QCloud Audit as a Service:
The Easy Way to Audit
Oracle ERP Cloud Security
Segregation of Duties: Accurate information delivered within hours, with minimal in-house effort
Whether your main priority is to reduce the risk of internal fraud, or to make sure that your next audit goes well, it’s important to keep your Segregation of Duties (SoD) controls in good shape.
But it can be extremely difficult and time-consuming to produce accurate SoD reports to assess the effectiveness of your controls and pinpoint weaknesses.
QCloud Audit As A Service enables you to conduct a Segregation of Duties audit of your Oracle ERP Cloud system quickly and easily, whenever you need it, with no strain on in-house resources.
This audit can help you to:
- Prepare for an external audit
- Produce SOX compliance reports
- Prevent fraud
- Prioritize and cost-justify remediation work.
How the service works
When you wish to run an audit, you simply login to QCloud and submit your request.
You’ll receive an email with instructions on how to configure Q Agent, which collects and encrypts the necessary security data, then pushes it to QCloud.
The data is analyzed and the audit report is produced. An email is sent to notify you when the report is ready, including a link to access the results via QCloud. The results can be viewed by authorized users from anywhere, at any time.
Once you’ve had chance to view the results, we’ll set up a review call with a Q Software consultant to discuss the findings and any queries that you may have.
What do the results show?
The results identify all the SoD violations which exist in your system. This helps you make to make informed decisions about your security and priorities for improvements, where relevant.
They also give you evidence for your auditors and detailed information to help you answer specific questions.
The main audit report presents a summary of findings, identifying any areas of vulnerability and making recommendations for improvements, including a list of the SoD Policies with reported violations.
Interactive views enable you to drill down into the details of specific violations. You can view violations by User, by SoD Policy or by Policy Group.
If you’ve carried out QCloud audits before, you can also view previous audit reports and graphs comparing the results of your audits, highlighting trends and areas of improvement or degradation.
Benefits
- Accurate information, delivered within hours
- Greatly reduce the effort and cost of preparing for audits
- Reduce compliance reporting costs
- Identify risks that need urgent attention
- Very easy: minimal in-house effort (about 30 mins set-up)
- Avoid audit issues and reduce external audit fees
- Reduce the risk of internal fraud
- Securely access results from anywhere, at any time
Features
The results show all the Segregation of Duties violations that exist in your system, and you can view them by User, by Policy or by Policy Group. Recommendations are included to help you prioritize remediation work.
Our pre-seeded SoD Policies, based on common audit requirements, were developed in consultation with our clients and their internal and external audit partners. You can view these and switch individual Policies on and off, as well as edit them to suit your specific requirements.
If you have known SoD violations that are unavoidable, you can apply Mitigations, recording a reason for the exception. Subsequent audits will show these as Mitigations rather than false positive violations.
Drill down to get the information you need to fix the issues.
The audit report provides information about the status of your security and the interactive enquiries make it much easier to answer auditors’ specific questions.
Compare current results with previous reports to monitor progress on improvements or detect new issues that may need investigating.
QCloud uses a Multi-Tenant architecture, so your data is held in a private area and can never be seen by other tenants. All data ‘at rest’ in the QCloud and ‘in-flight’ is encrypted.
You don’t need to install Q Software applications to use this service. All you have to do is configure the Q Agent to gather the data.
Q Agent will work wherever your Oracle ERP Cloud system is located: in Oracle Cloud, or in a Hybrid Cloud environment.
This can make it easier to comply with local regulations on data transfer and privacy.