Friday, September 10, 2004
Oracle Applications Auditing and Security Best Practices
This post points you to a site that has some really good presentations and white papers related to auditing and securing Oracle E-Business Suite and provides some related links.
Having been an Auditor/Accountant in a former life, I always try to make certain that when implementing an ERP system I take into account security issues and also ensure that the system can be audited by both internal and external parties. Oracle has many built in auditing and security features, but in my experience, people do not make appropriate use of them because they are not aware they exist or they do not have the time or budget to implement them. Personally, I believe awareness of the capabilities of Oracle E-Business Suite is the starting point towards ensuring system security and auditability. Hence, it’s always nice to come across some information which can give you new ideas as to what approach you should take when implementing such a system.
A really good site that I have come across which has some superb white papers and related information on Oracle Applications auditing and security is Integrigy. According to their site: -
Integrigy Corporation is a leader in application security for large enterprise, mission critical applications. Our application vulnerability assessment tool, AppSentry, assists companies in securing their largest and most important applications. Integrigy Consulting offers security assessment services for leading ERP and CRM applications.
Key Oracle Applications papers and presentations on auditing and security that you can download are as follows: -
- Securing 11i - What did you miss? (221KB) - Stephen Kost, Chief Technology Officer
- Securing Oracle Applications - What You Need to Know (78KB) - Stephen Kost, Chief Technology Officer
- Securing the Oracle Applications Infrastructure (152KB) - Stephen Kost, Chief Technology Officer
- Guide to Auditing in Oracle Applications (303KB)
The resources section of the site is also quite good since it not only includes white papers but also security alerts, advisories and notes, analysis and tools and scripts . There is also a quarterly newsletter published which keeps you up to date with Security Issues around Oracle Applications.
- Best Practices for Securing Oracle E-Business Suite – Metalink Note ID 189367.1
- Best Practices For Securing Oracle E-Business Suite 11i For Internet Access – Metalink Note ID 229335.1
- 11i: A Guide to Understanding and Implementing SSL for Oracle Applications – Metalink Note ID 123718.1
- Oracle Applications 11i System Administrator’s Guide
- Oracle Security Alerts – http://technet.oracle.com
e-mail this article • Administration •Auditing •Documentation •Security •Newsletters •Presentations •White Papers • (4) Comments • Bookmark this to del.icio.us • Permalink
Wednesday, August 11, 2004
Improving the Transparency and Auditability of your Corporation with Oracle E-Business Suite
This post reviews a presentation given at the Oracle OpenWorld Melbourne 2004 Conference by Folia Grace, Product Director, Enterprise Resource Planning, Oracle Corporation.
This presentation, entitled Improve the Transparency and Auditability of your Corporation (2.10MB), attracted my interest primarily because it had some information on Enterprise Planning Budgeting which I understand is destined to replace Oracle Financial Analyzer (OFA). The presentation begins by outlining what transparency and auditability involves, namely: -
- Auditability of Financial Results
- Auditability of the Process underlying those results
- Clarity of results and processes to all stakeholders:
It states that having access to information is not what’s most important, it’s whether the information is useful that counts. The main portion of the presentation relates to how you can use Oracle Applications to improve efficiency, control and data transparency. Efficiency is achieved by the Oracle Information Architecture which has the following characteristics: -
Unified Data Model
The Unified Data Model provides a single definition of customers, suppliers, partners, employees, and business events. This single source of truth, throughout the organisation, means that the information customers use to make decisions is accurate and timely.
Global means that all data, worldwide, are consolidated into a single instance. The Oracle E-Business Suite handles multiple currencies, languages and different security needs of different countries. This means that costs are reduced, by consolidation of data centre’s and data administration, and the quality of the information is improved.
The presenter goes on to highlight how Controls are improved by using: -
- the Interface Data Transformer (IDT)
- Business Events
- the Currency Rates Manager
- the Global Intercompany System and
- Journal Approvals workflow
Data Transparency is said to be achieved by the following Oracle Reporting and Analysis Tools: -
- Daily Operational Management Reporting - DBI: Pre-built role-based BI portal pages and management reports, drill-downs, simplified architecture
- Financial Reporting and Analysis - EPB, FSG: Integrated Financial Reporting and Analysis with drill-down.
- Planning, Budgeting and Forecasting - EPB: Streamlined enterprise planning and budgeting, on-going performance monitoring
The Key Benefits of Enterprise Planning and Budgeting are stated as: -
- Fully integrated financial reporting, analysis, consolidation, planning, budgeting, and forecasting processes
- ‘Real-time’ post from GL
- Advanced multi-dimensional, multi-level reporting UI in html and export in Excel
- Easy reporting with different hierarchy versions
- Full drilldown to source transaction details
The presentation has some nice EPB screen shots which is the first time I have actually seen what the application might look like - until now all I’ve heard was the usual marketing talk. I wonder how easy it is to get it working. I would be interested in receiving any comments from readers and authors that relate to EPB, especially those who might be involved in the early adopter or beta programme for this particular product.