has the capability to analyze issues, remove false positives to prepare the findings report
Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A
Role Design FulcrumWay Roles Manager Overview Eliminate Root Cause of Access Control Violations in ERP: Improve Segregation of Duty controls within mission critical applications Reduce ERP implementation and upgrade costs with pre-configured roles Lower ERP Total Cost of Ownership by assigning pre-approved Roles We enable ERP Administrators: Select pre-configured ERP roles from a roles catalog Update, Review and Approve Role design changes. Identify SOD conflicts before the Roles are assigned to Users.
Role Design FulcrumWay Roles Manager Features Role Manager is an ERP security design tool Contains a pre-configured catalog of roles which comply with segregation of duty (SOD) policies. Roles by ERP module and typical access requirements for those modules such as Manager, Supervisor, Clerk, Inquiry, Business Setup and IT Setup. You can use this tool to view existing role templates and design new roles by easily selecting or deselecting ERP functions/transaction. Once you complete the roles design, you can send it, using workflows, to pre-assigned reviewers and approvers to finalize the roles. The role preparers, reviewers and approvers can also assess the SOD control risks before finalizing the roles. Leverage FW DataProbe/Scripts to load current Roles Secure Access from fulcrumway.com portal
Role Design Access to Roles Manager Sign-in to ERP Controls and Navigate to Roles Manager at FulcrumWay.com Roles Manager is a component of the FulcrumWay Risk Remediation software services that is available instantly over a secure internet-connection.
Role Design Search and Browse through catalog of Roles for Oracle EBS R12 Select the Access Monitor Icon. Then click on the Maintain Access Roles Tab Roles Manager contains hundreds of Oracle EBS Responsibilities with SOD Controls Designed into the configuration to give you a jump start
Role Design Access to Roles Manager Use a “source” role to create a new “target” role. View existing SOD issues with the “source” role. Assign Reviewers and Approvers for the role Embed SOD Controls into Oracle Responsibilities design by eliminating conflicting business activities inherent in the EBS Responsibility configuration
Role Design Access to Roles Manager Select/ Deselect business activities to update Role configuration automatically Reduce Role design time and effort by selecting business activities to drive the configuration of Oracle Responsibilities.
ERP User Provisioning Save Precious Time Verifying User Provision Request Prevent Unauthorized Systems Access Reduce the Risk of Internal Fraud Improve Your Compliance Audit Trail We enable Security/ERP Administrators: Automate manual access request processes Ensure there are no unauthorized users Detect and prevent disallowed access attempts
Remediate Access Risks Monitor User Access Requests Monitor controls over the user provisioning process. Maintain audit log Reduce SOD violations by monitoring User Access Requests at Helpdesk and perform SOD analysis before access is granted
ERP User Access Monitor Save Precious Time Verifying User Access Detect Unauthorized Systems Access Automate User Access Review Improve Your Compliance Audit Trail We enable Security/ERP Administrators: Ensure there are no unauthorized users Maintain universal access security compliance
Remediate Access Risks Remove False Positives and inactive users/roles Send user access verification reuqest to application control owners using “passkey” to verif ot terminate access Monitor User Access to Responsibility/Role and Functions
ERP User Access Monitor Fast Forward SOD Corrective Actions Notify manager of business activity risks Enforce corrective actions Reduce Compliance Costs We enable Security/ERP Administrators: Automate corrective action requests Ensure timely resolution of SOD incidents Maintain universal access security compliance
Remediate Access Risks Send Corrective Actions to implement approved changes Send SOD conflict information at the business activity level to correct violations Correction Action Request is sent to Managers for Review and Approval via email survey Application Owner Verifies Access to Business Activity Reduce cost and effort for remediation.
ERP Controls Management Apply Continuous Monitoring to ERP Controls Minimize Process Errors and Losses Maintain compliance with regulations and internal policies Reduce the Cost of Risk and Audit We enable Business and IT Managers: Meet your organizational control objectives Complete your controls monitoring repository Apply policies and rules to each business cycle
Select ERP Controls FW Controls Catalog with over 1,000 advance controls Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities
Monitor Data Changes Authoritative Master Data Across the Enterprise Ensure reliable mission critical data. Improve data governance with complete audit trail. Make informed, fact-based timely business decisions Detect who, when, what changes are made to master data such as organziations, suppliers, customers, employees, items, assets and other key records.
Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top SOD Challenges in EBS R12 Overview of SOD Controls Assessment Roles Design Techniques Case Study Q&A
Client case Global car and equipment rental company, improves Our Client Leader in the car and equipment rental businesses worldwide Providing quality car rental service for over 90 years. Over 30,000 employees Challenges Replace multiple legacy systems with one ERP solution Improved Segregation of Duty controls within mission critical applications Maintain consistent ERP system access roles across the subsidiaries leveraging the shared services model Increase external auditor’s reliance on ERP Access Controls Monitoring Solutions ERP Controls Catalog ERP Roles Monitor employee productivity Results: Reduce ERP Role design, build, testing and implementation time by 80% resulting in over $200,000 cost savings during ERP system implementation and global roll-out. Created over 100 Segregation of Duty compliant Roles by business segment with two weeks from FulcrumWay Role Templates within the controls catalog. Lowered ERP Total Cost of Ownership by reducing SoD remediation time and costs by ensuring that all users a assigned only the pre-approved Roles Improve SoD and Access Controls testing time by providing auditors the access log reports showing all Update, Review and Approve Role design changes. Accelerated ERP testing and deploying time by identifying SOD conflicts before the Roles are assigned to Users.
Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top SOD Challenges in EBS R12 Overview of SOD Controls Assessment Roles Design Techniques Case Study Q&A
Q&A Download DataProbe Leader in Risk Based Enterprise Controls One-on-One with Experts Follow FulcrumWay on LinkedIn for ERP Risk and Controls

