Form I-9/E-Verify and Compliance & Managed Services for HCM Cloud
Presented by the Department of Homeland Security, ERP Risk Advisors, and Smart ERP Solutions
Part 2: Compliance With Managed Services for Human Capital Management (HCM)
In this webinar, discover how Compliance and Managed Services for Human Capital Management (HCM) Cloud can optimize and streamline your HR processes, saving time and resources and staying compliant. ERP Risk Advisors and SmartERP will showcase the benefits of utilizing managed services, focusing on automation, security, scalability, and compliance. Learn how managed services can enhance your HCM Cloud experience and allow HR professionals to focus on strategic initiatives while ensuring data privacy and regulatory compliance. There will be an open Q&A.
Some of the topics that will be presented:
What do we mean by Compliance through Managed Services?
Flexible Models for Managed Services as an extension of your Internal Team
Ensuring Oracle License Compliance and Reducing risk through Role Management
Demonstrate significant risks with the use of Seeded and Hybrid roles
Automated processes and their impact on HR efficiency
Compliance assurance and risk management through enabling and evaluating audit logs
This webinar will focus on content for HCM professionals that are utilizing HCM Cloud or are currently investigating moving to HCM Cloud.
Note: Both webinars are tailored to HR professionals, compliance officers, and managers. The aim is to offer valuable insights and practical tips for handling DHS Form I-9 compliance and leveraging Managed Services to optimize HCM Cloud operations and compliance.
2. • Introduction of Speakers
• About SmartERP
• Why is Application Support Planning Critical to Success?
• How to Maximize Productivity and Minimize Disruptions
• How you remain compliant in a Cloud World
• Managed Services Options
• ERP Risk Advisors Security Option
Agenda
3. Lynn Duffy
Vice President Client Success | Smart ERP Solutions
Lynn has spent over 25 years in the IT industry working across ERP, BI and product development
domains with a focus on customer service, sales, business development and consulting. Her
previous organizations include PeopleSoft/Oracle, BellSouth, GEAC and several different healthcare
organizations.
Today’s Presenters
Donna Curtis
ERP Cloud Practice Manager | ERP Risk Advisors
Donna has specialized in ERP Cloud since 2016, focusing in the areas of security
design, audit policies, and Risk Cloud while working with major consulting firms
over the last 15 years.
She is a frequent speaker at conferences and webinars on the functionality of
Oracle and helps with patch impact analysis each quarter.
4. SmartERP Solutions | Global Expertise with Local Presence
UAE
Dubai
Bangalore
Hyderabad
INDIA
• Toronto
• Boston
• Chicago
• Dallas
• Atlanta
• Austin
HQ
Pleasanton, CA
Chennai
Founded in 2005
by former Oracle
Executives, Architects,
and Consultants
Implementation Partner
Oracle Cloud, NetSuite,
PeopleSoft, EBS and JDE
Solutions and Services
A unique blend of fixed fee
Solutions and Services
300+ Clients
Worldwide clients for life
across various industries
350+ Employees
Certified experts around the
world – 24x7x365
5. SmartERP | Oracle Functional Areas
5
ERP/EPM – Finance, Revenue
Management, EPM -Planning and
Budgeting, Consolidation & Close
SCM – Procurement, OM, INV,
Subscriptions, Projects, Field
Service, Supply/Demand Planning
HCM – Benefits, Comp, Talent, &
Workforce Management,
Recruiting, Learn and Payroll
Manufacturing – PLM, WHM &
Transportation Management and
CRM – Sales & Service & CPQ
Process Improvement and
Integration/Development/PaaS/
IaaS and Extensions
7. Why is an Application Support Plan Critical?
• Executives and Business owners have often failed to adopt the new
Cloud solution
• Preparing for beyond go-live is what categorically ensures both a
successful and sustainable adoption for any Cloud implementation
• Change Management, Training, and Communication are key
• You are post go-live and hypercare is ending, what now?
• Having a Clear, Concise, and Structured support plan will mitigate post
go live fears and concerns
8. Oracle Updates
• Whether it is HCM and ERP Quarterly
updates, or
• EPM monthly updates and weekly
patches, or
• Emergency or one-off patches
It can cause havoc and interruptions to
your day to day operations.
What does one do?
Oracle is updating your Apps, oh no!
9. 1. How do you make the most of new features?
2. How do you minimize the burden of testing Oracle
apps multiple times per year?
3. How do you ensure business continuity after each
update, and safeguard against application downtime?
4. How do you coordinate between IT and business
teams, as both are needed to create and maintain test
scripts?
