Have you enabled security logging? That will give you the information. For example, we had a remote user who was claiming 45 hours of work on her time sheet, but her supervisor suspected less. Since her job was heavily dependent on heads down JDE work, they asked me to look into her history. My investigation into the security logs showed that the employee was barely using the system. One other thing, do you have an automatic disconnect parameter set? We have a 45 minute disconnect paremeter set in Citrix. This prevents someone from loggin on to JDE in the morning and ignoring it, trying to scam the system.
The information in the security logging isn't a clean pretty report, but it does put out some decent breadcrumbs for you to follow.
Gregg