Recommended

Zen Of Oracle Erp
Zen Of Oracle ErpZen Of Oracle Erp
Zen Of Oracle ErpMahesh Vallampati
 
Arul_Resume
Arul_ResumeArul_Resume
Arul_ResumeArul Natarajan
 
3 Approaches for Integrated ALM - A Case for ALM Platform - Whitepaper
3 Approaches for Integrated ALM - A Case for ALM Platform - Whitepaper3 Approaches for Integrated ALM - A Case for ALM Platform - Whitepaper
3 Approaches for Integrated ALM - A Case for ALM Platform - WhitepaperKovair
 
Advanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIIAdvanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIINextLabs, Inc.
 
Application Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsApplication Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsCAST
 
Michele Mizell Resume
Michele Mizell ResumeMichele Mizell Resume
Michele Mizell ResumeMichele Mizell
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
Ramesha Rao
Ramesha RaoRamesha Rao
Ramesha RaoRamesha Rao
 

Recommended

Zen Of Oracle Erp
Zen Of Oracle ErpZen Of Oracle Erp
Zen Of Oracle ErpMahesh Vallampati
 
Arul_Resume
Arul_ResumeArul_Resume
Arul_ResumeArul Natarajan
 
3 Approaches for Integrated ALM - A Case for ALM Platform - Whitepaper
3 Approaches for Integrated ALM - A Case for ALM Platform - Whitepaper3 Approaches for Integrated ALM - A Case for ALM Platform - Whitepaper
3 Approaches for Integrated ALM - A Case for ALM Platform - WhitepaperKovair
 
Advanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIIAdvanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIINextLabs, Inc.
 
Application Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsApplication Performance: 6 Steps to Enhance Performance of Critical Systems
Application Performance: 6 Steps to Enhance Performance of Critical SystemsCAST
 
Michele Mizell Resume
Michele Mizell ResumeMichele Mizell Resume
Michele Mizell ResumeMichele Mizell
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
Ramesha Rao
Ramesha RaoRamesha Rao
Ramesha RaoRamesha Rao
 
Joseph Inbaraj S 11+ years ALM Admin Resume
Joseph Inbaraj S 11+ years ALM Admin ResumeJoseph Inbaraj S 11+ years ALM Admin Resume
Joseph Inbaraj S 11+ years ALM Admin Resumeqtpjoseph
 
Resume_QA_8_Yrs_Exp_Vijay
Resume_QA_8_Yrs_Exp_VijayResume_QA_8_Yrs_Exp_Vijay
Resume_QA_8_Yrs_Exp_VijayVijay Bichkar
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access controlElimity
 
