 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Services
ERP Risk Advisors is pleased to provide our clients with expertise beyond our seminar offerings.
Our targeted resources our firm can help address your most critical needs. Leverage our industry
leadership with the following services:
Pre-Implementation Services:
Implementation Security Design
Leverage our risk based assessment of user access controls and industry expertise to help design
your application security during your implementation process.
Implementation Controls Design
Does your implementation partner have the skills to configure your application to maximize the
embedded controls within Oracle and not add new internal control deficiencies into your
environment? We can evaluate your configuration documents and provide you with valuable insight
into configuration issues of which you need to be aware.
Software Implementation Services:
Free GRC-Related Software Advice
Don't know what you need??? Jeffrey offers a free one hour conference call. In an hour or less, he
can walk you through the different software providers and let you know which one(s) match up to your
requirements. And we can implement whatever software you choose...
RFP/RFI
Gain valuable independent analysis of third party software used to automate and monitor controls for
your Oracle Applications Environment. Take advantage of our industry leadership and understanding
of internal controls deficiencies in Oracle Applications to help design and coordinate your RFI/RFP
process.
You Choose... We Implement Software Services
You choose the software... We can implement it. From Oracle's Identity Management to GRC-Related
software from Oracle or other firms such as CaoSys, Absolute Technologies, Greenlight
Technologies, Approva, or Lumigent. Leverage our industry-leading risk assessment process to
implement various software to automate and/or monitor your controls.
Assessment Services:
Level I Assessment: Assess Compliance with Provisions in the Oracle E-Business Suite
Controls: Application Security Best Practices book written by Jeffrey T. Hare, CPA CISA CIA
Purpose: To assess compliance with most of the best practices provided in the book “Oracle E-
Business Suite Controls: Application Security Best Practices.” Datasheet
Level II Assessment: Software as a Service - Oracle E- Business Suite Segregation of Duties,
Sensitive Function, and Sensitive Data Analysis
Purpose: Function-level analysis of SOD, access to sensitive data, and access to high-risk functions.
Offered as a software as a service through CaoSys. Datasheet
Level II Assessment: Oracle E-Business Suite Change Management Process Review
Purpose: To review and provide feedback to the organization as to areas for improvement in the
Oracle E-Business Suite change management process. Datasheet
Level II Assessment: Oracle E-Business Suite Privileged User Review
Purpose: To assess security design and support procedures in order to provide feedback related to
privileged users and strategies to reduce risk. Datasheet
Level II Assessment: Oracle E-Business Suite User Provisioning Process Review
Purpose: To review the user provisioning process, termination process, and related policies,
standards, and procedures for Oracle E-Business Suite-related activity. Datasheet
Level II Assessment: Oracle E-Business Suite SOX Key Controls Best Practices Assessment
Purpose: To review compliance with best practices related to key controls baselining and related
change management practices. Datasheet
Other Services Offered:
ERAM – ERP Seminars Risk Assessment Methodology: User Access Controls and SOD Risk
Assessment
We have developed an industry leading risk-based user access control (including SOD) analysis.
This analysis is a must for any company trying to reduce audit fees in the area of Segregation of
Duties or reviewing or implementing a third-party solution for such. Take a look at some examples of
our approach to risk-assessment versus other firm's approaches.
SOX Readiness Review
Leverage our Best Practices knowledge, including our extensive work regarding Sarbanes-Oxley, to
review your readiness for Sarbanes-Oxley or how your company matches up with best practices.
Internal Audit Training
Leverage our industry expertise to train your audit staff on how to audit risks associated with Oracle's
eBusiness Suite. Allow us to customize training to meet your company's needs.
Industry Analysis
Jeffrey's knowledge of the Oracle Apps GRC space is unmatched, similar to what you find at an
analyst firm such as AMR, Forrester, Gartner, or IDC. Leverage his expertise in helping various ways.
Contact us for more information on various services Jeffrey can provide to your organization.
Free 1 Hour Consultation
Needing some quick advice about your Oracle Apps compliance initiatives? We offer a free 1 hour
consultation with end user companies.
Assessment Services Coming Soon:
Compliance versus Oracle’s Metalink Note 189367.1 – Best Practices for Securing E-Business
Suite provided by Integrigy
Purpose: To assess compliance with the best practices in Oracle’s Metalink Note 189367.1
(assessment provided by Integrigy).
Level II Assessment: Security Impact Analysis
Purpose: To provide an impact analysis of security changes during patching by comparing production
security configurations with security configurations in a patch instance.
Level I Assessment: Sensitive Data Analysis
Purpose: To assess user access to sensitive data within the Oracle E-Business Suite via standard
access.
Level II Assessment: Advanced Sensitive Data Analysis
Purpose: To provide a comprehensive analysis of access to sensitive data for Oracle E-Business
Suite and customizations throughout an entire Oracle database.
Contact Us
If you are interested in any of the above offerings, contact us here.
