PLEASE READ THIS INTRO BEFORE REQUESTING ACCESS TO THIS GROUP!

This is a group to facilitate the publishing of an internal controls repository for Oracle Applications users. Your company MUST be an end user of Oracle Applications to join. ALL memberships must be approved and no one with an anonymous email address will be accepted (for example - yahoo, gmail, hotmail). Further, you MUST display your email address in your membership request so your identity can be verified.

The purpose of this group is to facilitate a release of the internal controls white papers and content to the end user community. This group is open to the end user community only so that certain subjects and content can be shared with the end user community without sharing the content with external auditors.

Examples of content include:
- a white paper discussing a certain setting in AP that is a significant fraud risk
- a list of critical setups and related tables that all companies should audit
- a spreadsheet of sensitive data, where such data is stored and standard reports where it can be easily accessed
- a white paper and content on forms that allow SQL statements embedded in them, including forms that Oracle hasn't identified in their best practices document
- various SQL statements
- common internal control deficiencies in Oracle Apps and ways to mitigate the risks

This group is hosted by ERP Risk Advisors and is not affiliated with or endorsed by Oracle Corporation.

Any questions or comments should be sent to Jeffrey T. Hare, CPA CISA CIA, Group Moderator, at jhare@erpra.net.

If your company is NOT an end user of Oracle Applications, please DO NOT request access to this group. Stay in touch with the Oracle Internal Controls and Security listserver at:
http://groups.yahoo.com/group/OracleSox/

Regards,
Jeffrey T. Hare, CPA CISA CIA
ERP Risk Advisors Oracle Users Best Practices Board
www.erpra.net
www.oubpb.com