Surya_CV
Surya_CVSurya_CV
Surya_CVSurya Pal
 
Introduction to Software Development Life Cycle: Phases & Models
Introduction to Software Development Life Cycle: Phases & ModelsIntroduction to Software Development Life Cycle: Phases & Models
Introduction to Software Development Life Cycle: Phases & Modelsmanoharparakh
 
Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsCAST
 
Requirements-Management-Case-Study-for-Honeywell
Requirements-Management-Case-Study-for-HoneywellRequirements-Management-Case-Study-for-Honeywell
Requirements-Management-Case-Study-for-HoneywellKovair
 
Resume_New
Resume_NewResume_New
Resume_NewROSHAN MISHRA
 
Shriraam-performance test engineer 5.4 years
Shriraam-performance test engineer 5.4 yearsShriraam-performance test engineer 5.4 years
Shriraam-performance test engineer 5.4 yearsshriraam ms
 
Application Assessment - Executive Summary Report
Application Assessment - Executive Summary ReportApplication Assessment - Executive Summary Report
Application Assessment - Executive Summary ReportCAST
 
Gourav ladha - Profile
Gourav ladha - ProfileGourav ladha - Profile
Gourav ladha - ProfileGourav Ladha
 
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗hasnainqayyum1
 
Testing and Rolling Out Enterprise Applications
Testing and Rolling Out Enterprise ApplicationsTesting and Rolling Out Enterprise Applications
Testing and Rolling Out Enterprise ApplicationsGem WeBlog
 
Performance Testing Services for Case Management Application
Performance Testing Services for Case Management ApplicationPerformance Testing Services for Case Management Application
Performance Testing Services for Case Management ApplicationPratham Software (PSI)
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approachPrachi desai
 
Nirmal kumar
Nirmal kumarNirmal kumar
Nirmal kumarNirmal Kumar
 
Sharanabasappa_Resume
Sharanabasappa_Resume Sharanabasappa_Resume
Sharanabasappa_Resume Sharanabasappa Vithalrao
 
Srs (software requirement specification) in software engineering basics by ra...
Srs (software requirement specification) in software engineering basics by ra...Srs (software requirement specification) in software engineering basics by ra...
Srs (software requirement specification) in software engineering basics by ra...Ram Paliwal
 
Silvertouch Profile
Silvertouch ProfileSilvertouch Profile
Silvertouch ProfileKhushboo (Kay) Jhurani
 
Reduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesReduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesactjax
 
FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay
 

More Related Content

What's hot

Joseph Inbaraj S 11+ years ALM Admin Resume
Joseph Inbaraj S 11+ years ALM Admin ResumeJoseph Inbaraj S 11+ years ALM Admin Resume
Joseph Inbaraj S 11+ years ALM Admin Resumeqtpjoseph
 
Resume_QA_8_Yrs_Exp_Vijay
Resume_QA_8_Yrs_Exp_VijayResume_QA_8_Yrs_Exp_Vijay
Resume_QA_8_Yrs_Exp_VijayVijay Bichkar
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access controlElimity
 
Introduction to Software Development Life Cycle: Phases & Models
Introduction to Software Development Life Cycle: Phases & ModelsIntroduction to Software Development Life Cycle: Phases & Models
Introduction to Software Development Life Cycle: Phases & Modelsmanoharparakh
 
Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsCAST
 
Requirements-Management-Case-Study-for-Honeywell
Requirements-Management-Case-Study-for-HoneywellRequirements-Management-Case-Study-for-Honeywell
Requirements-Management-Case-Study-for-HoneywellKovair
 
Shriraam-performance test engineer 5.4 years
Shriraam-performance test engineer 5.4 yearsShriraam-performance test engineer 5.4 years
Shriraam-performance test engineer 5.4 yearsshriraam ms
 
Application Assessment - Executive Summary Report
Application Assessment - Executive Summary ReportApplication Assessment - Executive Summary Report
Application Assessment - Executive Summary ReportCAST
 
Gourav ladha - Profile
Gourav ladha - ProfileGourav ladha - Profile
Gourav ladha - ProfileGourav Ladha
 
