#JDEINFOCUS
[First Name] [Last Name][Date]
Auditable JDE Compliance Health Check Delivered
Introductions
Linda Nelson, CPAALLOut Senior Director of PreSales27 years of Compliance/Audit Management and Implementation
#JDEINFOCUS
About ALLOut
Scope of Compliance?
Areas to Consider
ALLOut tools to Help
Agenda
Wrap-Up
#JDEINFOCUS
Who is ALLOut Security?Security Management
Efficient Role ManagementAll Security Records in GridsAutomatically resolve security conflicts
User Management
One Click ProvisioningManage unused user IDs
Menu ManagementManage Menus in a GridVersion Management in a GridSecurity Management by Menu
ReportingUser, Security and MenuAudit HistoryDelivered, Simple and Auditable
ComplianceSegregation of Duties, SOX and JSOX ReportingGDPR SupportSection 404 List
Project Automation SamplesOpen to Close or Deny All Set UpUpgradesNet New Implementation
#JDEINFOCUS
What Makes ALLOut Unique
Low Risk – Immediate ROI
Standard E1• Utilize E1 Tables• E1 development methods• E1 Reporting-No need for 3rd party
tools • Use seamlessly with standard E1• Utilize E1 workflow• UDO Management
Low Upfront Investment• License modules needed• No Implementation project
required• Best practice data available
Complete Solution• ALLOut staff available to ensure
your success• Flexible for your needs • Simple or Configurable • Mini GRC solution • Role Assignment Self Service • Over 100 Pre-delivered Reports • Pre-delivered UDO Content
Training• Short learning curve• Webinars• Project planning• Online sessions for your team• Training classed 30+• Tutorials at your fingertips 27+• On-site training available
Low Risk – Immediate ROI
Compliance
#JDEINFOCUS
What is Compliance?
#JDEINFOCUS
Compliance Management
#JDEINFOCUS
Compliance – Best Practices• Segregation of Duties reviews• User access reviews
• Manage user access for individuals that have changed responsibilities• Critical Access reporting
• Select what functions are critical to your business• Define what programs grant access
• Managing users not accessing the system• F9312 • Security history needs to be turned on
• Data Security• Review for un-authorized changes
• F9312• Auditing turned on • Filter by event type
Segregation of Duties
#JDEINFOCUS
Why Best Practice?
#JDEINFOCUS
Things to Consider
• Automated or Manual
• Effective or Not
• Security Records
• User Access
• Based on Organization Risk
• Key Area• Programs
Critical Process
SoDRules
ControlsSecurity
SecurityPlus
CombiRoles
ProfilePlus
MenuPlus
Risk Reporting
Risk Management
Take a Look?
SOD Reporting
#JDEINFOCUS
SOD Review Cycle
Jul
Aug
Sep
Oct
Nov
Dec
Jun
May
Apr
Mar
Feb
JanQ1 SOD Rule and Unmitigated Segregation of Duties
Q2 SOD Rules, Unmitigated Segregation of Duties, ALL High Risk SOD
Q3 SOD Mitigations, Unmitigated Segregation of Duties, ALL High Risk SOD
Q4 Segregation of Duties
Internal Auditor Annual Review
Internal Auditor Interim ReviewExternal Auditor Review
Weekly ReviewJDE objects PromotedUnmitigated SOD
Monthly ReviewRules
Mitigating ControlsChanges
User Reviews
#JDEINFOCUS
User Access• Test ID's are Disabled in Production • Ensure All Users are Included in User Reviews • Review for Users Not Signing In • Ensure users Excluded from Review are Disabled in
Production• Remove Users with No Security Roles • Ensure System Admins Have No Other Access • Identify Individual Users With Information For Those Not
Compliant with Global Policies • Restrict Inquiry Roles From Submitting Batch Processes
Data Security
#JDEINFOCUS
Unauthorized Access• Nonconformity With Security or Regulatory Requirements• Access to Sensitive data
• Banking• Payroll• Product
#JDEINFOCUS
Security Data» Row Security» Column Security» Address Book Personal Data» Data Browser
» Don’t Forget to Ensure to Applied at the Appropriate Level» Application» Table
» Check out our Site for More Detail» Security Best Practices» Security Audit Best Practices
#JDEINFOCUS
Data Protection Adherence (GDPR, HIPPA etc.)
• List of Programs that have access to personal data
• Identification of access paths
Access Reporting
• All roles that have access to personal data• ALL users that have access to personal
data
Critical Access Report
• Any changes to the personal data access• Any changes to programs considered for
accessAudit History
• Tracking of approvals and documentation within E1 for granting access to roles with access to personal data.
Role assignment request process
Change Management
#JDEINFOCUS
Process Steps
Need for Change Arises
Request is Submitted
Request Reviewed
Change is Approved
Change is Completed
Change is Communicated
Change is Tested
Documentation is Retained
Self Monitor Process is Audited
#JDEINFOCUS
Variety of Standard Reports• User Changes Auditing• Role Changes Auditing• Assignment Changes Auditing• Security Changes Auditing• Menu Changes Auditing• Compliance Changes Auditing• Audit Configuration Changes Auditing
Wrap Up
#JDEINFOCUS
Effective ComplianceAssess User Access Risk
Create Risk Appropriate Policies and Procedures
Train Staff
Review a Variety of Reports
Automate Reviews and Compliance
Communicate Between Departments
How We Can Help
Users,Roles&
Relationships
AdditionalReports
One record per user/object/month (small footprint)
Section404
Compliance
Segregation of
Duties
Task Views
Critical ProcessLists
Companies&
Business Units
Delivered Reports
#JDEINFOCUS
Let us Help - JDE E1 Security Audit• Take Back Control of your Risk – Empowering In-house Security Auditing• Can be deployed equally effectively in both Open and Closed security
environments for those who:• Need to assess their organizational risk• Need reliable information to for audits• Need a methodology to satisfy audit requirements for the long-term• Are unsure of security effectiveness• Need evidence to cost justify a budget to address known exposure• Are planning an upgrade and wish to review and overhaul security at the same time
• As well as providing detailed reports, one of ALLOut's experts will examine the results, assess the effectiveness of the security and make recommendations for:• A plan to address System Access Risk• Analysis of current Segregation of Duties and Critical/Master Data Program
Access
Please complete a session evaluation
Session ID: 123456
Contact Info:[email protected]: 555.555.1234
#JDEINFOCUS
A 55,000+ member user community for Oracle Cloud, JD Edwards and PeopleSoft customers.
What the Quest JD Edwards Community offers:
Customized digital content
Official JD Edwards newsletter
Customer success stories
Virtual and face-to-face events
JD Edwards networking groups
Visit questoraclecommunity.org for more information!
Who is the Quest Community?