SlideShare une entreprise Scribd logo

Reduce sod access violations with effective roles management techniques

A
actjax
TechnologieBusiness
1  sur  35
Télécharger pour lire hors ligne
Leverage Technology: Move Your Business Forward™ Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Copyright ©. Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Rapidly reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities with effective roles management techniques. .
www.fulcrumway.comPage 2Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 3Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 4Copyright © FulcrumWay FulcrumWay Intelligent, Integrated Instant Risk Management™ FulcrumWay: is the #1 End-to-End Provider of Enterprise Risk Management Expertise, Solutions and Software Services for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Business Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services such as Segregation of Duties. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Manager, GRC Controls and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services and Hosting for Oracle GRC applications. Software Services: Risk Management Tools: Enterprise Risk Manager, Financial Close Risk Manager, Risk Based Audit Manager, IT Risk Workbench, and Advanced Controls Catalog. Data Management Tools: Rules Repository, DataProbe™ adaptors and Data Hub. USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Chennai, Dubai, Kampala, London, Rome, Santiago, Singapore Introduction
www.fulcrumway.comPage 5Copyright © FulcrumWay Government Oil and Gas Healthcare Communications Financial Services Industrial Equipment Natural Resources Manufacturing Retail FulcrumWay Clients High Tech Our Experience Media and Entertainment Life Sciences
www.fulcrumway.comPage 6Copyright © FulcrumWay FulcrumWay™ Insight Thought Leadership Our Experience Co-Authored GRC Book: First book on GRC for Oracle Applications Executive Round Tables – GRC Solutions for Energy Industry, Houston, November 2012 OAUG GRC Solution Lab - April 7th – 11th Denver: GRC Case Studies and Best Practices IIA - Presentations - Top Five Reasons for Automating Application Controls Collaborate 13 – GRC Client Appreciation Dinner April 9th , 2013 Denver Webcasts – GRC Best Practices, Trends and Expert Insight Oracle Open World – Annual GRC Dinner on September 23rd , 2013 W Hotel San Francisco LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less
www.fulcrumway.comPage 7Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 8Copyright © FulcrumWay Enforce Segregation of Duty Controls and Security Polices We can not use Oracle “seeded” Responsibilities because of inherent SOD conflicts. GL Supper User can Enter Journals, Post Journal. Change Approval Limits, Update GL Accounts, Change Calendar. Our R12 Patches created even more SOD issues. Which SOD Policies will mitigate the risk in our Oracle Responsibility Design? How do we ensure that the activities of users granted “super user” Responsibilities have effective compensating control? Why do have so many False Positives and how do we remove them from our analysis? What is an effective approach to Design and Test Oracle Security Model before deployment? When will be able to close all SOD incidents? Top Challenges
www.fulcrumway.comPage 9Copyright © FulcrumWay Responsibility Form Complicated Security Model High Risk of Segregation of Duties Issues Menu Function User Evaluate User Access • Test by User • Test by Privilege Manage Segregation of Duties • Identify incompatible Privileges • Predefined & Extensible SOD Rule Sets Top Challenges
www.fulcrumway.comPage 10Copyright © FulcrumWay Key Factors impacting SOD violations Top Challenges EBS Release and Business Cycles enables by Oracle modules: Order to Cash, Procure to Pay, Record to Report, Hire to Retire, Design to Build, etc: – An average R12 customer has over 35,000 functions and 12,500 menus Number and complexity of SOD Policies – Range from 25 to 250 Number of Business Units and variation in Responsibilities across the business Security Model – RBAC, Single-Sign-On, OIM, etc Number of Users and Responsibilities
www.fulcrumway.comPage 11Copyright © FulcrumWay User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 Submenu: AP_Invoices_Entry Function: Invoice Batches User: Mike Jones Payables Users Responsibility: Payables Supervisor Responsibility: Payables UserMenu: UK_AP_Navigate_GUI12 SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: AX_Payables_User Responsibility: Payables Supervisor Responsibility: Payables Manager, US Responsibility: Payables User Remediation in Oracle EBS is a permutation problem What if we exclude ‘Invoice Batches’ from AP_Invoices_Entry? Root Cause Analysis is required for remediation! Top Challenges
www.fulcrumway.comPage 12Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 13Copyright © FulcrumWay Select ERP Controls from FW Controls Catalogs Detect Control Violations Analyze Issues Confirm Findings Present Project Plan Implement ERP Advanced Controls Prepare Assessment Checklist Probe ERP Data Manage Exceptions Prepare Remediation Plan FW Risk Advisor/Client Lead/Control Owners FW Risk Advisor/Client Lead Client Executive Sponsors FW/Client Project Team Establish Test Environment FulcrumWay™ Application Risk Assessment Best Practices Controls Assessment
www.fulcrumway.comPage 14Copyright © FulcrumWay DataProbe™ extracts the security, setup and master data information DataProbe™ is a desktop utility for the client DBA/manager to provide the data On average it takes our cleints less than an hour to install and extract the ERP security , setup and master data for submission to FulcrumWay risk advisory services Controls Assessment
www.fulcrumway.comPage 15Copyright © FulcrumWay FW Controls Catalog with over 1,000 advance controls Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities Controls Assessment
www.fulcrumway.comPage 16Copyright © FulcrumWay ERP Test environment consists of ERP configurations and data objects Selected security, setup and data objects are included in the environment ERP Configuration such as 3-way match in payable options, master data such as Users, Responsibilities, Customers, Invoices, Suppliers, Assets and Payments records are analyzed for control failure risks Controls Assessment
www.fulcrumway.comPage 17Copyright © FulcrumWay Advanced Analytics to analyze ERP Risks Pre-built Risk Analytics. Risk Reports available for client review Risk Advisory identifies controls violations and has the capability to analyze issues, remove false positives to prepare the findings report Controls Monitoring
www.fulcrumway.comPage 18Copyright © FulcrumWay Mitigate and Control Risks Monitor Control Effectiveness Enforce Policies in Context What users can do How is the process set up How users execute processes What users have done What’s changed in the process What are the execution patterns SOD & Access Application Configuration Transaction Monitoring Preventive GRC Manager SOD & Access Application Configuration Transaction Monitoring GRC Intelligence GRC Controls Preventive Controls Assessment