Some or all of the services may be in conjunction with partner firms. Nature and extent of engagement will be
tailored to your organization’s needs
Our targeted resources our firm can help address your most critical needs. Leverage our industry
leadership with the following services:
Pre-Implementation Services:
Implementation Security Design
Leverage our risk based assessment of user access controls and industry expertise to help design
your application security during your implementation process.
Implementation Controls Design
Does your implementation partner have the skills to configure your application to maximize the
embedded controls within Oracle and not add new internal control deficiencies into your
environment? We can evaluate your configuration documents and provide you with valuable insight
into configuration issues of which you need to be aware.
Software Implementation Services:
Free GRC-Related Software Advice
Don't know what you need??? Jeffrey offers a free one hour conference call. In an hour or less, he
can walk you through the different software providers and let you know which one(s) match up to your
requirements. And we can implement whatever software you choose...
RFP/RFI
Gain valuable independent analysis of third party software used to automate and monitor controls for
your Oracle Applications Environment. Take advantage of our industry leadership and understanding
of internal controls deficiencies in Oracle Applications to help design and coordinate your RFI/RFP
process.
You Choose... We Implement Software Services
You choose the software... We can implement it. From Oracle's Identity Management to GRC-Related
software from Oracle or other firms such as CaoSys, Absolute Technologies, Greenlight
Technologies, Approva, or Lumigent. Leverage our industry-leading risk assessment process to
implement various software to automate and/or monitor your controls.
Assessment Services:
Level I Assessment: Assess Compliance with Provisions in the Oracle E-Business Suite
Controls: Application Security Best Practices book written by Jeffrey T. Hare, CPA CISA CIA
Purpose: To assess compliance with most of the best practices provided in the book “Oracle E-
Business Suite Controls: Application Security Best Practices.” Datasheet
Level II Assessment: Software as a Service - Oracle E- Business Suite Segregation of Duties,
Sensitive Function, and Sensitive Data Analysis
Purpose: Function-level analysis of SOD, access to sensitive data, and access to high-risk functions.
Offered as a software as a service through CaoSys. Datasheet
Level II Assessment: Oracle E-Business Suite Change Management Process Review
Purpose: To review and provide feedback to the organization as to areas for improvement in the
Oracle E-Business Suite change management process. Datasheet
Level II Assessment: Oracle E-Business Suite Privileged User Review
Purpose: To assess security design and support procedures in order to provide feedback related to
privileged users and strategies to reduce risk. Datasheet
Level II Assessment: Oracle E-Business Suite User Provisioning Process Review
Purpose: To review the user provisioning process, termination process, and related policies,
standards, and procedures for Oracle E-Business Suite-related activity. Datasheet
Level II Assessment: Oracle E-Business Suite SOX Key Controls Best Practices Assessment
Purpose: To review compliance with best practices related to key controls baselining and related
change management practices. Datasheet
Other Services Offered:
ERAM – ERP Seminars Risk Assessment Methodology: User Access Controls and SOD Risk
Assessment
We have developed an industry leading risk-based user access control (including SOD) analysis.
This analysis is a must for any company trying to reduce audit fees in the area of Segregation of
Duties or reviewing or implementing a third-party solution for such. Take a look at some examples of
our approach to risk-assessment versus other firm's approaches.
SOX Readiness Review
Leverage our Best Practices knowledge, including our extensive work regarding Sarbanes-Oxley, to
review your readiness for Sarbanes-Oxley or how your company matches up with best practices.
Internal Audit Training
Leverage our industry expertise to train your audit staff on how to audit risks associated with Oracle's
eBusiness Suite. Allow us to customize training to meet your company's needs.
Industry Analysis
Jeffrey's knowledge of the Oracle Apps GRC space is unmatched, similar to what you find at an
analyst firm such as AMR, Forrester, Gartner, or IDC. Leverage his expertise in helping various ways.
Contact us for more information on various services Jeffrey can provide to your organization.
Free 1 Hour Consultation
Needing some quick advice about your Oracle Apps compliance initiatives? We offer a free 1 hour
consultation with end user companies.
Assessment Services Coming Soon:
Compliance versus Oracle’s Metalink Note 189367.1 – Best Practices for Securing E-Business
Suite provided by Integrigy
Purpose: To assess compliance with the best practices in Oracle’s Metalink Note 189367.1
(assessment provided by Integrigy).
Level II Assessment: Security Impact Analysis
Purpose: To provide an impact analysis of security changes during patching by comparing production
security configurations with security configurations in a patch instance.
Level I Assessment: Sensitive Data Analysis
Purpose: To assess user access to sensitive data within the Oracle E-Business Suite via standard
access.
Level II Assessment: Advanced Sensitive Data Analysis
Purpose: To provide a comprehensive analysis of access to sensitive data for Oracle E-Business
Suite and customizations throughout an entire Oracle database.
Contact Us
If you are interested in any of the above offerings, contact us here.
Some or all of the services may be in conjunction with partner firms. Nature and extent of engagement will be
tailored to your organization’s needs
