Three crucial Ideas to support related to Application Security: Auditing Audit Policy changes and re
SummaryThere are no audit logs that support whether or not Audit Policies have been enabled consistently throughout your audit period - major audit risk!
There is a major gap in the design of Audit Policies. There is not audit logs / change tracking when an Audit Policy is enabled / disabled / changed. This is critical to the overall control environment. We have three uber-critical Ideas raised on this topic. Every organization using ERP/HCM Cloud is at risk from an audit perspective. The lack of audit logs means you have no way to prove that your Audit Policies have been in place for your entire audit period. Some of you have probably voted on one or more of these, but the number of