Be Prepared for Audits With Q Software
Author: Kennie Claesens
Consultant Managed Services Functional @Quistor
Being audited on the application of Segregation of Duties often results in a lot of pressure on the business and your IT department to deliver all kinds of reports, table dumps, and other information regarding who has access to what, why do users need access to this, and which controls are you using to mitigate possible risks.
Then there is another and for some an even scarier audit which you can go through. An audit by Oracle LMS to see if you are using your JD Edwards system and related licenses as agreed.
Using the tooling of our partner Q Software we have a great way to make your, and your colleagues' lives a lot easier!
Security Audit as a Service
Let us first discuss the regular audit which is mainly focused on the security applied to your JD Edwards system. For companies managing security in the native JD Edwards security workbench the managing of security is, often, quite a hassle in itself. Let alone presenting this information to an auditor and provide them with the confidence that you are in control of your security matrix, segregation of duty rules applicable, and additional controls.
With our security audit as a service, we can run a security audit that will give you all the insights needed to comfort your auditors and provide input for possible improvements on your security matrix in place. The Qagent will extract information of your JD Edwards system, imports this into the Qcloud environment in which this extracted data is analyzed.
The analysis includes validation against a Segregation of Duties model. There are several models which come with the service and are based on SOX rules but in case there is a specific set of rules agreed with your auditor, your own rule set can be configured and used in the audit.
Next to Segregation of Duties checking, the audit also checks for access to critical master data programs. This will for example give you insights to users who can edit company master data, AAIs/DMAAIs, UDC, and much more.
The results of the audit will be shared in reports and an interactive workbench. The reports can be used to provide information to your auditor and typically the interactive workbench is used to investigate why certain rules are violated and apply changes where necessary.
Next to only running the audit, the online portal also allows you to document mitigating actions in the case of a rule violation.
License Audit as a Service
Being aware of your license situation is of upmost importance. This makes sure you are complying to the agreement made with Oracle and prevents surprises when being audited which can result in larges fines and additional license costs when being incompliant. However, doing an analysis on your system to check what licenses you exactly need is a very difficult and time-consuming exercise.
We can give you insights into the license usage, compare this to your current contract(s) in place, present areas for improvement, and when being incompliant, design a roadmap to bring you back to being license compliant. For several of our customers, the license audit brought up surprises which otherwise would have only come up during an LMS audit resulting in a fine and a high cost of additional license that need to be acquired. The results where then great input for negotiations with Oracle in which we as Quistor acted as the liaison to get the best possible deal!
Does the above sound familiar? We would love to have a conversation about the issues you are encountering and how we can help! Additionally, we will tell you more about the complete Quistor Security as a Service portfolio in the next Q-pulse!
Before you go
Feel free to ask us any question, ask for more information or simply say hello in this contact form.