logo
 
Home > Products > Application Auditor
  Application Auditor
Overview
BBB Intelligence
Application Auditor
SOD Violations Manager
Continuous SOD in 6 Easy Steps!
White Papers
 Aa LINKS 
Schedule a webinar
View data sheet
View case study 1
View case study 2
View whitepaper on Auditing the DBA
View Aa FAQs - New!
 

Sarbanes-Oxley legislation is placing new and significant compliance and audit trail demands on Finance and IT departments across the nation. Auditing application transactions in the database is one of the many requirements saddled on these departments.

To comply, IT departments must design and build, or purchase and deploy, mechanisms in the database to track and report changes to key data elements in the database. While this task is not exceedingly difficult for most staffers, it does require significant time and effort that goes above and beyond their normal duties, possibly impacting their ability to provide adequate support to their users. Additionally, software customizations are often difficult or tedious to document and maintain, and increase the risk of issues relating to the application processes which are the source of the auditing.

Furthermore, some third party software solutions offer audit mechanisms that are either built into the application itself, leaving the audit mechanism open to the same security vulnerabilities as the application it is designed to audit, or require a dedicated server and database instance of their own, increasing the complexity and cost of ownership.

A better approach to meet these application auditing requirements is a standard, packaged and supported solution that is easy to use, requires no additional hardware or software purchases, has a non-application invasive, database level, low risk, secure auditing approach, which can provide flexible and meaningful audit trail reports, maintains and audits changes to its own configurations and facilitates the migration of such configurations across database instances to support change migration integrity. 


Application Auditor delivers the solution to satisfy these requirements. It provides Audit Trail creation and reporting, Alert Notification and Transaction Prevention to enforce controls. Its audit engine may be configured to continuously monitor for *any* database transaction (DML, DDL, login, logout) that meets user configurable audit criteria.

For example:

  • Audit users that are assigned application access to functional areas that conflict with user defined business rules. (SOD Violation Auditing)
  • Audit DBAs or IT Staff that make backdoor [outside the application] changes to table records (DML) or create, alter, drop, grant or revoke database objects (DDL).
  • Audit IT Staff or Application Users that modify high risk application setups, profile options or commit unauthorized business transactions that exceed defined controls or limitations.
Application Auditor empowers auditors to:
  • identify who, when and what changes were made, both at the database and application levels
  • review before and after column values on a single audit record
  • custom configure and capture content (lookup values) from other tables into the audit record
  • custom configure audit criteria and conditions to narrow the scope of the audit
Application Auditor provides extensions for integration with Oracle E-Business Suite:
  • Over 90 pre-seeded tables to audit, with over 700 data points designed for SOX compliance.
  • Segregation of Duties Violations Manager - Define, Audit, Alert, Report and Prevent user access conflicts across responsibilities, operating units, menus, functions and forms without false positives. Over 1200 pre-defined function conflict pairs available. View Sample Report
  • Application User Watch Lists - Define and maintain one or more groups of application users to audit.
  • Capture E-Business Suite Application User Name, Responsibility, Form Name or Concurrent Program that initiated the change.
  • Capture changes to text in columns with LONG data types, which are used by several EBS forms, like Oracle Alert, that allow the input and execution of potentially harmful SQL text [also know as "Forms SQL"].
Audit Example