Comply using ConfigSnapshot
ConfigSnapshot provides significant functionality to assist organisations with audit and control requirements, including:Security Setup Reporting
Security is a complex area within the E-Business Suite with many setups affecting what functions, programs and data users are able to access, including:
- Users, Responsibilities and Roles
- Report and Request Groups
- Profile Options
ConfigSnapshot provides flexible reporting to review all of these setup areas to enable system administrators to keep control over access controls.Security Effects of Patching and Upgrades
As well as changes made to security setups during normal system management these areas can be directly affected when certain patches are applied or where the environment is upgraded. New forms, form functions and concurrent programs may be introduced and these will automatically become available to some users. It can be a significant challenge to identify what these new items are and an even greater challenge to understand the effect on security access.
ConfigSnapshot simplifies this by enabling you to compare the affected setup pre- and post-patch or upgrade, quickly identifying any new items introduced and also which users and responsibilities have inherited access to these items, allowing you to determine any additional access controls that should be defined.Segregation of Duties Reporting
As well as considering access to individual forms, functions and concurrent programs many organisations must consider which combinations of access users should not be permitted; for example the ability to enter and post a General Ledger journal in the same ledger or set of books. Controlling segregation of duties is a requirement when complying with legislation such as Sarbanes Oxley but is also good practice in any organisation.
The standard E-Business Suite does not provide segregation of duties reporting and solutions can be complex and expensive to implement. ConfigSnapshot provides a simple and cost effective segregation of duties capability, including:
- Defining constraints for functions, concurrent programs, roles, responsibilities etc.
- Defining violation rules based on individual constraints or groups of constraints
- Classifying rules to enable specific types of violation rules to be run as well as full violation analysis
- Defining conditions, both globally and for specific rules, to target violations; for example, only reporting where a user can perform two segregated functions within the same operating unit
- Applying different conditions dependent on the E-Business Suite environment against which the violation analysis is carried; for example, to eliminate false positives that would exist on a development environment due to particular users having been given elevated access privileges to simplify the setup of the applications.
Audit Track Reporting
ConfigSnapshot provides a number of methods to report changes to setup over time. This includes the ability to capture and report full details of every change made to selected data areas; when it happened, what changed and who made the change.