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗hasnainqayyum1
 
Testing and Rolling Out Enterprise Applications
Testing and Rolling Out Enterprise ApplicationsTesting and Rolling Out Enterprise Applications
Testing and Rolling Out Enterprise ApplicationsGem WeBlog
 
Performance Testing Services for Case Management Application
Performance Testing Services for Case Management ApplicationPerformance Testing Services for Case Management Application
Performance Testing Services for Case Management ApplicationPratham Software (PSI)
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approachPrachi desai
 
Srs (software requirement specification) in software engineering basics by ra...
Srs (software requirement specification) in software engineering basics by ra...Srs (software requirement specification) in software engineering basics by ra...
Srs (software requirement specification) in software engineering basics by ra...Ram Paliwal
 

What's hot (19)

Joseph Inbaraj S 11+ years ALM Admin Resume
Joseph Inbaraj S 11+ years ALM Admin ResumeJoseph Inbaraj S 11+ years ALM Admin Resume
Joseph Inbaraj S 11+ years ALM Admin Resume
 
Resume_QA_8_Yrs_Exp_Vijay
Resume_QA_8_Yrs_Exp_VijayResume_QA_8_Yrs_Exp_Vijay
Resume_QA_8_Yrs_Exp_Vijay
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access control
 
Surya_CV
Surya_CVSurya_CV
Surya_CV
 
Introduction to Software Development Life Cycle: Phases & Models
Introduction to Software Development Life Cycle: Phases & ModelsIntroduction to Software Development Life Cycle: Phases & Models
Introduction to Software Development Life Cycle: Phases & Models
 
Six steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systemsSix steps-to-enhance-performance-of-critical-systems
Six steps-to-enhance-performance-of-critical-systems
 
Requirements-Management-Case-Study-for-Honeywell
Requirements-Management-Case-Study-for-HoneywellRequirements-Management-Case-Study-for-Honeywell
Requirements-Management-Case-Study-for-Honeywell
 
Resume_New
Resume_NewResume_New
Resume_New
 
Shriraam-performance test engineer 5.4 years
Shriraam-performance test engineer 5.4 yearsShriraam-performance test engineer 5.4 years
Shriraam-performance test engineer 5.4 years
 
Application Assessment - Executive Summary Report
Application Assessment - Executive Summary ReportApplication Assessment - Executive Summary Report
Application Assessment - Executive Summary Report
 
Gourav ladha - Profile
Gourav ladha - ProfileGourav ladha - Profile
Gourav ladha - Profile
 
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗
 
Testing and Rolling Out Enterprise Applications
Testing and Rolling Out Enterprise ApplicationsTesting and Rolling Out Enterprise Applications
Testing and Rolling Out Enterprise Applications
 
Performance Testing Services for Case Management Application
Performance Testing Services for Case Management ApplicationPerformance Testing Services for Case Management Application
Performance Testing Services for Case Management Application
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approach
 
Nirmal kumar
Nirmal kumarNirmal kumar
Nirmal kumar
 
Sharanabasappa_Resume
Sharanabasappa_Resume Sharanabasappa_Resume
Sharanabasappa_Resume
 
Srs (software requirement specification) in software engineering basics by ra...
Srs (software requirement specification) in software engineering basics by ra...Srs (software requirement specification) in software engineering basics by ra...
Srs (software requirement specification) in software engineering basics by ra...
 
Silvertouch Profile
Silvertouch ProfileSilvertouch Profile
Silvertouch Profile
 

Similar to FulcrumWay - Implement Effective Access Controls within your Oracle ERP System

Reduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesReduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesactjax
 
FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC SolutionsMantala
 
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Oracle
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay
 
Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Smart ERP Solutions, Inc.
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsJane Jones
 
Oracle eBS Overview.pptx
Oracle eBS Overview.pptxOracle eBS Overview.pptx
Oracle eBS Overview.pptxssuser9dce1e1
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsOracle
 
Fusion apps receivables
Fusion apps receivablesFusion apps receivables
Fusion apps receivablesHasan Shabbir
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOracle
 
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...Oracle
 
Implementing access and security controls across your applications
Implementing access and security controls across your applicationsImplementing access and security controls across your applications
Implementing access and security controls across your applicationsDave Reik
 