www.fulcrumway.comPage 19Copyright © FulcrumWay Compensating Policies Preventive Provisioning Remediation (Clean-up) Access Analysis • Accelerate deployment and time to value with pre-delivered controls library • Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails • Simplify segregation of duties enforcement with simulation and remediation Define Access Controls Detection Prevention GRC Manager SOD & Access Application Configuration Transaction Monitoring GRC Intelligence GRC Controls Preventive Enforce Proper Segregation of Duties in Applications Controls Assessment
www.fulcrumway.comPage 20Copyright © FulcrumWay Prevent Suspicious Transactions Enforce Transaction Controls Investigate Incidents Transaction Analytics • Identify anomalies missed by traditional audit and controls • Apply Advanced Forensic and Pattern Analysis • Continuous Monitoring of Controls and Transactions Define Transaction Controls Detection Prevention GRC Manager SOD & Access Application Configuration Transaction Monitoring GRC Intelligence GRC Controls Preventive Test integrity of transactions and controls across business processes Controls Assessment
www.fulcrumway.comPage 21Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 22Copyright © FulcrumWay FulcrumWay Roles Manager Overview Eliminate Root Cause of Access Control Violations in ERP: Improve Segregation of Duty controls within mission critical applications Reduce ERP implementation and upgrade costs with pre-configured roles Lower ERP Total Cost of Ownership by assigning pre-approved Roles We enable ERP Administrators: Select pre-configured ERP roles from a roles catalog Update, Review and Approve Role design changes. Identify SOD conflicts before the Roles are assigned to Users. Role Design
www.fulcrumway.comPage 23Copyright © FulcrumWay Role Manager is an ERP security design tool Contains a pre-configured catalog of roles which comply with segregation of duty (SOD) policies. Roles by ERP module and typical access requirements for those modules such as Manager, Supervisor, Clerk, Inquiry, Business Setup and IT Setup. You can use this tool to view existing role templates and design new roles by easily selecting or deselecting ERP functions/transaction. Once you complete the roles design, you can send it, using workflows, to pre-assigned reviewers and approvers to finalize the roles. The role preparers, reviewers and approvers can also assess the SOD control risks before finalizing the roles. Leverage FW DataProbe/Scripts to load current Roles Secure Access from fulcrumway.com portal Role Design FulcrumWay Roles Manager Features
www.fulcrumway.comPage 24Copyright © FulcrumWay Access to Roles ManagerRole Design Sign-in to ERP Controls and Navigate to Roles Manager at FulcrumWay.com Roles Manager is a component of the FulcrumWay Risk Remediation software services that is available instantly over a secure internet-connection.
www.fulcrumway.comPage 25Copyright © FulcrumWay Select the Access Monitor Icon. Then click on the Maintain Access Roles Tab Search and Browse through catalog of Roles for Oracle EBS R12 Roles Manager contains hundreds of Oracle EBS Responsibilities with SOD Controls Designed into the configuration to give you a jump start Role Design
www.fulcrumway.comPage 26Copyright © FulcrumWay Access to Roles Manager Use a “source” role to create a new “target” role. View existing SOD issues with the “source” role. Assign Reviewers and Approvers for the role Embed SOD Controls into Oracle Responsibilities design by eliminating conflicting business activities inherent in the EBS Responsibility configuration Role Design
www.fulcrumway.comPage 27Copyright © FulcrumWay Access to Roles ManagerRole Design Select/ Deselect business activities to update Role configuration automatically Reduce Role design time and effort by selecting business activities to drive the configuration of Oracle Responsibilities.
www.fulcrumway.comPage 28Copyright © FulcrumWay Access to Roles ManagerRole Design Select/ Deselect Request Sets to update Role configuration automatically Effective SOD Controls should include access to Concurrent Request. Remember in R12 you can open/close GL Periods by submitting a request.
www.fulcrumway.comPage 29Copyright © FulcrumWay Access to Roles ManagerRole Design Review and approve Roles using email notifications Reduce ERP implementation/upgrade costs and audit fees by enabling change controls over the Oracle Responsibilities. Reduce risk of SOD control failure
www.fulcrumway.comPage 30Copyright © FulcrumWay Access to Roles ManagerRole Design Access the link to approve or reject the new Role Reduce ERP implementation/upgrade costs and audit fees by enabling change controls over the Oracle Responsibilities. Reduce risk of SOD control failure
www.fulcrumway.comPage 31Copyright © FulcrumWay Access to Roles ManagerRole Design Assign Application Role Owner, Reviewer, Approver and Security Admin Reduce ERP implementation/upgrade costs and audit fees by enabling change controls over the Oracle Responsibilities. Reduce risk of SOD control failure
www.fulcrumway.comPage 32Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 33Copyright © FulcrumWay Global car and equipment rental company, improves employee productivity Our Client Leader in the car and equipment rental businesses worldwide Providing quality car rental service for over 90 years. Over 30,000 employees Challenges Replace multiple legacy systems with one ERP solution Improved Segregation of Duty controls within mission critical applications Maintain consistent ERP system access roles across the subsidiaries leveraging the shared services model Increase external auditor’s reliance on ERP Access Controls Monitoring Solutions GRC DataProbe ERP Controls Catalog ERP Roles Monitor Results: Reduce ERP Role design, build, testing and implementation time by 80% resulting in over $200,000 cost savings during ERP system implementation and global roll-out. Created over 100 Segregation of Duty compliant Roles by business segment with two weeks from FulcrumWay Role Templates within the controls catalog. Lowered ERP Total Cost of Ownership by reducing SoD remediation time and costs by ensuring that all users a assigned only the pre- approved Roles Improve SoD and Access Controls testing time by providing auditors the access log reports showing all Update, Review and Approve Role design changes. Accelerated ERP testing and deploying time by identifying SOD conflicts before the Roles are assigned to Users. Client case
www.fulcrumway.comPage 34Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
www.fulcrumway.comPage 35Copyright © FulcrumWay Thank You! Join us on LinkedIn to view webinar and discussion Summary and Q&A

