What are best business practices for auditing transaction data within PS? What type of reports are typically used to accomplish this?

Thanks for posting your question!

I will categorize this response into following sections.

– Technology

– Data Classification

Technology

While there are no published best practices for auditing PeopleSoft transactional data (that I am aware of). We have implemented following features for our clients to enable them to audit sensitive data.

§ Oracle Fine Grained Auditing

§ PeopleSoft Auditing

Also, Oracle Audit Vault is being evaluated in some PeopleSoft client environments because of its packaged reporting and consolidation capabilities.

Data Classification

Business users have been a driving force in identifying the sensitive data in their environments. While there has been pushback from IT to avoid auditing in excess, the below list is a sample of sensitive information that is typically audited.

HRMS –

§ Personal Data

§ Salary Data

Fin/SCM –

§ Vendor Data

§ Bank Information

§ Credit or Procurement Card numbers

General –

§ Accessing using non-PeopleSoft technologies

§ Accessing sensitive Report outputs

Industry Specific

Health Care

§ Health Records

§ Patient Personal Data

§ Plan and Beneficiary Data

Universities

§ Grades

§ Student Financial Data

§ Financial Aid/ Grants Data

Since there are no delivered reports which will meet the requirements, reporting has been derived using custom programs.

Please let me know if this helped answer your question. We appreciate your feedback.

Thanks

Nitin Pai

Posted by Nitin Pai
Comments (0)
November 19th, 2008

Comments (0)