Oracle Scene Safeguard your Business
Oracle Scene Safeguard your BusinessOracle Scene Safeguard your Business
Oracle Scene Safeguard your BusinessEmma Kelly
 
Oracle Scene Oct 2017
Oracle Scene Oct 2017Oracle Scene Oct 2017
Oracle Scene Oct 2017Alice Cantu
 

Similar to FulcrumWay - Implement Effective Access Controls within your Oracle ERP System (20)

Reduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniquesReduce sod access violations with effective roles management techniques
Reduce sod access violations with effective roles management techniques
 
FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
 
Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2Navigating HCM Compliance Through Managed Services Part 2
Navigating HCM Compliance Through Managed Services Part 2
 
Resume
ResumeResume
Resume
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
 
Oracle eBS Overview.pptx
Oracle eBS Overview.pptxOracle eBS Overview.pptx
Oracle eBS Overview.pptx
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
 
Fusion apps receivables
Fusion apps receivablesFusion apps receivables
Fusion apps receivables
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
Symantec, Facebook and Navillus - a comprehensive approach to securing & moni...
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Implementing access and security controls across your applications
Implementing access and security controls across your applicationsImplementing access and security controls across your applications
Implementing access and security controls across your applications
 
Oracle Scene Safeguard your Business
Oracle Scene Safeguard your BusinessOracle Scene Safeguard your Business
Oracle Scene Safeguard your Business
 
Oracle Scene Oct 2017
Oracle Scene Oct 2017Oracle Scene Oct 2017
Oracle Scene Oct 2017
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

