Internal Audit Training How to Test Access Controls

How to test access controls
Test Access Controls

Audit Training Series: Elevate Your Access Control Expertise!

Are you an auditor striving to enhance your skills and expertise in access control testing? Look no further! In collaboration with SafePaaS, ERP Risk Advisors is thrilled to extend an exclusive invitation to our on-demand webinar series: 

How to Effectively Test Access Controls with Access Control Software: Our comprehensive 6-part training program is designed to equip auditors like you with the knowledge and technical understanding necessary to excel in Oracle ERP Cloud access control auditing.

Mastering access control testing is essential for auditors in today's rapidly growing digital environment. Our training series dives into the complexities of 10 key controls in Oracle ERP Cloud, ensuring you grasp the nuances of evaluating role designs, identifying sensitive access risks, and navigating segregation of duties conflicts. 

Why is this training essential?

Understanding and testing access controls are imperative for auditors due to two primary reasons: the need to identify specific segregation of duties conflicts and sensitive access risks as dictated by IT General Controls (ITGCs) and IT Application Controls (ITACs) and maintaining independence between control performers and the activities they oversee.

What to expect from our training series:

Our webinar series includes six intensive sessions, each lasting approximately 45-60 minutes each. Here's a glimpse of what you'll explore:

Session 1

Evaluating Role Design: First Sensitive access risks; then Segregation of Duties Conflicts

  • Scoping the rules: Mapping from RACM and Considering Mitigating Controls
  • How to test role design for Sensitive Access Risks and Segregation of Duties.
  • How to run individual Sensitive Access rules, all Sensitive Access rules, or groups of Sensitive Access Rules.
  • How to see if the role has access to and objects it should not have.
  • Learn how to use the SafePaaS Access Controls platform to understand the risks related to the rules.


Session 2

Evaluating Sensitive Access Risks and Segregation of Duties Conflicts During the Provisioning Process

Provisioning Process

  • How to run a what-if analysis in SafePaaS in production before access is granted / in non-production – Understand why this is a crucial step.

Cross-department Risk

  • Learn how to evaluate conflicts across departments using Access Control technology. For example, the segregation of duties conflict: Enter and Maintain Suppliers vs Enter and Maintain Purchase Orders.

Override of Controls Risks

  • Learn how to evaluate conflicts related to Transactions vs Configurations. Who can override your controls?


Session 3

Evaluating Access Controls as your System Changes; How to Stay Clean

Updates to software / Patch impact on roles assigned to users

  • Learn how software updates can introduce new security objects and changes to roles;
  • Learn how to run a detailed sensitive access analysis to see if there are any abilities that should not be assigned when the patch is applied.

Role Change Management

  • Learn how to re-test relevant sensitive access and segregation of duties conflicts whenever a role changes
  • Ensure users only have access appropriate for their job.
  • Learn how to confirm there are no segregation of duties conflicts within a role or across roles that do not have adequate mitigating controls.


Session 4

User Access Reviews: How to Re-Evaluate if you are Still Clean?

User Access Review

  • Understand the considerations related to user access review and the re-certification process.
  • Learn how to re-certify sensitive access and segregation of duties conflict risks.


Session 5

How to Use Access Control Software to Respond to a Cyber Incident

How to Evaluate the Impact of the Cyber Incident

  • Learn how to use access control software to identify the scope of a cyber incident and help evaluate its impact.
  • Learn how to run a full sensitive access analysis for the users and roles that require a lookback procedure.

Lookback procedures

  • Learn how to scope the activities that need to be performed in your Lookback Procedures


Session 6

How to Test the Independence of Control Performers and License Exposure

Testing the independence of control performers

License Exposure

  • Learn how access control software can be used to identify what is the current license usage.


Join us for this transformative training series and empower yourself with the skills needed to navigate the complexities of access control testing. Let's ensure you are not just informed but consistently at the top of your game! 

Don't miss this opportunity to elevate your expertise. 

View the sessions now and embark on your journey to access control mastery!