Newbies - Areas to to check in JDE Audit.


Dear All,

I'm really new to JDE, and was tasked to do an system audit.

Can anyone point me to what areas do i need to check?
The objectives of the audit will be:

o if system is running optimally?
o if system been properly protected?
o if system deliver reliable, meaning and timely financial information?
o etc.

Any input would greatly appreciated.


This would be very broad subject and covers many aspects to be discussed in forum. This would require a person have fair understanding of JDE CNC, Technical, Functional understanding. But you can look into security, user accounts , password policies , how setups are managed , authorized users etc.

If you're new to JDE - how would you know what to "audit" ?

Since I, and other consulting firms, perform Technical Audits for companies at around $10k including travel - its really not a lot of money to ensure that your system is correctly audited. My technical audit covers Architecture, SDLC, Tuning/Performance, Security and steps for preparing for upgrades/patching. It also identifies Best Practice methodologies for all technical (CNC) aspects that either I or Oracle recommend.

From the Functional perspective, I'm sure that a Functional audit for Financials, Distribution, Manufacturing, etc - would each be about the same amount as my Technical Audit - and would absolutely cover the aspects within your remit.

You might want to go back to whoever tasked you with that role and question whether the company should get independent, qualified auditors to undertake this. Otherwise, you're going to end up trying to learn the system from within an audit - which will not give your company the results it requires.
Last edited:

First order I suggest is to meet with the Audit Requestor(s) and define the expectations for each of the points below. I will put a few notes next to each. Once you provide the responses, I can assist you with some direction and steps to follow.

if system is running optimally? Does this mean availability without down time? Milliseconds between system application frame returns?
if system been properly protected? Is there a security plan to measure against. Or just insuring that users have basic security to prevent global updates to data, erroneous data deletion, etc.
if system deliver reliable, meaning and timely financial information? Are there interface records that need to be tied out? Are there cash receipts entries that need to be tied out to bank deposits? Are daily batches measured as to amounts and record counts? And many others questions in this nature.