FulcrumWay - Implement Effective Access Controls within your Oracle ERP System

  • 1. Earn Admiration and Love from your CIO and CFO! Implement Effective Access Controls within your Oracle ERP System A Leader in Risk Based Enterprise Controls Management Solutions Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics Webinar – February 19th , 2014 Adil Khan Managing Director Leverage Technology: Move Your Business Forward™ Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright ©. Fulcrum Information Technology, Inc.
  • 2. Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A Page 2
  • 3. Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A Page 3
  • 4. FulcrumWay A Leader in Risk Based Controls Management™ FulcrumWay: is the #1 End-to-End Provider of Risk Based Enterprise Controls Management Solutions for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Advanced Controls, GRC Manager, and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services Software Services: Risk Assessment for ERP systems, Control Design and Management Tools, Controls Catalog, Enterprise Risk Manager, Financial Reporting Manager, Audit Manager USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Auckland, Chennai, Johannesburg, London, Mexico City Page 4
  • 5. Successful Track Record Government Communications Media/Entertainment FulcrumWay Clients Oil and Gas Financial Services Transportation Manufacturing Healthcare High Tech Page 5 Retail Natural Resources Life Sciences
  • 6. FulcrumWay™ Insight Proven Expertise Thought Leadership Co-Authored GRC Book: First book on GRC for Oracle Applications Executive Round Tables – GRC Solutions for Energy Industry, Houston, November 2012 OAUG GRC Solution Lab - April 7th – 11th Denver: GRC Case Studies and Best Practices IIA - Presentations - Top Five Reasons for Automating Application Controls Collaborate 14 – GRC Client Appreciation Dinner April 9th , 2014 Las Vegas Webcasts – GRC Best Practices, Trends and Expert Insight Oracle Open World – Annual GRC Dinner on September 23rd , 2014 W Hotel San Francisco LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less Page 6
  • 7. Top Challenges Access Management Challenges for CIO and CFO ERP Roles need significant changes to meet requirements Access to sensitive data is not protected No audit trail on ERP configuration controls User provisioning does not prevent control violations Segregation of Duty controls are deficient Can not prevent unauthorized Master Data changes Super User activity in not monitored Periodic user Certification is not reliable Terminated employees have access to ERP Page 7
  • 8. Top Challenges Key Factors impacting Access Control Complexity of ERP System Security Model – An average Oracle EBS R12 customer has over 35,000 functions and 12,500 menus Effectiveness Roles Design – Single Global Roles Template or wide variation based on user needs Completeness of User Provisioning Process – Does user provisioning process include control warnings for approvers? Auditability of ERP Configuration and Data Access – Can you track ALL changes to key setup and or master? Number of ERP environments – Do you need to control access to multiple ERP systems?
  • 9. Top Challenges Complicated Security Model High Risk of Access Control Deficiencies
  • 10. Complicated Security Model High Risk of Access Control Deficiencies Top Challenges Evaluate User Access • Test by User • Test by Privilege User Responsibility Menu Manage Segregation of Duties • Identify incompatible Privileges • Predefined & Extensible SOD Rule Sets Function Form
  • 11. Top Challenges Root Cause Analysis is required for remediation! ERP Security Management is a permutation problem User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 What if we exclude ‘Invoice Batches’ from AP_Invoices_Entry? Submenu: AP_Invoices_Entry Function: Invoice Batches SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: UK_AP_Navigate_GUI12 Menu: AX_Payables_User Responsibility: Payables User Responsibility: Payables Supervisor Payables Users User: Mike Jones
  • 12. Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A
  • 13. Access Risk Assessment FulcrumWay Application Risk Assessment Best Practices Manage Exceptions Prepare Assessment Checklist Select ERP Controls from FW Controls Catalogs Establish Test Environment Detect Control Violations Prepare Remediation Plan Analyze Issues Present Project Plan Confirm Findings Implement Access Management System Probe ERP Data FW Risk Advisor/Client Lead FW Risk Advisor/Client Lead/Control Owners Client Executive Sponsors FW/Client Project Team
  • 14. Access Risk Assessment DataProbe™ extracts the security, setup and master data information DataProbe™ is a desktop utility for the client DBA/manager to provide the data On average it takes our cleints less than an hour to install and extract the ERP security , setup and master data for submission to FulcrumWay risk advisory services
  • 15. Access Risk Assessment Controls Catalog with over 1,000 advance controls Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities
  • 16. Access Risk Assessment ERP Test environment consists of ERP configurations and data objects Selected security, setup and data objects are included in the environment ERP Configuration such as 3-way match in payable options, master data such as Users, Responsibilities, Customers, Invoices, Suppliers, Assets and Payments records are analyzed for control failure risks
  • 17. Access Risk Assessment Advanced Analytics to analyze ERP Risks Pre-built Risk Analytics. Risk Reports available for client review Risk Advisors identifies controls violations and has the capability to analyze issues, remove false positives to prepare the findings report
  • 18. Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top Access Challenges for CIO and CFO Overview of Access Risk Assessment Access Management Techniques Case Study Q&A
  • 19. Role Design FulcrumWay Roles Manager Overview Eliminate Root Cause of Access Control Violations in ERP: Improve Segregation of Duty controls within mission critical applications Reduce ERP implementation and upgrade costs with pre-configured roles Lower ERP Total Cost of Ownership by assigning pre-approved Roles We enable ERP Administrators: Select pre-configured ERP roles from a roles catalog Update, Review and Approve Role design changes. Identify SOD conflicts before the Roles are assigned to Users.