Recommandé

Identify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access controlIdentify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access controlAlice Cantu
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay
 
Oracle hfm beginner's guide part i
Oracle hfm beginner's guide part iOracle hfm beginner's guide part i
Oracle hfm beginner's guide part iAmit Sharma
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterpriseGRC Solutions, Inc.
 
VMware HIPAA SDDC-EUC Product Applicability Guide Final
VMware HIPAA SDDC-EUC Product Applicability Guide FinalVMware HIPAA SDDC-EUC Product Applicability Guide Final
VMware HIPAA SDDC-EUC Product Applicability Guide FinalAnthony Dukes
 
Erm talking points
Erm talking pointsErm talking points
Erm talking pointsEnterpriseGRC Solutions, Inc.
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP securityERPScan
 
FulcrumWay Webinar - Fusion Security
FulcrumWay Webinar - Fusion SecurityFulcrumWay Webinar - Fusion Security
FulcrumWay Webinar - Fusion Securityactjax
 

Recommandé

Identify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access controlIdentify and monitoring multi-platform and cross-platform access control
Identify and monitoring multi-platform and cross-platform access controlAlice Cantu
 
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...
FulcrumWay - Ed. Webinar - Role & Responsibility Design Techniques that Stren...FulcrumWay
 
Oracle hfm beginner's guide part i
Oracle hfm beginner's guide part iOracle hfm beginner's guide part i
Oracle hfm beginner's guide part iAmit Sharma
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterpriseGRC Solutions, Inc.
 