5. How do you stay compliant with Audit requirements?
6. How will new features and bug fixes impact current
processes and procedures?
Methods and Madness to Embrace Oracle Updates Gracefully
10. 1. How do you identify the exact scope of what you
should be testing?
2. How do you ensure 100% regression testing?
3. Oracle Support fixes bugs but what about all the other
support requests?
4. How do you manage support with teams struggling
with ongoing development and troubleshooting
requests?
Bringing in a Managed Services Partner who
understands all of these issues is the answer!
Methods and Madness , continued
11. Benefits of Support Team
• A support partner can provide ongoing training, best practices, and
issue management which allows the business to focus on running the
business and not responding to issues and putting out fires
• A support partner can be the liaison between your internal team and
Oracle Support. The support partner can “fight the battles” with
Oracle support, while your internal team focuses on running the
business
• A support partner can provide stabilization as a result of domain
expertise and wide range of skills - choose a partner with expertise in
SaaS, PaaS and IaaS that can quickly diagnose issues with integrations
or performance
12. Strategies and Best Practices
to Maximize Productivity and
Minimize Disruptions
13. Best Practices
1. Stay Informed – Continuous learning and understanding of upcoming updates and new fixes,
features and functionality
2. Identify – The framework of people, process, and technology that is required to review, maintain
and utilize new features and updates as released; processes should be in place before go live and
fine-tuned during initial support phase
3. Communication – Each organization is unique so there is no standard approach to developing a
deployment message – having a solid one containing tips and tricks will foster transparency and
build trust
4. Review new features before new releases are deployed by Oracle - it is important to thoroughly
evaluate the new release and any downstream or 3rd party integration impact
5. Testing Strategy is key - have an updated strategy & understanding of how the updates impact
business & applications & who will be tasked with review, testing and deploying with agreed
timing
14. Automated Testing – SmartERP’s Proprietary Testing Tool
Smart Test Automation Tool
For Oracle applications, Smart Test Automation
includes prebuilt script packages, and it can be
expanded to other web applications integrated
with your Oracle Cloud Applications
If unique test cases are needed in addition to
the prebuilt test package, they will be
developed in the SmartERP lab
The Smart Test Automation tool offers a high-
level report of the tested environment as well
as a comprehensive report for each test case
STA is only for Web automation application
Testing, not for load testing
No defect tracking system
OATS
No Prebuilt libraries available
Only the end user will create and maintain
the test cases
Reports are relatively difficult for the end
user to understand
OATS is for web automation and load testing
Defect tracking system is available in OATS
15. How do you remain
compliant through all of this?
16. 1. You will hear from our Partner in a minute on what their tools can
do for Compliance
2. Additionally, we have some solutions that can help, but without
tools to monitor them:
Audit reports that are not delivered out of the box for periodic User Access
Reviews related controls (UAR) for production and non-production environments
Ready to use audit reports for employee data changes used for SOX related
business controls – ex Auditor will look at specific tx (new hire) and SOD
Prebuilt custom roles in compliance with Segregation of duties (SOD) for HR
users from multiple countries and IT support staff
Ready to use scripts for non-production environment refresh to reset user’s
password, emails, roles assignment, data masking to secure employee’s data in
lower environments
How can we Help you with HCM Compliance?
18. 1. OnDemand: As needed “bucket of hours” support to cover employee
absences, M&A activity, open enrollment, peak business demands.
2. Oracle Release Support: Quarterly our team will review, test, and apply
Oracle updates to your environments to ensure business continuity and
maximize automation.
3. Incremental Support: Full time (40 hours per week) or Part-time (Starting at
15 hours per week)
a. Assist with support, best practices, troubleshooting, enhancements
b. Functional, Technical, and/or Infrastructure support
c. 24/7 or during business hours
4. Full Managed Service Outsourcing: Support of all Oracle Applications,
including Level 2 & 3 support 24/7; Critical business systems support 24
hours a day, 365 days per year, including Functional, Technical and
Infrastructure support
5. ERP Risk Advisors Optional Security Monitoring for full compliance
Managed Application/DB Support
19. ERP Risk Advisors
How to Implement ERP Armor
Rules for ERP Cloud:
Risk and Licensing Issues
20. Agenda
• Data Roles in HCM – Are your Roles Seeded or Custom
• Risks in seeded roles
• Licensing issues in seeded roles
• Challenges with HCM Data Loader
• Enabling Core and Functional Audit Policies
• ERP Risk Advisors: How We Can Help?