  • 20. Role Design FulcrumWay Roles Manager Features Role Manager is an ERP security design tool Contains a pre-configured catalog of roles which comply with segregation of duty (SOD) policies. Roles by ERP module and typical access requirements for those modules such as Manager, Supervisor, Clerk, Inquiry, Business Setup and IT Setup. You can use this tool to view existing role templates and design new roles by easily selecting or deselecting ERP functions/transaction. Once you complete the roles design, you can send it, using workflows, to pre-assigned reviewers and approvers to finalize the roles. The role preparers, reviewers and approvers can also assess the SOD control risks before finalizing the roles. Leverage FW DataProbe/Scripts to load current Roles Secure Access from fulcrumway.com portal
  • 21. Role Design Access to Roles Manager Sign-in to ERP Controls and Navigate to Roles Manager at FulcrumWay.com Roles Manager is a component of the FulcrumWay Risk Remediation software services that is available instantly over a secure internet-connection.
  • 22. Role Design Search and Browse through catalog of Roles for Oracle EBS R12 Select the Access Monitor Icon. Then click on the Maintain Access Roles Tab Roles Manager contains hundreds of Oracle EBS Responsibilities with SOD Controls Designed into the configuration to give you a jump start
  • 23. Role Design Access to Roles Manager Use a “source” role to create a new “target” role. View existing SOD issues with the “source” role. Assign Reviewers and Approvers for the role Embed SOD Controls into Oracle Responsibilities design by eliminating conflicting business activities inherent in the EBS Responsibility configuration
  • 24. Role Design Access to Roles Manager Select/ Deselect business activities to update Role configuration automatically Reduce Role design time and effort by selecting business activities to drive the configuration of Oracle Responsibilities.
  • 25. ERP User Provisioning Save Precious Time Verifying User Provision Request Prevent Unauthorized Systems Access Reduce the Risk of Internal Fraud Improve Your Compliance Audit Trail We enable Security/ERP Administrators: Automate manual access request processes Ensure there are no unauthorized users Detect and prevent disallowed access attempts
  • 26. Remediate Access Risks Monitor User Access Requests Monitor controls over the user provisioning process. Maintain audit log Reduce SOD violations by monitoring User Access Requests at Helpdesk and perform SOD analysis before access is granted
  • 27. ERP User Access Monitor Save Precious Time Verifying User Access Detect Unauthorized Systems Access Automate User Access Review Improve Your Compliance Audit Trail We enable Security/ERP Administrators: Ensure there are no unauthorized users Maintain universal access security compliance
  • 28. Remediate Access Risks Remove False Positives and inactive users/roles Send user access verification reuqest to application control owners using “passkey” to verif ot terminate access Monitor User Access to Responsibility/Role and Functions
  • 29. ERP User Access Monitor Fast Forward SOD Corrective Actions Notify manager of business activity risks Enforce corrective actions Reduce Compliance Costs We enable Security/ERP Administrators: Automate corrective action requests Ensure timely resolution of SOD incidents Maintain universal access security compliance
  • 30. Remediate Access Risks Send Corrective Actions to implement approved changes Send SOD conflict information at the business activity level to correct violations Correction Action Request is sent to Managers for Review and Approval via email survey Application Owner Verifies Access to Business Activity Reduce cost and effort for remediation.
  • 31. ERP Controls Management Apply Continuous Monitoring to ERP Controls Minimize Process Errors and Losses Maintain compliance with regulations and internal policies Reduce the Cost of Risk and Audit We enable Business and IT Managers: Meet your organizational control objectives Complete your controls monitoring repository Apply policies and rules to each business cycle
  • 32. Select ERP Controls FW Controls Catalog with over 1,000 advance controls Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities
  • 33. Monitor Data Changes Authoritative Master Data Across the Enterprise Ensure reliable mission critical data. Improve data governance with complete audit trail. Make informed, fact-based timely business decisions Detect who, when, what changes are made to master data such as organziations, suppliers, customers, employees, items, assets and other key records.
  • 34. Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top SOD Challenges in EBS R12 Overview of SOD Controls Assessment Roles Design Techniques Case Study Q&A
  • 35. Client case Global car and equipment rental company, improves Our Client Leader in the car and equipment rental businesses worldwide Providing quality car rental service for over 90 years. Over 30,000 employees Challenges Replace multiple legacy systems with one ERP solution Improved Segregation of Duty controls within mission critical applications Maintain consistent ERP system access roles across the subsidiaries leveraging the shared services model Increase external auditor’s reliance on ERP Access Controls Monitoring Solutions ERP Controls Catalog ERP Roles Monitor employee productivity Results: Reduce ERP Role design, build, testing and implementation time by 80% resulting in over $200,000 cost savings during ERP system implementation and global roll-out. Created over 100 Segregation of Duty compliant Roles by business segment with two weeks from FulcrumWay Role Templates within the controls catalog. Lowered ERP Total Cost of Ownership by reducing SoD remediation time and costs by ensuring that all users a assigned only the pre-approved Roles Improve SoD and Access Controls testing time by providing auditors the access log reports showing all Update, Review and Approve Role design changes. Accelerated ERP testing and deploying time by identifying SOD conflicts before the Roles are assigned to Users.
  • 36. Agenda Implement Effective Access Controls within your Oracle ERP System Introductions Top SOD Challenges in EBS R12 Overview of SOD Controls Assessment Roles Design Techniques Case Study Q&A
  • 37. Q&A Download DataProbe Leader in Risk Based Enterprise Controls One-on-One with Experts Follow FulcrumWay on LinkedIn for ERP Risk and Controls