Well...  Here goes nothing.  I thought I'd start a blog.  Seems to be the thing to do.  We'll be exploring issues relates to Oracle Apps internal controls and security in this blog. 



Hopefully the information shared in this blog will help you implement effective internal controls and effective security for your Oracle Apps environment.

Have been doing a lot of research on UMX / User Management in conjunction with Chuck Kennedy of Solution Beacon.  We have two white papers that will be coming out for peer review shortly - both of which will feed into a chapter in my upcoming book "Oracle E-Business Suite Controls: Application Security Best Practices." Yes, a book is in the works.   No, I don’t have a time frame in mind on when it will be out yet.  It is my first book and I have no history to know how like it will take to finish writing and to publish it. 

One of the issues Chuck and I have written about is the use of the Manage Proxies functionality in the User Management module – big security and controls loophole.  I have sent emails to several providers of SOD software to see if they have addressed this in their ‘SOD’ monitoring software.  So far, I haven’t received a lot of response.  Not sure if that means they haven’t done anything to address it or they are just ignoring me…  Look for that white paper in the coming weeks.  You’ll be able to request it at the Oracle Users Best Practices Board site (www.oubpb.com).



Regards,

Jeffrey T. Hare, CPA CISA CIA

Industry Analyst . Author . Consultant