VMware HIPAA SDDC-EUC Product Applicability Guide Final
VMware HIPAA SDDC-EUC Product Applicability Guide FinalVMware HIPAA SDDC-EUC Product Applicability Guide Final
VMware HIPAA SDDC-EUC Product Applicability Guide FinalAnthony Dukes
 
Erm talking points
Erm talking pointsErm talking points
Erm talking pointsEnterpriseGRC Solutions, Inc.
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP securityERPScan
 
FulcrumWay Webinar - Fusion Security
FulcrumWay Webinar - Fusion SecurityFulcrumWay Webinar - Fusion Security
FulcrumWay Webinar - Fusion Securityactjax
 
Kencur
KencurKencur
Kencurherbalfood
 
1.suji(2)
1.suji(2)1.suji(2)
1.suji(2)herbalfood
 
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013actjax
 
History of jamu
History of jamuHistory of jamu
History of jamuherbalfood
 
Annatto leaves
Annatto leavesAnnatto leaves
Annatto leavesherbalfood
 
Pulowaras
PulowarasPulowaras
Pulowarasherbalfood
 
Conocimiento cientifico y tecnologico
Conocimiento cientifico y tecnologicoConocimiento cientifico y tecnologico
Conocimiento cientifico y tecnologicourodneyl
 
Basil leaves amadea et al.
Basil leaves amadea et al.Basil leaves amadea et al.
Basil leaves amadea et al.herbalfood
 
White Turmeric
White TurmericWhite Turmeric
White Turmericherbalfood
 
Biji adas
Biji adasBiji adas
Biji adasherbalfood
 
Gambir
GambirGambir
Gambirherbalfood
 
Jintan putih ppt
Jintan putih pptJintan putih ppt
Jintan putih pptherbalfood
 
Health benefits of chrysanthemum
Health benefits of chrysanthemumHealth benefits of chrysanthemum
Health benefits of chrysanthemumherbalfood
 
Herbal pala
Herbal palaHerbal pala
Herbal palaherbalfood
 
Describing places
Describing placesDescribing places
Describing placesnuriamen
 
El Panel de Control
El Panel de ControlEl Panel de Control
El Panel de Controlfernandoguffante
 
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay
 
Learn the latest trends and tools to help you id and remediate SOD
Learn the latest trends and tools to help you id and remediate SODLearn the latest trends and tools to help you id and remediate SOD
Learn the latest trends and tools to help you id and remediate SODAlice Cantu
 
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC SolutionsMantala
 
FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay
 

Contenu connexe

En vedette

Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013actjax
 
History of jamu
History of jamuHistory of jamu
History of jamuherbalfood
 
Annatto leaves
Annatto leavesAnnatto leaves
Annatto leavesherbalfood
 
Conocimiento cientifico y tecnologico
Conocimiento cientifico y tecnologicoConocimiento cientifico y tecnologico
Conocimiento cientifico y tecnologicourodneyl
 
Basil leaves amadea et al.
Basil leaves amadea et al.Basil leaves amadea et al.
Basil leaves amadea et al.herbalfood
 
White Turmeric
White TurmericWhite Turmeric
White Turmericherbalfood
 
Jintan putih ppt
Jintan putih pptJintan putih ppt
Jintan putih pptherbalfood
 
Health benefits of chrysanthemum
Health benefits of chrysanthemumHealth benefits of chrysanthemum
Health benefits of chrysanthemumherbalfood
 
Describing places
Describing placesDescribing places
Describing placesnuriamen
 

En vedette (16)

Kencur
KencurKencur
Kencur
 
1.suji(2)
1.suji(2)1.suji(2)
1.suji(2)
 
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
Fulcrum way webinar top 10 advanced control to improve bottomline oct 22 2013
 
History of jamu
History of jamuHistory of jamu
History of jamu
 
Annatto leaves
Annatto leavesAnnatto leaves
Annatto leaves
 
Pulowaras
PulowarasPulowaras
Pulowaras
 
Conocimiento cientifico y tecnologico
Conocimiento cientifico y tecnologicoConocimiento cientifico y tecnologico
Conocimiento cientifico y tecnologico
 
Basil leaves amadea et al.
Basil leaves amadea et al.Basil leaves amadea et al.
Basil leaves amadea et al.
 
