October Newsletter

Hello Friends,?

As fall colors emerge and spooky decorations take over the neighborhood, we can't help but feel the year's end creeping closer and closer. But fear not! There's no need to be spooked by the looming deadline to submit in your CPE credit hours. We have plenty of exciting opportunities for you, PLUS the latest news, cutting-edge webinars, and more for you to feast your eyes on. So dive on into this thrilling read - if you dare!

Highlights in this issue:?

1. September's Featured Article
2. Join Our New LinkedIn Group!
3. Learn how to negotiate the best Oracle licensing deals at our FREE webinar!
4. NEW Learning Opportunities (Offering CPE Credit Hours!!)
5. Discover more about our company's values - check out our Social Impact.

?Have a Blessed Day!

~ the ERP Risk Advisors Team

Spotlight News

Check out hot topic items in the IT audit and security industry below!

• October's Featured Article, "Financial Fiasco: Birmingham City Council Takes Center Stage Once Again" - Scroll down to read the full article.
• Join Our New LinkedIn Group, Cyber Risks for SaaS Applications ! With the scarcity of evidence that the cyber industry is focused on understanding application security or Software as a Service (SaaS) applications, cyber firms have little to offer clients migrating to these applications. There is large-scale risk of fraud and data theft involved with trusting the current approach to protect your company. Learn more about ERP Risk Advisors' solutions and join the discussion today!
• Attend Our Best of Ascend 2023 Webinar ! October 16 | 1PM EST. For most companies, Oracle licensing is a significant expense. Additionally, the Oracle licensing structure and process for tracking usage can be quite complex. Stay ahead of Oracle’s usage audit and plan for future growth as we discuss the negotiation process, tips and tricks to reduce unnecessary licensing costs by using custom roles, practical ways to avoid security risks, and reporting techniques to help monitor licensing usage.?

Learning

Discover on-demand training from the best in the?business and fulfill your CPE requirements! Check out our ERP Armor: Learning Homepage to learn more today!

CPE Opportunities

NEW! Oracle ERP / HCM Cloud Security Administration Basics - 2.5 CPE Hours!

This course is designed to show the basics of administration of users and their roles within Oracle Cloud. We cover items from creation of an employee in Oracle HCM all the way through the life cycle of the provisioning process. In addition to the lecture, this class includes a series of hands-on labs to be performed and a follow up conference call with the instructor.

NEW! Reviewing the RACM: Inventorying IT Dependent Controls and ITACs - 1.5 CPE Hours!

This course will help auditors better understand how to evaluate the RACM to identify IT Dependent Controls and to evaluate whether the RACM is complete.?We use real data from client’s RACMs to understand how to evaluate whether the RACM is complete and how to identify if there is a dependency on a report, configuration, or access control.

Auditing ITGCs for ERP / HCM Cloud - 3 CPE Hours!

This course provides a practical step by step guide for how to audit IT General Controls for ERP /HCM Cloud (Fusion) Applications.?To help organizations meet this obligation, Jeff Hare, CPA CIA CISA leverages the knowledge you learned in the “Foundational Concepts for ERP /HCM Cloud (Fusion) Applications” to teach you how to audit IT General Controls.?This course provides specific vendor-provided reports and custom reports ERP Risk Advisors provides to execute the audit plan.?In addition to the helpful insight provided, 3 hours of CPE credit will be awarded upon completion of the class.

Social Impact

At ERP Risk Advisors, we believe in using our resources to make a?positive impact?on the world around us. We are currently helping vulnerable, less privileged, and exploited people around the world by partnering with various organizations including the two featured below.? When you partner with us, a portion of that partnership goes toward supporting another community, one person at a time.?This helps us fulfill our organizational mission statement?“To reflect the love, grace, mercy, generosity, and truth of Jesus Christ to others in all things we do”.

World Vision is an organization that helps vulnerable children all over the world by equipping them with resources to stand free from poverty.

IJM is at the forefront of bringing a stop to slavery and trafficking all over the world. They work with justice systems to end violence against people living in poverty. End Slavery in Our Lifetime.

Find out more about the missions we support now!

October's Featured Article

Financial Fiasco: Birmingham City Council Takes Center Stage Once Again

By: Jeff Hare, CPA CIA CISA

Birmingham City Council are once again in the news , and given the severity of the financial situation, it will once again highlight the significant overspend for the failed ERP Cloud implementation. This news is hard to see since ERP implementations typically do not end with massive cost overruns and are not necessarily considered a “failure”.?We have seen many governments and commercial entities be successful in their journey to SaaS applications such as ERP/HCM Cloud. We know the result is not the fault of the software, but the failure of the entity to manage the implementation and their chosen partner(s).?Some System Integrator (SI) partners are great, and some are not, and the choice of the “RIGHT” SI is even more important than what software solution an organization will purchase.

One significant issue we are seeing with projects is that the award is given to the lowest bidder. SIs often try to be the lowest bidder by scoping out activities that need to be included.? One area that we routinely see scoped out of budget is the customization of roles.?A few years ago, we were about the only voice?shouting,?“organizations should not go live with ERP/HCM Cloud with ANY seeded (not customized) roles!”?At the recent Ascend conference in Orlando, we were vindicated by our peers as EVERY presentation said to make sure you scope into the project all roles must be customized to align with business objectives, reduce risk, and minimize licensing costs.?While the article doesn’t specifically point out that this was an issue at Birmingham City Council, it was likely part of the issue.?Regardless, it is clear from this article that the SI was NOT held responsible for the project overruns.?This is because SIs are best at putting caveats in their contracts, passing the blame onto the customer for the overruns.

If you are currently considering or actively planning to move to ERP/HCM Cloud, you will need to press all SIs to be transparent about what scope they leave out and why. If your SI is stating you should be using all seeded roles or mostly seeded roles, you need to continue to search for another SI.?Feel free to contact me at?[email protected] ?if want to discuss this topic further.