 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
OUBPB White Papers
The OUBPB publishes two types of white papers: best practice white papers and peer reviewed white papers. The OUBPB provides a
peer review process for any white paper submitted. Strict standards are in place to determine which papers are published as best
practices. We have published some papers that don't meet these standards, but that are still valuable to the user community. We have
found that the peer review process greatly increases the quality of the content regardless of whether it gets deemed as a best practice.
Best Practices white papers are white papers that have gone through the rigorous peer review process and are deemed to be best
practices by the readers. These papers are designated with a BP in front and are listed in the Best Practices section below.
Not Rated white papers have not had sufficient feedback from users to deem whether or not the content represents best practices.
These papers are designated with an NR in front and are listed in the Best Practices section below
Peer Reviewed white papers have also been submitted through the peer review process, but are either not yet rated or have not been
given a best practice designation. These papers are designated with a PR in front and are listed in the Peer Review section below.
This group also contains content such as case studies and articles.
Request White Papers here.
Best Practices:
BP-FINCRG: Sarbanes-Oxley Best Practices in an Oracle Applications Environment by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Super User Access Best Practices by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG:SOX Challenges: System Administration at Small Companies by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Active Monitoring of Segregation of Duties, Not Optional by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Beyond the Obvious for Segregation of Duties by Jeffrey T. Hare, CPA CISA CIA, Tony Tarantino, Ph.D., CPM, CPIM
BP-FINCRG: Building an Audit Trail in an Oracle Applications Environment by Jeffrey T. Hare, CPA CISA CIA, Stephen Kost
BP-FINCRG: Auditing Application Controls: Interpreting IIA's Guidance for Users of Oracle Applications by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Risk-based Assessment of User Access Controls and Segregation of Duties for companies running Oracle Applications
by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Auditing Oracle Applications Primer for Internal Auditors by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Access the Oracle Apps Database Without Having a Database Login by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Monitoring Privileged Users in an Oracle Applications Environment by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Sub-Material Fraud Risk: The Elephant in the Room by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: User Management: Manage Proxies Risks, Jeffrey T. Hare, CPA CISA CIA, Chuck Kennedy
BP-FINCRG: User Management: Self Service Registration Risks, Jeffrey T. Hare, CPA CISA CIA, Chuck Kennedy
BP-FINCRG: Release 12 Security Recommendations, Chuck Kennedy
Not Rated:
NR-FINCRG/FINAR: Sarbanes-Oxley and Oracle Receivables , Cathy Cakebread (www.cathycakebread.com)
NR-FINCRG: What DBAs CAN Do, Dan Zemke/Jeffrey T. Hare, CPA CISA CIA
NR-FINCRG: Auditing the DBA, Cam Larner
NR-FINCRG: Why SOX Should Matter to Australians - Jeannie Dobney
Peer Reviewed:
PR-FINCRG: Sarbanes-Oxley Compliance in an Oracle Applications Environment: Round 2 by Jeffrey T. Hare, CPA CISA CIA
Certain white papers written by ERP Seminars for end users only can only be accessed by joining the free internal controls
repository (ICR) group here. Please note that the ICR is for end users and, as such, requires you to sign up with your work email
address so we can verify your identity.
Examples of white papers in the ICR include:
There is other content of interest in the ICR such as:
Other websites with good white papers can be found here:
Absolute Technologies
Audit Net
Approva
Integrigy
Pete Finnigan
Solution Beacon
peer review process for any white paper submitted. Strict standards are in place to determine which papers are published as best
practices. We have published some papers that don't meet these standards, but that are still valuable to the user community. We have
found that the peer review process greatly increases the quality of the content regardless of whether it gets deemed as a best practice.
Best Practices white papers are white papers that have gone through the rigorous peer review process and are deemed to be best
practices by the readers. These papers are designated with a BP in front and are listed in the Best Practices section below.
Not Rated white papers have not had sufficient feedback from users to deem whether or not the content represents best practices.
These papers are designated with an NR in front and are listed in the Best Practices section below
Peer Reviewed white papers have also been submitted through the peer review process, but are either not yet rated or have not been
given a best practice designation. These papers are designated with a PR in front and are listed in the Peer Review section below.
This group also contains content such as case studies and articles.
Request White Papers here.
Best Practices:
BP-FINCRG: Sarbanes-Oxley Best Practices in an Oracle Applications Environment by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Super User Access Best Practices by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG:SOX Challenges: System Administration at Small Companies by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Active Monitoring of Segregation of Duties, Not Optional by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Beyond the Obvious for Segregation of Duties by Jeffrey T. Hare, CPA CISA CIA, Tony Tarantino, Ph.D., CPM, CPIM
BP-FINCRG: Building an Audit Trail in an Oracle Applications Environment by Jeffrey T. Hare, CPA CISA CIA, Stephen Kost
BP-FINCRG: Auditing Application Controls: Interpreting IIA's Guidance for Users of Oracle Applications by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Risk-based Assessment of User Access Controls and Segregation of Duties for companies running Oracle Applications
by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Auditing Oracle Applications Primer for Internal Auditors by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Access the Oracle Apps Database Without Having a Database Login by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Monitoring Privileged Users in an Oracle Applications Environment by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: Sub-Material Fraud Risk: The Elephant in the Room by Jeffrey T. Hare, CPA CISA CIA
BP-FINCRG: User Management: Manage Proxies Risks, Jeffrey T. Hare, CPA CISA CIA, Chuck Kennedy
BP-FINCRG: User Management: Self Service Registration Risks, Jeffrey T. Hare, CPA CISA CIA, Chuck Kennedy
BP-FINCRG: Release 12 Security Recommendations, Chuck Kennedy
Not Rated:
NR-FINCRG/FINAR: Sarbanes-Oxley and Oracle Receivables , Cathy Cakebread (www.cathycakebread.com)
NR-FINCRG: What DBAs CAN Do, Dan Zemke/Jeffrey T. Hare, CPA CISA CIA
NR-FINCRG: Auditing the DBA, Cam Larner
NR-FINCRG: Why SOX Should Matter to Australians - Jeannie Dobney
Peer Reviewed:
PR-FINCRG: Sarbanes-Oxley Compliance in an Oracle Applications Environment: Round 2 by Jeffrey T. Hare, CPA CISA CIA
Certain white papers written by ERP Seminars for end users only can only be accessed by joining the free internal controls
repository (ICR) group here. Please note that the ICR is for end users and, as such, requires you to sign up with your work email
address so we can verify your identity.
Examples of white papers in the ICR include:
- Allow Address Change Fraud Risk in Oracle AP
- Best Practices for Bank Account Entry and Assignment
- Journal Approval Best Practices
- Risk Based Assessment of User Access Controls and Segregation of Duties in an Oracle Applications Environment
There is other content of interest in the ICR such as:
- Sensitive Data and their location within the database
- Reports with access to sensitive data
- Common SQL scripts for auditors
- Sample scramble scripts
- List of internal control deficiencies in Oracle Applications and common ways to mitigate
Other websites with good white papers can be found here:
Absolute Technologies
Audit Net
Approva
Integrigy
Pete Finnigan
Solution Beacon