Are Profile Option Values really 'high risk' in Fusion?
SummaryDiscussion whether there are high risk profile option values that impact on security, access controls or business process controls
In E-Business Suite, a number of IT General Controls (ITGCs) and IT Application Controls (ITACs)/configurable business process controls were dependent on Profile Option Values. Therefore, access to be able to change these needed to be restricted and changes performed needed to be audited, with exceptions identified and followed up.
Having spent some time looking at the list of all 2,166 Profile Options available in a Fusion 20D environment, none of the old ITGC/ITAC settings that were key controls for SOX/were included in Big 4 auditors workplans for E-Business Suite, etc are still found in Fusion. I think that there's now very few Profile Options that impact on controls at all in Fusion, and even fewer that impact on SOX controls.