Secuity : Oracle Internal Controls Manager

Posted on August 13th, 2011 by Sanjit Anand | Print This Post | Email This Post

Do you know , Oracle Internal Controls Manager (OICM) is a comprehensive tool for executives, controllers, internal audit departments, and public accounting firms to document and test internal controls and monitor ongoing compliance. This tool is based on COSO (Committee of Sponsoring Organizations) standards.

It tool provides users with an easy-to-use workbench from which you can organize, execute and manage the audit work including the following activities

• Manage process documentation
• Manage the process Risk Library
• Ensure/test segregation of duties
• Map the organization structure
• Manage business process variations
• Manage the audit process and projects
• Submit audit findings
• Survey management assessment of internal controls
• Provide employee and stakeholder feedback
• Review compliance status of financial statements
• Review reconciliation status of all subsystems
• Review the overall compliance status
• Review policy compliance
• Issue audit reports

As you know Segregation of Duties (SoD) control addresses the specific risk that a user may have access to a certain combination of tasks that provide the opportunity for misconduct.For example, if a user can set up a supplier in an accounts payable system and also authorize an invoice for payment, a risk exists that they can pay themselves with company funds.

Once the SoD violations are identified, auditors can send correction requests to divide the tasks among different users to reduce the scope for error and fraud.

If you donot have this, alternative option is to get The Application Access Controls Governor of Configuration Controls Governor (CCG) of GRC Controls Suite can detect SoD violations

The Application Controls Monitoring (ACM) enables companies to effectively and efficiently manage their IT environment by monitoring IT controls within the Oracle EBS.If you have GRC products , then rhe Configuration Controls Governor (CCG) of GRC Controls Suite can track more extensive application setup changes than ACM. The CCG runs outside of Oracle EBS server

ACM can capture information like who changed, when it was changed and the current and prior value of the setup data.

Recommended values can be setup for profile options and compared with actual settings.

The Application Controls Management feature enables IT managers and auditors to track changes to Setup Parameters in several modules within the Oracle E-Business Suite.The following is a partial list of application setups as below:

FINANCIALS_SYSTEM_PARAMS_ALL , AP_SYSTEM_PARAMETERS_ALL, AR-SYSTEM_PARAMETERS_ALL , FA_SYSTEM_CONTROLS , CE_SYSTEM_PARAMETERS_ALL for Cash Parameters ,MTL_PARAMETERS for Inventory Parameters, GL_SETS_OF_BOOKS and other setup tables can be audited by OICM.

Navigation: IT Auditor ( R) -> Application Controls -> Reporting Group.

Those who is still using EBS , OICM in E-Business Suite R12.0 or R12.1 will move from Premier Support to Extended Support in January 2012.

1. Fusion’s Functional Setup Manager
2. Oracle EBS Report Manager
3. Understanding data flow for “Internal Orders”
4. The Beginner’s Guide to OGA (Oracle Grants Accounting)
5. Oracle’s solution for Attestation/Recertification process