|
|
 |
| |
|
Sarbanes-Oxley legislation is placing new and significant compliance and audit trail demands on Finance and IT departments across the nation. Auditing application transactions in the database is one of the many requirements saddled on these departments.
To comply, IT departments must design and build,
or purchase and deploy, mechanisms in the database to track and report changes to key data elements in the database. While this task is not
exceedingly difficult for most staffers, it does require significant time and effort that goes above and beyond their normal duties, possibly impacting their ability to provide adequate support to their users. Additionally,
software customizations are often difficult or tedious to document and maintain, and increase the risk of issues relating to the application processes which are the source of the auditing.
|
Furthermore, some
third party software solutions offer audit
mechanisms that are either built into the
application itself, leaving the audit mechanism
open to the same security vulnerabilities as the
application it is designed to audit, or require
a dedicated server and database instance of
their own, increasing the complexity and cost of
ownership.
A better approach to meet these application auditing requirements is a standard, packaged and supported solution that is easy to use,
requires no additional hardware or software
purchases, has a non-application invasive,
database level, low risk, secure auditing
approach, which can provide flexible and meaningful audit trail reports, maintains
and audits changes to its own configurations and facilitates the migration of such configurations across database instances
to support change migration integrity.
|
Application
Auditor delivers the solution to
satisfy these requirements. It provides Audit Trail
creation and reporting, Alert Notification and Transaction Prevention
to enforce controls. Its audit engine
may be configured to continuously monitor for *any* database
transaction (DML, DDL, login, logout) that
meets user configurable audit criteria.
For example:
- Audit users that are
assigned application access to functional
areas that conflict with user defined
business rules. (SOD Violation Auditing)
-
Audit DBAs or IT Staff that make backdoor
[outside the application] changes to table
records (DML) or create, alter, drop, grant or
revoke database objects (DDL).
- Audit IT Staff or
Application Users that modify high risk
application setups,
profile options or commit unauthorized business
transactions that exceed defined controls or
limitations.
Application
Auditor empowers auditors to:
- identify who, when and
what changes were made, both at the database
and application levels
- review before and after
column values on a single audit record
-
custom configure
and capture content (lookup values) from other tables
into the audit record
-
custom configure audit
criteria and conditions to narrow the scope
of the audit
Application
Auditor provides extensions for integration with Oracle
E-Business Suite:
- Over 90 pre-seeded
tables to audit, with over 700 data points designed for SOX compliance.
-
Segregation of Duties Violations Manager - Define,
Audit, Alert, Report and Prevent user access conflicts across responsibilities,
operating units, menus, functions and forms
without false positives. Over 1200 pre-defined
function conflict pairs available. View
Sample Report
- Application
User Watch Lists - Define and maintain one or
more groups of
application users to audit.
- Capture
E-Business Suite Application User Name,
Responsibility, Form Name or Concurrent Program
that initiated the change.
- Capture
changes to text in columns with LONG data types,
which are used by several EBS forms, like Oracle
Alert, that allow the input and execution of
potentially harmful SQL text [also know as
"Forms SQL"].
|
|
 |
| |
|
|
|
|
