Sarbanes-Oxley auditing in World

[DRezanka]

Hi,

We were wondering what other JDE customers were doing to meet the security auditing requirements of SOX. Is anyone using any software applications to facilitate this? Anyone want to share code or tips on their custom reporting? What sort of data are you reporting on?

We find our challenging requirements are to report:
- Quarterly Audit of a departments user profiles and their access for a manager to review. This complies with IR040.
- Monthly Audit of object net change. This is to allow us to work around Segregation of Duties in IR060.

We're looking at the QSoftware QSecurity Workbench product to help with listing out the user profiles, their menu paths, and the apps they have access to. Does anyone have this product and can tell me whether this product will meet these requirements?

Regards and best wishes in your SOX compliance,
Doug

 

[Greenm]

Qsoftware sells add on tools to help manage security in World.

 

[tgore]

We are printing a ton of reports. Some a re available in JDE others we developed on our own. There are some AS400 journal receiver files that capture information. We selectively report on certain entries.
"CP" - user profile maintenance
"CO" - create objects
"OM" - object move/rename
"AF" - authority failure


We also report on:
users with QSECOFR authority
users that do not expire
users that have not signed on in 60 days
J9612 - function key security
J0093 - library list control
J0092 - user profiles
J0003 - action code security

The list just goes on and on.

 

[Mike Dupaix]

Doug,

You have most of the information already available through action code and menu history. Action code security (F0003) will show you who has Add, Change, Delete access to applications and menu history (F0082H) will show you who has executed specific menu items (applications, reports, CL Jobs). You should be able to put together a security matrix from these and tighten up as required. If you need help, let me know.

DRezanka <[email protected]> wrote:
Hi,We were wondering what other JDE customers were doing to meet the security auditing requirements of SOX. Is anyone using any software applications to facilitate this? Anyone want to share code or tips on their custom reporting? What sort of data are you reporting on?We find our challenging requirements are to report:- Quarterly Audit of a departments user profiles and their access for a manager to review. This complies with IR040.- Monthly Audit of object net change. This is to allow us to work around Segregation of Duties in IR060.We're looking at the QSoftware QSecurity Workbench product to help with listing out the user profiles, their menu paths, and the apps they have access to. Does anyone have this product and can tell me whether this product will meet these requirements?Regards and best wishes in your SOX compliance,Doug
[email protected]
XeU6 SP22_C1, AS400 V5R2, DB2/400, Co-A73c12, Citrix, AS400 JAS (WAS 4.0)
--------------------------
To view this thread, go to: http://www.jdelist.com/ubb/showthreaded.php?Cat=&Board=W&Number=72048

This is the JDELIST World* Mailing List. To stop receiving these messages, login to http://www.jdelist.com/forums, click Control Panel, then click Edit by "Subscribe / Unsubscribe from receiving board posts by email, change message notifications, etc." and adjust your subscription preferences. JDEList is not affiliated with JDEdwards®

---------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs


World, OW B733X and Xe