Auditing Oracle's E-Business Suite - ASE355

Auditing Oracle's® E-Business Suite

Auditing Oracle's E-Business Suite - ASE355
ENROLL IN THIS COURSE

Upcoming Dates & Locations

Auditing Oracle's E-Business Suite - ASE355

CPE:24


Price: $1833.00


Overview

This course covers application risks and controls for the most commonly implemented Oracle E-Business Suite applications. It includes application security, IT general controls, and dozens of SQL queries often used in assessments.


Who Should Attend

Internal auditors, IT auditors, business and data analysts, compliance and IT professionals whose role requires using or overseeing Oracle applications.


Prerequisites

  • Auditing Business Application Systems (ITG103) or equivalent experience

What You’ll Learn

You will learn about the application’s risks and controls, the core elements of the application, and how to audit the application effectively.


Objectives

Oracle Overview:

  • technical architecture overview
  • presentation layer
  • application layer
  • database layer
  • impact on change control

Common Elements and Modules:

  • key flexfields
  • descriptive flexfields
  • value sets
  • security rules
  • cross-validation rules
  • system profile options
  • user profile options

Organization Structure:

  • business groups
  • ledgers/sets of books
  • legal entities
  • operating units
  • inventory organizations

Master Data Overview:

  • item master
  • customer master
  • supplier master
  • bank master

Building a Proper Audit Trail:

  • audit trail deficiencies
  • why an audit trail?
  • audit trail technologies
  • building a proper audit trail
  • what to audit

Oracle Security Basics:

  • users
  • roles and responsibilities
  • menus
  • request groups
  • security profiles, global security profiles
  • organization access
  • role-based security

Application Security Best Practices:

  • sensitive data
  • privileged users
  • SQL forms risks and controls

Change Management Best Practices for Oracle E-Business Suite:

  • object-oriented development change management
  • security change management
  • patch change management
  • configuration change management

Designing and Auditing Application Controls:

  • types of application controls
  • IIA guidance
  • overriding application controls
  • benchmarking

Best Practices for Protecting Sensitive Data:

  • statutory requirements
  • typical sensitive data
  • identifying and classifying sensitive data
  • impact on application security
  • impact on database security
  • ways to secure data
  • application and database technologies
  • impact on change management process and SDLC

Foundation/Core Applications: Risks and Controls:

  • lookback procedures
  • IT users

General Ledger: Risks and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Assets: Risks and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Cash Management: Risks and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Procure to Pay: Risks and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Order to Cash: Risks and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Inventory: Risks and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Hire to Termination: Risk and Controls:

  • key configurations
  • key transactions
  • key risks
  • key controls
  • key segregation of duties

Why You Should Attend

You should attend because auditors at organizations using Oracle’s E-Business Suite should know how to audit its enterprise resource planning, customer relationship and supply chain management functions.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.

ENROLL IN THIS COURSE