22. Data Roles in HCM – Are you Roles Seeded or Custom
How to identify if your HCM roles are really just seeded roles with a data role associated
with it – 2 ways
1. Nav: My Client Groups Workforce Structures Data Roles and Security Profiles
23. Data Roles in HCM – Are you Roles Seeded or Custom
2. Nav: Tools Security Console Roles
25. Risks in Seeded Roles
Human Resource Specialist
Privilege Name
Create User Manage Payment Instrument Assignment
Edit User Name Manage Payroll Calculation Entries
Manage All Application Profile Values Manage Payroll Element Classification
Manage Application Common Lookup Manage Payroll Element Entry
Manage Application Descriptive Flexfield Manage Payroll Third-Party Organization Payment Method
Manage Application Extensible Flexfield Manage Position Tree
Manage Application Flexfield Value Set Manage Role Delegations
Manage Application Set-Enabled Lookup Manage Third Party Bank Account
Manage Application Standard Lookup Manage User Account
Manage Application Tree Manage User Account and My Account
Manage Application Tree Label Manage User Details
Manage Approval Delegations Mass Create Legal Entity HCM Information
Manage Assignment Flexfield Mapping Mass Create Locations
Manage Cash Disbursements Reset Password
Manage Department Tree Run Retrieve Latest LDAP Changes Process
Manage Enterprise Run Send Pending LDAP Requests Process
Manage Enterprise HCM Information Submit Payroll Flow
Manage Fast Formula Submit a Payroll Process or Report
Manage Geography Tree View Bank
Manage HCM User-Defined Table View Bank Account
Manage Location View Bank Branch
Manage Organization Payment Method View Third Party Bank Account
Manage Organization Tree
26. Risks in Seeded Roles
Payroll Administrator
Privilege Name
Activate Subledger Journal Entry Rule Set Assignments Manage Subledger Description Rule
Import Subledger Balance for Supporting Reference Manage Subledger Journal Entry Rule Set
Manage External Payee Payment Details Manage Subledger Journal Line Rule
Manage Organization Payment Method Manage Subledger Mapping Set
Manage Payroll Third-Party Organization Payment Method Manage Subledger Mapping Set Value
Manage Payroll Third-Party Person Payment Method Manage Subledger Standard Source
Manage Person National Identifier Manage Subledger Supporting Reference
Manage Subledger Account Rule Manage Third Party Bank Account
Manage Subledger Accounting Attribute Manage Worker Personal Payment Method
Manage Subledger Accounting Existing Scope View Bank
Manage Subledger Accounting Method View Bank Account
Manage Subledger Accounting Option View Bank Branch
Manage Subledger Application Transaction Object
Line Manager
Privilege Name
Create User
Edit User Name
Hire Employee
Hire Pending Worker
Manage User Account
Manage User Account and My Account
Reset Password
Time and Labor Administrator
Privilege Name
Enter Project Unprocessed Expenditure Batch
Manage Application Common Lookup
Manage Application Flexfield Value Set
Manage Application Set-Enabled Lookup
Manage Application Standard Lookup
Manage Fast Formula
Manage Questionnaire Templates
Manage Questionnaires
Manage Questions
27. Risks in Seeded Roles
Employee
Privilege Name
Cancel Purchase Order as Procurement Requester Manage User Account and My Account
Change Purchase Order as Procurement Requester Manage Webcenter Services
Check Funds Reserve Funds
Create Requisition for Internal Material Transfers Reset Password
Create Requisition with Changes to Deliver-to Location Submit Requisition with One Click
Create Requisition with Noncatalog Requests View Funds Available Balances
Create Requisition with One Time Location View Item
Delete Roles Delegated To Me View Item Organization Association
Manage Approval Delegations View Item Relationship
Manage External Payee Payment Details View Payables Invoice
Manage Inventory Transfer Order View Person Account Details
Manage Item Attachment View Project Expenditure Types Service
Manage Item Catalog View Project Financial Tasks Service
Manage Item Global Search View Purchase Order
Manage Payables Invoices View Purchase Order as Procurement Requester
Manage Payment Instrument Assignment View Requisition
Manage Requisition View Supplier Negotiation
Manage Role Delegations View Third Party Bank Account
Manage Third Party Bank Account View Units Of Measure List of Values by Web Service
29. Licensing Issues in Seeded Roles
Rule ID Lic Code Abilities
Contingent
Worker
Employee
Human
Resource
Specialist
Line
Manager
Payroll
Manager
Time
and
Labor
Administrator
Time
and
Labor
Manager
Application
Implementation
Consultant
Human
Capital
