IT Audit

Rauf

Rauf

VIP Member
In the perspective of JDE developer/ techno-functional, what kind of queries I may face from IT auditors, as this is the first time I go through the auditing session. How can I be more smart to implement the suggestions before they suggests ? I guess there may be so many users already gone thru the auditing process.
 
looking at an audit from inside of JDE only (eliminating all of the factors such as infrastructure and AD permissions etc) you can expect an auditor to look at:
*who has access to critical programs (master data management programs such as item master, address book master, supplier master etc) in Production
*who has access to create, enable or modify user profile
*who has access to security and CNC tools especially OMW configuration and permissions
*documented approvals for system changes including new user setup, role access changes, and object promotions
*extracts of the security, user, role relationship, and environment access tables
*if you are publicly traded then you also add SOX compliance into the mix
 
Back
Top