White Turmeric
White TurmericWhite Turmeric
White Turmeric
 
Biji adas
Biji adasBiji adas
Biji adas
 
Gambir
GambirGambir
Gambir
 
Jintan putih ppt
Jintan putih pptJintan putih ppt
Jintan putih ppt
 
Health benefits of chrysanthemum
Health benefits of chrysanthemumHealth benefits of chrysanthemum
Health benefits of chrysanthemum
 
Herbal pala
Herbal palaHerbal pala
Herbal pala
 
Describing places
Describing placesDescribing places
Describing places
 
El Panel de Control
El Panel de ControlEl Panel de Control
El Panel de Control
 

Similaire à Reduce sod access violations with effective roles management techniques

FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay
 
Learn the latest trends and tools to help you id and remediate SOD
Learn the latest trends and tools to help you id and remediate SODLearn the latest trends and tools to help you id and remediate SOD
Learn the latest trends and tools to help you id and remediate SODAlice Cantu
 
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC SolutionsMantala
 
FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Oracle
 
Introducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud ServiceIntroducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud ServiceDane Roberts
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Oracle
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsOracle
 
Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...
Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...
Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...Alice Cantu
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOracle
 
Performance Testing: Eliminate System Outages and Save Millions
Performance Testing: Eliminate System Outages and Save MillionsPerformance Testing: Eliminate System Outages and Save Millions
Performance Testing: Eliminate System Outages and Save MillionsMethod360
 
asset management system as defined by uptime elements John Reeve.pptx
asset management system as defined by uptime elements John Reeve.pptxasset management system as defined by uptime elements John Reeve.pptx
asset management system as defined by uptime elements John Reeve.pptxElvisDiaz32
 
FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...
FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...
FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...FulcrumWay
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsJane Jones
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringEmma Kelly
 

Similaire à Reduce sod access violations with effective roles management techniques (20)

FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
FulcrumWay - Planning to Implement, Upgrade or Deploy a New ERP System?
 
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP SystemFulcrumWay - Implement Effective Access Controls within your Oracle ERP System
FulcrumWay - Implement Effective Access Controls within your Oracle ERP System
 
Learn the latest trends and tools to help you id and remediate SOD
Learn the latest trends and tools to help you id and remediate SODLearn the latest trends and tools to help you id and remediate SOD
Learn the latest trends and tools to help you id and remediate SOD
 
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
FulcrumWay - Plug Your Top Revenue Drains in Order to Cash Cycle
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014FulcrumWay - Effective Ways to Assess ERP Controls 2014
FulcrumWay - Effective Ways to Assess ERP Controls 2014
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824
 
Introducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud ServiceIntroducing Oracle Advanced Financial Controls Cloud Service
Introducing Oracle Advanced Financial Controls Cloud Service
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...
Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...
Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle A...
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
 
Performance Testing: Eliminate System Outages and Save Millions
Performance Testing: Eliminate System Outages and Save MillionsPerformance Testing: Eliminate System Outages and Save Millions
Performance Testing: Eliminate System Outages and Save Millions
 
asset management system as defined by uptime elements John Reeve.pptx
asset management system as defined by uptime elements John Reeve.pptxasset management system as defined by uptime elements John Reeve.pptx
asset management system as defined by uptime elements John Reeve.pptx
 
FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...
FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...
FulcrumWay - Ed. Webinar - Oracle EBS R12 General Ledger Configurations to En...
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
 
Rajesh_Dhanuskodi
Rajesh_DhanuskodiRajesh_Dhanuskodi
Rajesh_Dhanuskodi
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 

Dernier

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Dernier (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Reduce sod access violations with effective roles management techniques

