Description
Oracle’s® latest home-grown application built on Fusion technology is Oracle’s bet for the future for enterprise applications in the cloud. Oracle has used the ‘best of’ its various applications it has bought (E-Business Suite, PeopleSoft, JD Edwards, Siebel, etc.) and built in the design of this new cloud application. In this two-day class, we will look at the core elements of the application. We will review foundational principles such as the technical architecture, security model, role design, generic users, patching and change management, common elements, profile options, controls monitoring and reporting, audit policies, workflow issues, master data, and application controls.
NOTE: Attendees are encouraged, but not required, to bring a laptop. This course will be a combination of direct teaching and interactive activities to the extent that the attendees have access to their organization’s instance.
Prerequisites: None
Learning Level: Basic
Advance Preparation: None
Field: Auditing
Delivery Method: Group-Live
What you will learn
1. Architectural Overview
• cloud: differences from other applications
• presentation layer
• application layer
• database layer
• example
2. Common Elements
• key flexfields
• descriptive flexfields
• value sets/values
• security rules
• cross-validation rules
• profile options/values
3. Organization Structure
4. Master Data Overview
• bank account
• supplier
• customer
• item
• employee
5. Building a Proper Audit Trail
• why an audit trail
• types of technologies to build audit trail
• what to audit
6. Application Security Configurations and Administration
• users
• roles
• data security
• flexfield security
7. Application Security Best Practices
• RBAC principles
• role design principles-end users and IT
• seeded users
• generic users
• role assignments
• impersonizations
• job scheduling users
• password controls
8. Workflow Security and Controls
• workflow policies
• approve workflows via email
• delegate or transfer workflows
9. Risks and Controls Related to Privileged Users
• risks
• ways to monitor privileged users
10. Change Management Best Practices
• types of changes
• impact of IIA GTAG 2
• best practices
• common challenges
11. Designing and Auditing Application Controls
• application controls types and examples
• Impact of IIA GTAG 8
• benchmarking
• best practices
• common challenges
12. Protecting Sensitive Data in Production and Non-Production
• statutory requirements
• identifying and classifying
• impact on application security
• impact on database security
• impact on change management process
13. Project Risks and Implementation Audits
• key project risks
• internal audit involvement
14. Common Audit Issues
15. Auditor Resources