Oracle Applications Auditing and Security Best Practices
This post points you to a site that has some really good presentations and white papers related to auditing and securing Oracle E-Business Suite and provides some related links.
Having been an Auditor/Accountant in a former life, I always try to make certain that when implementing an ERP system I take into account security issues and also ensure that the system can be audited by both internal and external parties. Oracle has many built in auditing and security features, but in my experience, people do not make appropriate use of them because they are not aware they exist or they do not have the time or budget to implement them. Personally, I believe awareness of the capabilities of Oracle E-Business Suite is the starting point towards ensuring system security and auditability. Hence, it’s always nice to come across some information which can give you new ideas as to what approach you should take when implementing such a system.
A really good site that I have come across which has some superb white papers and related information on Oracle Applications auditing and security is Integrigy. According to their site: -
Integrigy Corporation is a leader in application security for large enterprise, mission critical applications. Our application vulnerability assessment tool, AppSentry, assists companies in securing their largest and most important applications. Integrigy Consulting offers security assessment services for leading ERP and CRM applications.
Key Oracle Applications papers and presentations on auditing and security that you can download are as follows: -
- Securing 11i - What did you miss? (221KB) - Stephen Kost, Chief Technology Officer
- Securing Oracle Applications - What You Need to Know (78KB) - Stephen Kost, Chief Technology Officer
- Securing the Oracle Applications Infrastructure (152KB) - Stephen Kost, Chief Technology Officer
- Guide to Auditing in Oracle Applications (303KB)
The resources section of the site is also quite good since it not only includes white papers but also security alerts, advisories and notes, analysis and tools and scripts . There is also a quarterly newsletter published which keeps you up to date with Security Issues around Oracle Applications.
Other Resources
- Best Practices for Securing Oracle E-Business Suite – Metalink Note ID 189367.1
- Best Practices For Securing Oracle E-Business Suite 11i For Internet Access – Metalink Note ID 229335.1
- 11i: A Guide to Understanding and Implementing SSL for Oracle Applications – Metalink Note ID 123718.1
- Oracle Applications 11i System Administrator’s Guide
- Oracle Security Alerts – http://technet.oracle.com
I’m looking for information on how to Audit payables or the GL modules in Oracle 11i. The Integrigy pdf does help, but from a different perspective. Please help!
Posted by .(JavaScript must be enabled to view this email address) on 10/12 at 10:52 PMWhat type of audit are you hoping to perform?
Posted by Richard Byrom on 10/14 at 04:53 PMI have to create a complete work program for our corporate IT audit. I’m looking for previous documentation to help me out. Test procedures, control objectives for GL, Payables etc.
Posted by .(JavaScript must be enabled to view this email address) on 11/02 at 03:47 AM
Add Comment Information Here
Please note that comments will only be accepted from valid members of this site who provide feedback that is beneficial to readers of the blog. ALL comments (even those from members) will be subject to moderation.