Ask the Experts - 44
What are best business practices for auditing transaction data within PS? What type of reports are typically used to accomplish this?
Thanks for posting your question!
I will categorize this response into following sections.
– Data Classification
While there are no published best practices for auditing PeopleSoft transactional data (that I am aware of). We have implemented following features for our clients to enable them to audit sensitive data.
§ Oracle Fine Grained Auditing
§ PeopleSoft Auditing
Also, Oracle Audit Vault is being evaluated in some PeopleSoft client environments because of its packaged reporting and consolidation capabilities.
Business users have been a driving force in identifying the sensitive data in their environments. While there has been pushback from IT to avoid auditing in excess, the below list is a sample of sensitive information that is typically audited.
§ Personal Data
§ Salary Data
§ Vendor Data
§ Bank Information
§ Credit or Procurement Card numbers
§ Accessing using non-PeopleSoft technologies
§ Accessing sensitive Report outputs
§ Health Records
§ Patient Personal Data
§ Plan and Beneficiary Data
§ Student Financial Data
§ Financial Aid/ Grants Data
Since there are no delivered reports which will meet the requirements, reporting has been derived using custom programs.
Please let me know if this helped answer your question. We appreciate your feedback.