#JDEINFOCUS

[First Name] [Last Name][Date]

Auditable JDE Compliance Health Check Delivered

Introductions

Linda Nelson, CPAALLOut Senior Director of PreSales27 years of Compliance/Audit Management and Implementation

#JDEINFOCUS

About ALLOut

Scope of Compliance?

Areas to Consider

ALLOut tools to Help

Agenda

Wrap-Up

#JDEINFOCUS

Who is ALLOut Security?Security Management

Efficient Role ManagementAll Security Records in GridsAutomatically resolve security conflicts

User Management

One Click ProvisioningManage unused user IDs

Menu ManagementManage Menus in a GridVersion Management in a GridSecurity Management by Menu

ReportingUser, Security and MenuAudit HistoryDelivered, Simple and Auditable

ComplianceSegregation of Duties, SOX and JSOX ReportingGDPR SupportSection 404 List

Project Automation SamplesOpen to Close or Deny All Set UpUpgradesNet New Implementation

#JDEINFOCUS

What Makes ALLOut Unique

Low Risk – Immediate ROI

Standard E1• Utilize E1 Tables• E1 development methods• E1 Reporting-No need for 3rd party

tools • Use seamlessly with standard E1• Utilize E1 workflow• UDO Management

Low Upfront Investment• License modules needed• No Implementation project

required• Best practice data available

Complete Solution• ALLOut staff available to ensure

your success• Flexible for your needs • Simple or Configurable • Mini GRC solution • Role Assignment Self Service • Over 100 Pre-delivered Reports • Pre-delivered UDO Content

Training• Short learning curve• Webinars• Project planning• Online sessions for your team• Training classed 30+• Tutorials at your fingertips 27+• On-site training available

Low Risk – Immediate ROI

Compliance

#JDEINFOCUS

What is Compliance?

#JDEINFOCUS

Compliance Management

#JDEINFOCUS

Compliance – Best Practices• Segregation of Duties reviews• User access reviews

• Manage user access for individuals that have changed responsibilities• Critical Access reporting

• Select what functions are critical to your business• Define what programs grant access

• Managing users not accessing the system• F9312 • Security history needs to be turned on

• Data Security• Review for un-authorized changes

• F9312• Auditing turned on • Filter by event type

Segregation of Duties

#JDEINFOCUS

Why Best Practice?

#JDEINFOCUS

Things to Consider

• Automated or Manual

• Effective or Not

• Security Records

• User Access

• Based on Organization Risk

• Key Area• Programs

Critical Process

SoDRules

ControlsSecurity

SecurityPlus

CombiRoles

ProfilePlus

MenuPlus

Risk Reporting

Risk Management

Take a Look?

SOD Reporting

#JDEINFOCUS

SOD Review Cycle

Jul

Aug

Sep

Oct

Nov

Dec

Jun

May

Apr

Mar

Feb

JanQ1 SOD Rule and Unmitigated Segregation of Duties

Q2 SOD Rules, Unmitigated Segregation of Duties, ALL High Risk SOD

Q3 SOD Mitigations, Unmitigated Segregation of Duties, ALL High Risk SOD

Q4 Segregation of Duties

Internal Auditor Annual Review

Internal Auditor Interim ReviewExternal Auditor Review

Weekly ReviewJDE objects PromotedUnmitigated SOD

Monthly ReviewRules

Mitigating ControlsChanges

User Reviews

#JDEINFOCUS

User Access• Test ID's are Disabled in Production • Ensure All Users are Included in User Reviews • Review for Users Not Signing In • Ensure users Excluded from Review are Disabled in

Production• Remove Users with No Security Roles • Ensure System Admins Have No Other Access • Identify Individual Users With Information For Those Not

Compliant with Global Policies • Restrict Inquiry Roles From Submitting Batch Processes

Data Security

#JDEINFOCUS

Unauthorized Access• Nonconformity With Security or Regulatory Requirements• Access to Sensitive data

• Banking• Payroll• Product

#JDEINFOCUS

Security Data» Row Security» Column Security» Address Book Personal Data» Data Browser

» Don’t Forget to Ensure to Applied at the Appropriate Level» Application» Table

» Check out our Site for More Detail» Security Best Practices» Security Audit Best Practices

#JDEINFOCUS

Data Protection Adherence (GDPR, HIPPA etc.)

• List of Programs that have access to personal data

• Identification of access paths

Access Reporting

• All roles that have access to personal data• ALL users that have access to personal

data

Critical Access Report

• Any changes to the personal data access• Any changes to programs considered for

accessAudit History

• Tracking of approvals and documentation within E1 for granting access to roles with access to personal data.

Role assignment request process

Change Management

#JDEINFOCUS

Process Steps

Need for Change Arises

Request is Submitted

Request Reviewed

Change is Approved

Change is Completed

Change is Communicated

Change is Tested

Documentation is Retained

Self Monitor Process is Audited

#JDEINFOCUS

Variety of Standard Reports• User Changes Auditing• Role Changes Auditing• Assignment Changes Auditing• Security Changes Auditing• Menu Changes Auditing• Compliance Changes Auditing• Audit Configuration Changes Auditing

Wrap Up

#JDEINFOCUS

Effective ComplianceAssess User Access Risk

Create Risk Appropriate Policies and Procedures

Train Staff

Review a Variety of Reports

Automate Reviews and Compliance

Communicate Between Departments

How We Can Help

Users,Roles&

Relationships

AdditionalReports

One record per user/object/month (small footprint)

Section404

Compliance

Segregation of 

Duties

Task Views

Critical ProcessLists

Companies&

Business Units

Delivered Reports

#JDEINFOCUS

Let us Help - JDE E1 Security Audit• Take Back Control of your Risk – Empowering In-house Security Auditing• Can be deployed equally effectively in both Open and Closed security

environments for those who:• Need to assess their organizational risk• Need reliable information to for audits• Need a methodology to satisfy audit requirements for the long-term• Are unsure of security effectiveness• Need evidence to cost justify a budget to address known exposure• Are planning an upgrade and wish to review and overhaul security at the same time

• As well as providing detailed reports, one of ALLOut's experts will examine the results, assess the effectiveness of the security and make recommendations for:• A plan to address System Access Risk• Analysis of current Segregation of Duties and Critical/Master Data Program

Access

Please complete a session evaluation

Session ID: 123456

Contact Info:email@email.comTel: 555.555.1234

#JDEINFOCUS

A 55,000+ member user community for Oracle Cloud, JD Edwards and PeopleSoft customers.

What the Quest JD Edwards Community offers:

Customized digital content

Official JD Edwards newsletter

Customer success stories

Virtual and face-to-face events

JD Edwards networking groups

Visit questoraclecommunity.org for more information!

Who is the Quest Community?