  • 1. Leverage Technology: Move Your Business Forward™ Enterprise Risk Management Financial Close Monitor Advanced Controls Catalog Enterprise Audit GRC Monitor FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Copyright ©. Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Rapidly reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities with effective roles management techniques. .
  • 2. www.fulcrumway.comPage 2Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 3. www.fulcrumway.comPage 3Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 4. www.fulcrumway.comPage 4Copyright © FulcrumWay FulcrumWay Intelligent, Integrated Instant Risk Management™ FulcrumWay: is the #1 End-to-End Provider of Enterprise Risk Management Expertise, Solutions and Software Services for Oracle EBS, PeopleSoft and JDE customers with over 200 Fortune-500 to Middle Market clients. Since 2003, we have successfully assisted companies across all major industry segments. Expertise: Risk Advisory Services. Advanced Controls Design for Enterprise Business Applications. Best Practices for Risk Mitigation and Internal Controls Automation. Audit, Compliance, Financial, Enterprise and Operational Risk Assessments. Risk Remediation Services such as Segregation of Duties. Packaged Solutions: FulcrumWay is the #1 choice of Oracle customers for Oracle GRC Manager, GRC Controls and GRC Intelligence/OBIEE software implementation. Oracle has certified us as the only partner with Accelerators for Oracle GRC. We also provide Managed Services and Hosting for Oracle GRC applications. Software Services: Risk Management Tools: Enterprise Risk Manager, Financial Close Risk Manager, Risk Based Audit Manager, IT Risk Workbench, and Advanced Controls Catalog. Data Management Tools: Rules Repository, DataProbe™ adaptors and Data Hub. USA Presence: Privately held Delaware Corporation with US offices in New York City, Dallas and San Francisco International Presence: in Chennai, Dubai, Kampala, London, Rome, Santiago, Singapore Introduction
  • 5. www.fulcrumway.comPage 5Copyright © FulcrumWay Government Oil and Gas Healthcare Communications Financial Services Industrial Equipment Natural Resources Manufacturing Retail FulcrumWay Clients High Tech Our Experience Media and Entertainment Life Sciences
  • 6. www.fulcrumway.comPage 6Copyright © FulcrumWay FulcrumWay™ Insight Thought Leadership Our Experience Co-Authored GRC Book: First book on GRC for Oracle Applications Executive Round Tables – GRC Solutions for Energy Industry, Houston, November 2012 OAUG GRC Solution Lab - April 7th – 11th Denver: GRC Case Studies and Best Practices IIA - Presentations - Top Five Reasons for Automating Application Controls Collaborate 13 – GRC Client Appreciation Dinner April 9th , 2013 Denver Webcasts – GRC Best Practices, Trends and Expert Insight Oracle Open World – Annual GRC Dinner on September 23rd , 2013 W Hotel San Francisco LinkedIn –FulcrumWay Risk, Compliance and Audit Software Group YouTube Podcasts – FulcrumWay Instant Insight in 10 min or less
  • 7. www.fulcrumway.comPage 7Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 8. www.fulcrumway.comPage 8Copyright © FulcrumWay Enforce Segregation of Duty Controls and Security Polices We can not use Oracle “seeded” Responsibilities because of inherent SOD conflicts. GL Supper User can Enter Journals, Post Journal. Change Approval Limits, Update GL Accounts, Change Calendar. Our R12 Patches created even more SOD issues. Which SOD Policies will mitigate the risk in our Oracle Responsibility Design? How do we ensure that the activities of users granted “super user” Responsibilities have effective compensating control? Why do have so many False Positives and how do we remove them from our analysis? What is an effective approach to Design and Test Oracle Security Model before deployment? When will be able to close all SOD incidents? Top Challenges
  • 9. www.fulcrumway.comPage 9Copyright © FulcrumWay Responsibility Form Complicated Security Model High Risk of Segregation of Duties Issues Menu Function User Evaluate User Access • Test by User • Test by Privilege Manage Segregation of Duties • Identify incompatible Privileges • Predefined & Extensible SOD Rule Sets Top Challenges
  • 10. www.fulcrumway.comPage 10Copyright © FulcrumWay Key Factors impacting SOD violations Top Challenges EBS Release and Business Cycles enables by Oracle modules: Order to Cash, Procure to Pay, Record to Report, Hire to Retire, Design to Build, etc: – An average R12 customer has over 35,000 functions and 12,500 menus Number and complexity of SOD Policies – Range from 25 to 250 Number of Business Units and variation in Responsibilities across the business Security Model – RBAC, Single-Sign-On, OIM, etc Number of Users and Responsibilities
