doenges
Member
Where should I look (UBE) to find out who approved a GL batch an who posted it? An auditor would like a report on this history.
Alex Blasenheim
Well Known Member
File: F0911 - These fields will help
GLUSER User ID
GLPID Program ID
GLJOBN Work Station ID
GLUPMJ Date Updated
GLUPMT Time Last Updated
GLTORG Transaction Originator
Query on: GLICU = (batch#) and GLICUT = 'G'
GLUSER User ID
GLPID Program ID
GLJOBN Work Station ID
GLUPMJ Date Updated
GLUPMT Time Last Updated
GLTORG Transaction Originator
Query on: GLICU = (batch#) and GLICUT = 'G'
Stephen
Member
GLUSER will provide you the last updated user information but if you want to get whole history, you have to turn-on audit history for table F0911. However, enabling audit history will have an impact on performance.
ZAZ80
Member
Is audit history functionality available for JDE 8.12 E1? Will is solve my issue explained below?
I am doing a control audit and one of the most critical areas for my scope of work is journal entries. Currently, I do not have the ability to go into a manual batch and see who entered the batch and who posted the batch. There are two fields in JDE: (1) Transaction originator and (2) User ID. Prior to fieldwork it was explained by JDE administrators that the user name shown within the Transaction Originator field represents the employee who entered the batch and the user name shown within the User ID field represents the employee who posted the batch to the GL. During recent fieldwork, I identified multiple transactions where the user name within the Transaction Originator field and the User ID field had the same user name. This makes it appear that employees have the ability to enter and post a respective manual batch, which is an SOD issue and conflicts with what JDE batch security is supposed to provide.
When I reported this as a finding, JDE administration came back and said that it is impossible that the employee in question could have entered and posted the batch. I responded with relief and simply requested instruction on how to generate JDE support that showed me who definitively posted and entered and I would clear the finding as a false positive. JDE administration came back and said they could not provide this information because the User ID field is updated with the last username who accessed the batch (whether changes were made or not).
So the issue now becomes there is an inability to see, on an ad hoc basis, electronic IDs of employees responsible for entering and posting manual transactions to the GL. I believe this is a significant weakness and results in audit’s and management’s inability to drilldown (with no ambiguity) to hold people accountable for inappropriate behavior if risks compromising investor protections are realized.
I realize looking at batch security could be an alternative procedure; however, I would be assessing batch security settings a point in time other than the date of the transactions I found with same user name in the Transaction Originator and the User ID fields. So assessing batch security does me no good right now.
So, can audit history be turned on for JDE E1 8.12? If so will it show me on an ad hoc basis who definitively has entered and posted a batch? Any insight would be much appreciated (I have read all oracle info in the books I could find) and still can’t get a direct answer. <font color="black"> </font>
I am doing a control audit and one of the most critical areas for my scope of work is journal entries. Currently, I do not have the ability to go into a manual batch and see who entered the batch and who posted the batch. There are two fields in JDE: (1) Transaction originator and (2) User ID. Prior to fieldwork it was explained by JDE administrators that the user name shown within the Transaction Originator field represents the employee who entered the batch and the user name shown within the User ID field represents the employee who posted the batch to the GL. During recent fieldwork, I identified multiple transactions where the user name within the Transaction Originator field and the User ID field had the same user name. This makes it appear that employees have the ability to enter and post a respective manual batch, which is an SOD issue and conflicts with what JDE batch security is supposed to provide.
When I reported this as a finding, JDE administration came back and said that it is impossible that the employee in question could have entered and posted the batch. I responded with relief and simply requested instruction on how to generate JDE support that showed me who definitively posted and entered and I would clear the finding as a false positive. JDE administration came back and said they could not provide this information because the User ID field is updated with the last username who accessed the batch (whether changes were made or not).
So the issue now becomes there is an inability to see, on an ad hoc basis, electronic IDs of employees responsible for entering and posting manual transactions to the GL. I believe this is a significant weakness and results in audit’s and management’s inability to drilldown (with no ambiguity) to hold people accountable for inappropriate behavior if risks compromising investor protections are realized.
I realize looking at batch security could be an alternative procedure; however, I would be assessing batch security settings a point in time other than the date of the transactions I found with same user name in the Transaction Originator and the User ID fields. So assessing batch security does me no good right now.
So, can audit history be turned on for JDE E1 8.12? If so will it show me on an ad hoc basis who definitively has entered and posted a batch? Any insight would be much appreciated (I have read all oracle info in the books I could find) and still can’t get a direct answer. <font color="black"> </font>
VRenovato
Member
HI, Do you find any clue, which is the reason of this?
peterbruce
Legendary Poster
Vrenovato,
The following thread entitled "Batch Approval and Post Audit" may be of interest to you: https://www.jdelist.com/community/posts/155500/
In the finish I created the custom functionality to provide what my organisation required. If you are interested in the custom functionality, send me a PM and I'll see what I can do to help.
The following thread entitled "Batch Approval and Post Audit" may be of interest to you: https://www.jdelist.com/community/posts/155500/
In the finish I created the custom functionality to provide what my organisation required. If you are interested in the custom functionality, send me a PM and I'll see what I can do to help.
BCampbell
Member
You need to enable Batch Status History in P0011. This will show who actually posted the batch.
GLUSER is updated even on posted records for processes such as posting to the fixed asset ledger or voiding previously posted transactions. As a result, the GLUSER field can not be relied upon 100% to show which user posted the batch.
GLUSER is updated even on posted records for processes such as posting to the fixed asset ledger or voiding previously posted transactions. As a result, the GLUSER field can not be relied upon 100% to show which user posted the batch.
