A7.3 JDE 7.3 iSeries SOX audit Reporting

[GodonJones]

We are in need of SOX audit reporting on JD Edwards 7.3. We have turned on logging on the iSeries and we are capturing data. The problem is it is too cryptic for a SOX auditor to make sense of what we are capturing. In short, what we need is a verbose reporting system that can detail out the information in layman's terms. Such that an auditor can determine if SOD violations are occurring etc.

 

[DaveWagoner]

At a previous company, we had to write a suite of applications around which JDE security groups belonged to which SOD financial functions, and then which SOD financial functions were incompatable with each other, and then finally a big extract to excel and excel macro to grab the users, programs, security group, and SOD rule that was violated.

I am not sure if a company like AllOut offers a suite for A73 but that's by far your best bet if someone has a suite. There's lots and lots of work to get from vanilla JDE security to SOX-Auditor-Acceptible. You could go from scratch or hopefully use a tool like allOut. https://alloutsecurity.com/products/jd-edwards-world/allout-for-world/

It's probably worth twice what you pay for it considering the alternative which is to roll your own solution and spend years with internal and external auditors ironing out the bugs.

 

[DaveWagoner]

Last but not least: you need to give your auditors lots of time to become comfortable that the security works the way everyone thinks it does, for instance. Even if you bought a system like allout to do most of the legwork. It's probably at least a monthslong project start to finish, if you're dealing with internal and external auditors-- and that's if your auditors are familiar w/JDE Welcome to the insane world of SOX.

 

[BPConnor]

Gordon, ALLOut Security has a ready solution for SOX reporting for World versions. Pretty sure they still have the version for A7.3 available.