Our Oracle Applications Control & Enhancement Services or OACES methodology (pronounced oasis) is designed to complement and not conflict with your internal or system integrator's implementation/upgrade methodology and approach. While your company's system integration team is responsible for delivering the Oracle applications environment on time, on budget, and with the expected functionality, we proactively identify, communicate, and remediate the associated Business Process Control, Security and Technical Infrastructure risks associated with the implementation. Further, our OACES methodology was developed to significantly enhance and improve the oftentimes high-level application audits performed by external audit firms.
The primary objectives of our OACES™ Methodology include:
- Providing a structured approach to security and controls design and an appropriate framework to enable consistent delivery on a global basis
- Ensuring the use of appropriate tools, techniques and skills
- Providing a strong risk management framework for the work
The service aligned with our OACES™ Methodology can be tailored to support different type of engagements including:
- Design, implementation and documentation of application controls surrounding the implementation of enterprise applications
- Business process and controls optimization
- Oracle implementation assessments surrounding the implementation of enterprise applications
- Redesign of security surrounding existing implementations of enterprise applications
Appssurance service offerings include:
- AppsSetup : Application Setup Controls -- Design & Assessment
- AppsSecure : Application Security -- Design, Implementation & Remediation
- AppsProcess : Business Process Controls -- Design, Documentation & Implementation
- AppsOptimize : Optimization of Business Processes and associated controls
- AppsRCL : Comprehensive Business Process Risk & Controls Library
- AppsTools : Evaluation and Implementation of Application Assurance Tools
- AppsSupport : Outsourced Oracle Support and/or Internal Audit Services
When implementing or upgrading the Oracle E-Business Suite it is important to manage the following risks:
- Business Process Control Risks: A risk-based approach should be applied to focus on business process and data integrity controls. Drawing on our knowledge of control best practices, we will work with the business process design teams to ensure that financial, operational, and compliance controls are addressed in the design of the business processes as well as the underlying Oracle applications.
- Security Risks: For Oracle implementations, a sound authorization concept is central to the integrity of access control and segregation of duties. Our in-depth knowledge of the proper authorization concept will provide a foundation for the design and implementation of a worldwide approach to securing the Oracle applications. Issues such as the organization, management, and administration of security must be considered during the design and implementation of Oracle. Our financial and internal control experience can be leveraged to apply segregation of duties to business roles and responsibilities
- Technical Infrastructure Risks: The implementation of Oracle and other enterprise applications can create significant changes in the underlying IT infrastructure. These changes relate to network configuration, operating system configuration, physical location of application processing, to name a few. Without strong general controls supporting the technical infrastructure, the application controls, which are being designed and implemented, may be circumvented. As a result, the underlying technology supporting the overall solution must be thoroughly tested to ensure controls cannot be bypassed.
- Application Interface Risks: Oftentimes, the Oracle applications are implemented as a component of a much larger systems solution. As such, interfaces with legacy systems and "third party bolt-ons" are common. For proprietary or legacy application systems that require custom interfaces, examination of file controls and system balancing controls to maintain data integrity is critical.