Audit Manager:
Streamline Segregation of Duties and Auditing
Pinpoint the gaps in your JD Edwards EnterpriseOne security
JD Edwards EnterpriseOne security is very complex and there are many routes by which users can access applications.
This makes it very difficult to find out exactly what users can access and what they can do when they get there. Without that information, you can’t reliably find and fix gaps in your security.
Audit Manager analyzes your security and gives you accurate information about your vulnerabilities.
Segregation of Duties reporting without the pain
Audit Manager enables you to hold your Segregation of Duties (SoD) rules within your JDE environment and run regular audit reports to identify users with access rights that violate your SoD policy.
Where SoD conflicts are found, you can drill down to investigate and remediate the issues, or, if appropriate, apply fully documented mitigating controls.
Make your IT security audit go smoothly with fast access to accurate information
Audit Manager provides a wealth of standard reports and enquiries which make it much easier and quicker to answer your auditors’ questions and provide the evidence they’re looking for.
Benefits
- Reduce the risk of fraud or error
- Reduce your audit costs
- Accurate information with a fraction of the effort
- Keep your system clean with regular reporting
- Monitor trends - check progress on improvements or highlight new issues
- Rapid implementation - start producing reports within a few days
Features
Results are accurate and current, rather than based on data exports.
All information, including your SoD rules and reports, is held within your JDE system, so it is secure, auditable and there’s never any doubt about whether you have the correct version, unlike with spreadsheets.
We supply a set of SoD rules developed in conjunction with experienced auditors, or you can maintain your own.
Rules can be applied at Object (program), Duties (groups of Programs) or Role level, so they can be as granular as you need.
The Single Risk Object rule lets you monitor access to high risk programs (such as Bank Accounts or Next Numbers) which enable a user to commit fraud.
Mitigations with start and end dates can be applied to accommodate temporary breaches of SoD rules – for example, when employees need to cover for absent staff or vacant posts.
Active Mitigations will be taken into account in SoD reports, thereby avoiding false positives.
24 standard reports and enquiries give you fast answers to access and SoD related questions.
2 types of Net Effect Enquiries – Application Security and Row Security – quickly show you whether a user can access particular applications or data items, and at what level the prevailing security is held.
They display the applicable security settings at all levels (ie *Public, Role and User) and calculate the Net Effect to show you whether the User can access the specified item or not.
Compare current results with previous reports to monitor progress on improvements or detect new issues that may need investigating.
Results are stored as custom tables within your JDE system, so you can create your own reports using Insight Reporting for Q Software or your preferred reporting solution.