  • 11. www.fulcrumway.comPage 11Copyright © FulcrumWay User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 Submenu: AP_Invoices_Entry Function: Invoice Batches User: Mike Jones Payables Users Responsibility: Payables Supervisor Responsibility: Payables UserMenu: UK_AP_Navigate_GUI12 SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: AX_Payables_User Responsibility: Payables Supervisor Responsibility: Payables Manager, US Responsibility: Payables User Remediation in Oracle EBS is a permutation problem What if we exclude ‘Invoice Batches’ from AP_Invoices_Entry? Root Cause Analysis is required for remediation! Top Challenges
  • 12. www.fulcrumway.comPage 12Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 13. www.fulcrumway.comPage 13Copyright © FulcrumWay Select ERP Controls from FW Controls Catalogs Detect Control Violations Analyze Issues Confirm Findings Present Project Plan Implement ERP Advanced Controls Prepare Assessment Checklist Probe ERP Data Manage Exceptions Prepare Remediation Plan FW Risk Advisor/Client Lead/Control Owners FW Risk Advisor/Client Lead Client Executive Sponsors FW/Client Project Team Establish Test Environment FulcrumWay™ Application Risk Assessment Best Practices Controls Assessment
  • 14. www.fulcrumway.comPage 14Copyright © FulcrumWay DataProbe™ extracts the security, setup and master data information DataProbe™ is a desktop utility for the client DBA/manager to provide the data On average it takes our cleints less than an hour to install and extract the ERP security , setup and master data for submission to FulcrumWay risk advisory services Controls Assessment
  • 15. www.fulcrumway.comPage 15Copyright © FulcrumWay FW Controls Catalog with over 1,000 advance controls Select SOD, Master Data, Setup, and Transaction Controls Risk Assessment Detect control weaknesses across ERP system to identify business process optimization opportunities Controls Assessment
  • 16. www.fulcrumway.comPage 16Copyright © FulcrumWay ERP Test environment consists of ERP configurations and data objects Selected security, setup and data objects are included in the environment ERP Configuration such as 3-way match in payable options, master data such as Users, Responsibilities, Customers, Invoices, Suppliers, Assets and Payments records are analyzed for control failure risks Controls Assessment
  • 17. www.fulcrumway.comPage 17Copyright © FulcrumWay Advanced Analytics to analyze ERP Risks Pre-built Risk Analytics. Risk Reports available for client review Risk Advisory identifies controls violations and has the capability to analyze issues, remove false positives to prepare the findings report Controls Monitoring
  • 18. www.fulcrumway.comPage 18Copyright © FulcrumWay Mitigate and Control Risks Monitor Control Effectiveness Enforce Policies in Context What users can do How is the process set up How users execute processes What users have done What’s changed in the process What are the execution patterns SOD & Access Application Configuration Transaction Monitoring Preventive GRC Manager SOD & Access Application Configuration Transaction Monitoring GRC Intelligence GRC Controls Preventive Controls Assessment
  • 19. www.fulcrumway.comPage 19Copyright © FulcrumWay Compensating Policies Preventive Provisioning Remediation (Clean-up) Access Analysis • Accelerate deployment and time to value with pre-delivered controls library • Mitigate risk of privileged user access to enterprise applications with approval workflow and audit trails • Simplify segregation of duties enforcement with simulation and remediation Define Access Controls Detection Prevention GRC Manager SOD & Access Application Configuration Transaction Monitoring GRC Intelligence GRC Controls Preventive Enforce Proper Segregation of Duties in Applications Controls Assessment
  • 20. www.fulcrumway.comPage 20Copyright © FulcrumWay Prevent Suspicious Transactions Enforce Transaction Controls Investigate Incidents Transaction Analytics • Identify anomalies missed by traditional audit and controls • Apply Advanced Forensic and Pattern Analysis • Continuous Monitoring of Controls and Transactions Define Transaction Controls Detection Prevention GRC Manager SOD & Access Application Configuration Transaction Monitoring GRC Intelligence GRC Controls Preventive Test integrity of transactions and controls across business processes Controls Assessment
  • 21. www.fulcrumway.comPage 21Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 22. www.fulcrumway.comPage 22Copyright © FulcrumWay FulcrumWay Roles Manager Overview Eliminate Root Cause of Access Control Violations in ERP: Improve Segregation of Duty controls within mission critical applications Reduce ERP implementation and upgrade costs with pre-configured roles Lower ERP Total Cost of Ownership by assigning pre-approved Roles We enable ERP Administrators: Select pre-configured ERP roles from a roles catalog Update, Review and Approve Role design changes. Identify SOD conflicts before the Roles are assigned to Users. Role Design
  • 23. www.fulcrumway.comPage 23Copyright © FulcrumWay Role Manager is an ERP security design tool Contains a pre-configured catalog of roles which comply with segregation of duty (SOD) policies. Roles by ERP module and typical access requirements for those modules such as Manager, Supervisor, Clerk, Inquiry, Business Setup and IT Setup. You can use this tool to view existing role templates and design new roles by easily selecting or deselecting ERP functions/transaction. Once you complete the roles design, you can send it, using workflows, to pre-assigned reviewers and approvers to finalize the roles. The role preparers, reviewers and approvers can also assess the SOD control risks before finalizing the roles. Leverage FW DataProbe/Scripts to load current Roles Secure Access from fulcrumway.com portal Role Design FulcrumWay Roles Manager Features
  • 24. www.fulcrumway.comPage 24Copyright © FulcrumWay Access to Roles ManagerRole Design Sign-in to ERP Controls and Navigate to Roles Manager at FulcrumWay.com Roles Manager is a component of the FulcrumWay Risk Remediation software services that is available instantly over a secure internet-connection.
  • 25. www.fulcrumway.comPage 25Copyright © FulcrumWay Select the Access Monitor Icon. Then click on the Maintain Access Roles Tab Search and Browse through catalog of Roles for Oracle EBS R12 Roles Manager contains hundreds of Oracle EBS Responsibilities with SOD Controls Designed into the configuration to give you a jump start Role Design
  • 26. www.fulcrumway.comPage 26Copyright © FulcrumWay Access to Roles Manager Use a “source” role to create a new “target” role. View existing SOD issues with the “source” role. Assign Reviewers and Approvers for the role Embed SOD Controls into Oracle Responsibilities design by eliminating conflicting business activities inherent in the EBS Responsibility configuration Role Design
  • 27. www.fulcrumway.comPage 27Copyright © FulcrumWay Access to Roles ManagerRole Design Select/ Deselect business activities to update Role configuration automatically Reduce Role design time and effort by selecting business activities to drive the configuration of Oracle Responsibilities.
  • 28. www.fulcrumway.comPage 28Copyright © FulcrumWay Access to Roles ManagerRole Design Select/ Deselect Request Sets to update Role configuration automatically Effective SOD Controls should include access to Concurrent Request. Remember in R12 you can open/close GL Periods by submitting a request.
  • 29. www.fulcrumway.comPage 29Copyright © FulcrumWay Access to Roles ManagerRole Design Review and approve Roles using email notifications Reduce ERP implementation/upgrade costs and audit fees by enabling change controls over the Oracle Responsibilities. Reduce risk of SOD control failure
  • 30. www.fulcrumway.comPage 30Copyright © FulcrumWay Access to Roles ManagerRole Design Access the link to approve or reject the new Role Reduce ERP implementation/upgrade costs and audit fees by enabling change controls over the Oracle Responsibilities. Reduce risk of SOD control failure
  • 31. www.fulcrumway.comPage 31Copyright © FulcrumWay Access to Roles ManagerRole Design Assign Application Role Owner, Reviewer, Approver and Security Admin Reduce ERP implementation/upgrade costs and audit fees by enabling change controls over the Oracle Responsibilities. Reduce risk of SOD control failure
  • 32. www.fulcrumway.comPage 32Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 33. www.fulcrumway.comPage 33Copyright © FulcrumWay Global car and equipment rental company, improves employee productivity Our Client Leader in the car and equipment rental businesses worldwide Providing quality car rental service for over 90 years. Over 30,000 employees Challenges Replace multiple legacy systems with one ERP solution Improved Segregation of Duty controls within mission critical applications Maintain consistent ERP system access roles across the subsidiaries leveraging the shared services model Increase external auditor’s reliance on ERP Access Controls Monitoring Solutions GRC DataProbe ERP Controls Catalog ERP Roles Monitor Results: Reduce ERP Role design, build, testing and implementation time by 80% resulting in over $200,000 cost savings during ERP system implementation and global roll-out. Created over 100 Segregation of Duty compliant Roles by business segment with two weeks from FulcrumWay Role Templates within the controls catalog. Lowered ERP Total Cost of Ownership by reducing SoD remediation time and costs by ensuring that all users a assigned only the pre- approved Roles Improve SoD and Access Controls testing time by providing auditors the access log reports showing all Update, Review and Approve Role design changes. Accelerated ERP testing and deploying time by identifying SOD conflicts before the Roles are assigned to Users. Client case
  • 34. www.fulcrumway.comPage 34Copyright © FulcrumWay Reduce SOD Access Violations with effective roles management techniques. Introduction Top SOD Challenges in Oracle EBS SOD Controls Assessment Overview Role Design Techniques Case Study Q&A Agenda
  • 35. www.fulcrumway.comPage 35Copyright © FulcrumWay Thank You! Join us on LinkedIn to view webinar and discussion Summary and Q&A