Management
Application
Administrator
LI007 B81291 Oracle Fusion Career Development Cloud Service X X
LI022 B91080 Oracle Fusion Enterprise Resource Planning for Self Service Cloud Service X X X X X
LI026 B67291 Oracle Fusion Goal Management Cloud Service X X
LI031 B85242 Oracle Fusion Learning Cloud Service X X X
LI036
B91074 /
B67293 Oracle Fusion Performance Management Cloud Service X X X X X X
LI047 B69717 Oracle Fusion Purchasing Cloud Service X
LI057
B69721 /
B91083 Oracle Fusion Self-Service Procurement Cloud Service X X
LI066 B75365 Oracle Fusion Time and Labor Cloud Service X X X X X
LI067 Oracle Fusion Time and Labor for Projects Cloud Service X X X X X
LI068 B73364 Oracle Fusion Workforce Reputation Management Cloud Service X X X X X
LI083 Oracle Talent Management and Workforce Compensation Cloud Service X X X X X X
LI087 Oracle Enterprise Resource Planning for Self Service Cloud Service - All Users X X X X
LI094 Oracle Touchpoints Cloud Service X X X
Bolded roles contain a substantial amount of Licensing
Roles associated to Implementation (SuperUser roles)
31. HCM Data Loader
Options Challenges
Option 1: Have HRIS Manage
Add users
Add roles to users
Should not be assigned to HRIS
Option 2: Have IT Security Manage
Certain reporting like EEO
Updates to employee and payroll records
Should not be assigned to IT Security
Massively overprovisioned and does not provide the privileges needed to break this role apart among the
various departments that need access to part of it. Typically maintained by an HRIS function
34. Enabling Core and Functional Audit Policies
Examples of HCM / Payroll Audit Policies:
Red Arrows = HCM Audit Policy
Blue Arrows - Higher Education Audit Policy
35. Enabling Core and Functional Audit Policies
Examples of HCM / Payroll Audit Policies:
Red Arrows = HCM Audit Policy
Blue Arrows - Higher Education Audit Policy
36. Enabling Core and Functional Audit Policies
Examples of Audit Policies that are introduced over the past few quarterly
patches
New Business Objects:
• 23A – HCM Common Components: Configurations for HCM Data Loader Parameters
Updated Business Objects:
• 22D – Benefits: added in Beneficiary Designations, Eligibility, Enrollment Results
• 23A – Absence Management: Absence Plan Entries, Accrual Records, Accrual Entries
• 23C – Global Human Resources: Worker Employment Assignment records, Action Occurrences
• 23C – HCM Common Components: HSDL Template Roles
• 23C – Succession Management: Talent Pool Security Profile for Job Family, BU and Department
38. How we can help
ERP Armor: Roles
ERP Armor: Roles are pre-built and tested custom roles ready for deployment in your environment, covering the most
used modules. Our fully customized roles have unnecessary high-risk privileges removed to help you meet your
compliance objectives and to help remove the significant security risks in the seeded roles. Our roles are upgrade
proof and have been built to suit any environment.
ERP Armor: Rules
ERP Armor: Rules can be deployed in any GRC solution – Oracle’s Risk Management Cloud: Advanced Access Controls
module or any third-party solutions. We are completely customer centric in this respect. You choose which software
provider you feel is best.
39. ERP Armor: Rules can be deployed – ERP / HCM Cloud
• Via one-time, annual, semi-annual, or quarterly scans
• Feedback on your role design and findings
• Support for internal and external audit questions
• Provides ongoing support via conference calls – up to 4 hours per quarter,
via our support portal, and via support@erpra.net
40. How we can help
ERP Armor: Learning
ERP Armor: Learning: Our “On Demand” learning platform provides you leading-edge training for auditors and
administrators of ERP systems and tools.
ERP Armor: Audit Policies and Logging
Subscription that provides recommended updates as the quarterly patches are applied
Re-baselining Core and Functional Audit Policies
Training on how to manage and report on Audit Policies
41. ERP Armor: Learning
On demand platform includes these classes:
1. ERP Cloud: Enabling Audit Policies, Understanding Audit Logs, and Key
ITGC Reports in ERP Cloud
2. ERP Cloud: Application Security Administration and Best Practices
3. Various classes for IT Compliance and Auditors:
• Foundational Concepts for ERP/HCM Cloud
• Auditing ITGCs for ERP Cloud
42. A. Just Smart Form I-9 (Free)
B. Both Smart Form I-9 and E-Verify (Free)
C. Smart Applications with Smart Onboarding ($)
D. Full Suite with HR Integration ($)
E. Full Suite with HR Integration plus other apps ($)
F. Not Sure?
Use the question feature in your Zoom application