Resources
Understanding Role Delegations in Oracle ERP/HCM Cloud
Fraud and Data Loss - one and the same?
Securing the Financial Close
Oracle Cloud Applications provide no warning or safeguards when it comes to exceeding your License counts. Creating New Users or assigning existing Users to Roles, gives access to functionality that may increase your usage and take licenses from the 'pot.'
In a recent Audit we found the customer had gone over their License counts for ALL of their licensed Cloud Services, from Financials, HR, Collections, to Project Management - all were over.
One key area we found that Licenses were being exceeded was in the area of setup. IT Users were granted access to areas of the Application by way of using the same Roles that the Functional Users were using. Aside from licensing issues this also raised the issue or Risk related to Segregation of Duties or just the general idea that IT Users should not be able to conduct transactions outside of their responsibilities and Job duties.
This access proved to be problematic on many levels and should be a priority to resolve regardless of Industry or whether you are publicly traded or not.
What does Security have to do with this?
In this Audit we found that the use of the Delivered or Seeded Roles provided by Oracle were in use. This meant that functionality granting access to modules or services were contained in these Roles along with the functionality need to perform their Job/Duties. Without a dedicated Role Design process, the utilization of delivered Roles means that Users will inherit functionality across Business Lines and Modules.
This is in addition to the lack of controls around exceeding User counts.
This is a statement that we hear consistently, repeatedly. The IT Teams may have the knowledge of the access in the Application, but cannot make decisions around who should have access to what.
In turn the Functional Users of the Application don't understand all of the technicalities and terminology related to what the Users in their department can do. Throw in the sheer number of Security elements and you end up with a 'stalemate' and no action.
You may or may not have a Compliance requirement for good Security such as Sarbanes Oxley, but when Security starts costing you Money over your subscription, the Return on Investment becomes clear: cleaning up your Security will help reduce your License fees.
Seecuring balances Technology with Services, we start by analyzing the structure of your Oracle Environment, looking for areas where your licenses may be over your license agreement. This License Audit will give you insights into areas where the numbers have gone over and how they got there.
We then dive into the Security to identify areas that can be addressed to bring your Organization back into Compliance.
Going forward we can assist with the remediation efforts and provide support to 'bridge the gap' between IT and the Business Users to help remediate your Risks and reduce your License exposure.
Fraud and Data Loss - one and the same?
Securing the Financial Close