Application Auditor (AA) allows you to: select Oracle database tables to audit, configure the selection criteria and configure before and after data from the table being audited.   You can capture all information, including data from related tables, and report all your audit configurations.  The audit mechanism can also send email notifications and perform custom actions.  You can also create an audit configuration to prevent a database transaction and record the attempt in the audit history table.

AA’s audit mechanisms and reporting are more suited to business and finance auditors than many audit capabilities that are more technical in nature.   The term “audit” is frequently used to describe software features that typically are used to instrument an application so you can debug it, or track workload.  The standard database “audit trail” mechanism’s main purposes are for fault recovery and supporting parallel instances, not for business or financial auditing.

AA’s audit mechanism and business auditor user interface are the foundation.  By adding seeded configurations for E-Business Suite tables, we have been able to give EBS customers a head start in deploying SOX controls.

Similarly, the audit mechanism makes it easy to refer to SOD VM’s SOD conflict definitions in real time.  You can detect changes that would create, or do create, user SOD access violations.  Such changes include user responsibility assignments and structural changes to responsibilities and menus.

Finally, the audit mechanism can refer to user lists to further refine how you implement SOD or transactional audits.  You can use the user watch lists as either white lists or black lists, which provides flexibility.