Its wasn't long ago that many organizations were out off from migrating to cloud applications becasue they had customized the application to meet their organization's specific needs. In reality, the lack of industry specialty provided by a key back office ERP system, meant that there was no alternative to that bespoke solution you built in house. You simply couldn't base your future on a Cloud based system that wasn't capable of being modified to suit your needs.
So how do you solve a problem like that as a vendor?
From Healthcare, Finance, Manufacturing to Education, applications designed to satisfy the need for an industry are growing exponentially. Oracle recently announced Oracle Alloy, a new Cloud based service designed to allow software vendors to build future industry solutions on their infrastructure. This strategic decision ensures that while Oracle may not have the application, it may as well be hosted with them.
For any reader with experience with Sarbanes Oxley compliance (SOX) any time a process, service or application touches the key elements related to Financial Reporting it comes 'into scope'. If you are not familiar, controls need to be put around application that serves the Financial Reporting process, imagine an application that handles customer orders or the manufacturing of a product. These applications would be involved in Financial Reporting, and as such would be treated like the core ERP system to ensure they have effective security and controls.
While these applications extend your organization's capabilites, the reality is that for audit and compliance, the lines between them blur as transactions span across them. It used to be enough that you rely on controls for one core application, today the potential for a spider web of inter-connected applications and services await you.
There are questions that by answering, help plan for an expanding application footprint:
* What applications are in scope, and particularly what data, processes and/or functions are in scope?
* Establish whethr inter-connected applications provide automated/seeded reports that can be combined to form a process end to end.
* If applications do not provide sufficient reporting, can SQL or some other back end reporting be used to extract the data?
* How can the data be combined with that gained from the core ERP system?
The reality is that for those of you tasked with ensuring effective controls are in place, it is no enviable
task to try to 'join' together these different applications and services. Automation of extracts and reporting
will be extremely beneficial, any reports delivered by the vendors should be used where possible.
If this is not possible then we're here to help!
If you are utilizing the delivered Security and Configuration within your Applications, there is a good chance you have Segregation of Duty violations. Seecuring will assist you with establishing and reporting on the issues you have through to helping remediate the issues (which usually represents the biggest and most time consuming aspect of implementing internal controls). Specifically, Seecuring delivers:
Segregation of Duties
User Access Reviews
Patch Impact Analysis & Configuration Changes
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.
To discuss your requirements, you can schedule a call with us: