Auditing Oracle's ERP Cloud Application - ASE151


This course examines Oracle’s cloud application, its core elements, technical architecture, security model, role design, user configuration, patching, change management, profile options, controls monitoring and reporting, and workflow issues. NOTE: Attendees are encouraged, but not required, to bring a laptop. This course will be a combination of direct teaching and interactive activities to the extent that the attendees have access to their organization’s instance.


Tuition cost


NASBA Certified CPE

16 Credits


Why you should attend

You should attend because auditors at organizations using Oracle’s ERP Cloud should know how to audit its accounting, financial management, project management and procurement functions.

Who should attend

Internal Auditors, IT Auditors, Functional and IT teams implementing or supporting Oracle’s ERP Cloud applications

What You'll learn

You will learn about the application’s risks and controls, the core elements of the application, and how to audit the application effectively.




1. Architectural Overview:

  • cloud: differences from other applications
  • presentation layer
  • application layer
  • database layer
  • example

2. Common Elements:

  • key flexfields
  • descriptive flexfields
  • value sets / values
  • security rules
  • cross-validation rules
  • profile options / values

3. Organization Structure


4. Master Data Overview:

  • bank account
  • supplier
  • customer
  • item
  • employee

5. Building a Proper Audit Trail:

  • why an audit trail
  • types of technologies to build audit trail
  • what to audit

6. Application Security Configurations and Administration:

  • users
  • roles
  • data security
  • flexfield security

7. Application Security Best Practices:

  • RBAC principles
  • role design principles – end users and IT
  • seeded users
  • generic users
  • role assignments
  • impersonizations
  • job scheduling users
  • password controls

8. Workflow Security and Controls:

  • workflow policies
  • approve workflows via email
  • delegate or transfer workflows

9. Risks and Controls Related to Privileged Users:

  • risks
  • ways to monitor privileged users

10. Change Management Best Practices:

  • types of changes
  • impact of IIA GTAG 2
  • best practices
  • common challenges

11. Designing and Auditing Application Controls:

  • application controls types and examples
  • impact of IIA GTAG 8
  • benchmarking
  • best practices
  • common challenges

12. Protecting Sensitive Data in Production and Non-Production:

  • statutory requirements
  • identifying and classifying
  • impact on application security
  • impact on database security
  • impact on change management process

13. Project Risks and Implementation Audits:

  • key project risks
  • internal audit involvement

14. Common Audit Issues

15. Auditor Resources


Schedule your course

Use the table below to select the time and location that works best for you.

We don't currently have any dates scheduled for this course.


ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: