Learn about Redwood and be one of the first to join the conversation

Visit Redwood Community
Are Profile Option Values really 'high risk' in Fusion? — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Are Profile Option Values really 'high risk' in Fusion?

Received Response
29
Views
1
Comments
edited Jan 21, 2021 11:47AM in Applications Security 1 comment

Summary

Discussion whether there are high risk profile option values that impact on security, access controls or business process controls

Content

In E-Business Suite, a number of IT General Controls (ITGCs) and IT Application Controls (ITACs)/configurable business process controls were dependent on Profile Option Values. Therefore, access to be able to change these needed to be restricted and changes performed needed to be audited, with exceptions identified and followed up.

Having spent some time looking at the list of all 2,166 Profile Options available in a Fusion 20D environment, none of the old ITGC/ITAC settings that were key controls for SOX/were included in Big 4 auditors workplans for E-Business Suite, etc are still found in Fusion. I think that there's now very few Profile Options that impact on controls at all in Fusion, and even fewer that impact on SOX controls.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!