Current best practices and future trends in ERP issues are documented in a practical how-to guide to enable risk professionals and auditors (both IT and non-IT) to evaluate risks and controls in existing ERP implementations and to facilitate the design and building of better practice controls in system upgrades and enhancements. This is the second in a series of technical and risk management reference guides dealing with the world's three major ERP systems: SAP R/3 Audit, Oracle Financials and PeopleSoft. The guides concentrate on three very different software programs but do contain common chapters on ERP risk management and audit approach. This guide uses Release 11i and provides frameworks and methodologies for auditing and testing in an Oracle environment, including a recommended Oracle audit framework, how to adopt a risk-based audit approach to ERP, an overview of the Oracle authorization concept, how to test Oracle security, configurable controls and segregation of duties/excessive access. The need to identify the causes of issues arising from audit or control testing and a technique to assist in identifying the cause of issues using the COBIT Framework also are described. Call +1.847.253.1545 ext. 401, visit www.isaca.org/bookstore or e-mail [email protected] for more information.

As systems have migrated from mainframe to client-server and multi-tiered web application environments, the criticality of protecting the database has grown at a tremendous rate. The confidentiality, integrity and availability requirements of the database tier are at an all time high because employees, customers and business partners demand access to data in an immediate and consistent manner. Further, the reality and awareness of security risks are growing, resulting in higher security expectations. As a result, more focus is directed toward auditing databases to ensure that there are appropriate safeguards in place to protect against reasonably foreseeable threats. This book provides guidance on Oracle Database including: * Understanding the IT environment, and developing a strategy to properly plan the Oracle audit * Security and access control related to the Oracle environment * A suggested security and control framework * A detailed general controls approach, along with specifics on application level security * An internal control questionnaire and audit program linked to COBIT * A list of frequently asked questions/answers, and recommendations for the professional * A list of automated assessment tools available. Call +1.847.253.1545 ext. 401, visit www.isaca.org/bookstore or e-mail [email protected] for more information.