Financials – General

Get Involved. Join the Conversation.

Comments

  • Julien Dubouis

    Hi Sid,
    I asked the question in a SR and was told that there was no way to verify this email server unfortunately...

  • Ajay Hathiramani

    Hello Neelam, Liam, 

    This is a very interesting and useful topic! Appreciate the insight shared thus far. I have a few questions is anyone is able to answer.

    1) Was wondering if you implemented the solution to segregate "Manage Audit Policies". Some of the seeded roles such as IT security Manager and Application Implementation Consultant have the Manage Audit Policies functionality, hence did you remove the functionality from the seeded role or created a new role and then remove the Manage Audit Policies?

    2) Enabling auditing is vast area in Fusion, is there a best practice when it comes to enabling audit at business object level? What are the critical configurations to enable auditing.

    3) We are a US company and our Auditors have raised concerns regarding the current timing of the SOC-1 review from Oracle which will not meet their needs as part of the year end audit. We close our books on March 31 and the most recent SOC 1 report available from Oracle will be dated 30 June.  The second SOC 1 report we receive is in May 28th which is too late and by this time we would have filed accounts.  However, our auditors have highlighted to us that they cannot rely on a bridging letter that is more than 3 months old. Have you experienced a similar situation? 

  • Durgaprasad Mohapatro
    Many Thanks, Julien.
  • Julien Dubouis

    Hi Durga,
    After adding a new element in the hierarchy, you should always flatten row/columns and re-publish the hierarchy for it to be taken into account in your cube-based tools like Smartview or Account Inspector.
    Thanks

  • Joanne Pamer

    I would also be interested in hearing feedback from other users since we are trying to formulate a repeatable test plan for Invetech.  Currently, we leave it to the users to test their core business processes using test scripts from implementation unless there is a significant technical change that requires IT testing.  Thank you.

  • Umamaheswara Reddy Karri

    Thanks a lot Julien.  I am able to import lookups by following the document you have mentioned.  Your help is appreciated.

    Thanks,

    Uma

  • Julien Dubouis

    Hi Uma,
    Exporting through Configuration Packages will take all the lookups, I would advise to create your lookups via flat files so that you can easily create the same in multiple environments.Check out this great Oracle Support note : How to bulk import Lookup Types and Lookup Codes using File Based Loader ? (Doc ID 2215378.1)
    Thanks

  • Dave Stevens

    Thanks Ajay


    I will let you know as soon as I hear something from management on how they are progressing  with our auditors and what steps we are taking.

     

    Kind Regards

    Dave

  • Ajay Hathiramani

    Thanks Dave,

    I have summarized my thoughts and problems that we are currently facing, you may face a similar situation. Still evaluating how to go about it. Will update this post if I come across anything as well.

    The option is to rely on the Bridge letter for April to Sept, as the next SOC to cover this period will be available in Jan.  - This is not possible for most clients as the auditors can only rely on a maximum 3 months bridge letter. This would mean a minimum 9 months coverage of the controls from a SOC report or customer audit.

     

    All other customers are using this, and the SOC report dates cannot change, nor we can issue a one off SOC report or something like that. - Similar correspondence we received as well. However, the reality is without confidence of 9 months of the control environment on our financials the Auditors would not accept this.

     

    - Another option is to invoke the section 10 from the Data Processing Agreement for Oracle Cloud Services, where it states that under certain conditions you can audit Oracle up to once per year.  - We actually did this last FY, and we found the process to be highly tedious with multiple back and fourths. We provided Oracle with specific controls we wanted to test. However, did not make too much progress as we couldn’t collect sufficient evidence to showcase to our external auditors that controls were satisfactory. Also in testing some controls Oracle stated that since it included Personal information e.g. revocation of access when an employee is terminated, the control could not be tested.

     

    You can access the contractual documentation from this page > https://www.oracle.com/corporate/contracts/cloud-services/contracts.html 

    This will take a lot of time, and there are some specific conditions in order to request it. You can read more in the DPA document from the above link. There is clause that states if it’s already included in the SOC 1 report, it cannot be tested or something like that. This again defeats the purpose of doing a customer audit, and we need to get comfort for 3 additional months where the SOC 1 report is not available.

  • Dave Stevens

    Hi Ajay

    Please see below the response we received from Oracle:

    I have provided the SOC Report, Bridging Letter and below response to our management.

     

    "- The SOC reports are done every 6 months, 

    - The Gap or Bridge letters are monthly, 
    - All reports can be downloaded directly from My Services by our customers, 
    - There is no exact date when we publish them, that depends on our auditors, and how long the process is, 
    - SOC reports for Oct 1st to March 31st available around May, for April 1st to Dec 31st available around Jan 
    - Your year end is Sept 30th, so the SOC report available then will be the one from May covering Oct 1st to March 31st. 
    The option is to rely on the Bridge letter for April to Sept, as the next SOC to cover this period will be available in Jan. 
    All other customers are using this, and the SOC report dates cannot change, nor we can issue a one off SOC report or something like that. 
    - Another option is to invoke the section 10 from the Data Processing Agreement for Oracle Cloud Services, where it states that under certain conditions you can audit Oracle up to once per year. 
    You can access the contractual documentation from this page > https://www.oracle.com/corporate/contracts/cloud-services/contracts.html 
    This will take a lot of time, and there are some specific conditions in order to request it. You can read more in the DPA document from the above link. 
     
    I’d also like to point to this KM article General Instructions for Submitting Security Questionnaires to Oracle ( Doc ID 2337651.1 ) , as it provides some great general guidance in regards to security specific requests from subscribers "
  • Nageswara Rao Vankadari

    I see "Work Order" option as well. Looks like these are objects related to Service Request from Engagement Cloud Service.

  • Basheer Khan

    Check out this link: https://docs.oracle.com/en/cloud/saas/financials/r13-update17d/oefbf/toc.htm

  • Sudhakara Rao Kovuru

    You might not have the HR related role please check...

  • Amy Chan

    Actually the segment3 is not cost center.... in our business it is our business line. Different business line will have different person to approve invoice and that information is in segment3.

    Thanks.

  • Julien Dubouis

    Thanks for illustrating your need Amy.
    My understanding is that each line of your PO has one or multiple distributions and the invoice matched to these PO should be routed to the department supervisor, based on the segment 3 of the charge account. There may be multiple departments in an invoice. I also get that you base your approval on the DFF value (where you store a username based on segment 3?) and would like the same to be transferred in AP. Is that correct ? Would your segment 3 "department" be flagged as a Cost Center segment by any chance ? 
    In that case, you could use the Cost Center Manager in your approval routing rule.

    Thanks