Corporate governance is a key concern today for senior business and IT managers as they struggle to deliver against regulatory compliance initiatives whilst managing business risk. Critically organisations need to prove to auditors – internal or external - that they have the appropriate controls in place to reduce the possibility of fraud and to protect an organisations most critical asset – it’s information.

Organisations have an ever-increasing reliance on technology to deliver top-level corporate performance and hence protecting information, tackling fraud and complying with regulations means that business and technology is inextricably linked.

Central to delivering good governance and meeting regulatory requirements is the enforcement of controls on the individuals in an organisation and being able to report on ‘who has access to what’ systems and their privileges easily at audit time.

A particular individual should be able to access only the appropriate applications and information in order to perform their job functions. Failure to implement strong access controls in critical business applications can ultimately lead to an individual within an organisation gaining inappropriate systems privileges that could leave them with the ability to commit fraud.

Managing and monitoring user identity, associated roles and system privileges across the whole organisations is critical in solving these problems. As is identifying which combinations of system privileges could leave an organisation vulnerable.

This situation is exacerbated in the heterogeneous enterprise environment where access controls are often built into individual systems, and enforcement of segregation of duties is required across multiple systems. In these cases individuals often have multiple identities to gain access to all systems they need, compounding the problem further.

In this landscape it’s easy to see how fundamental an individual’s identity becomes when managing for good corporate governance. Typically the problems that we see are:

• Difficulty enforcing Segregation of Duties across a heterogeneous environment and across multiple business applications.
• System roles and identities have conflicting privileges that leave organisations vulnerable to fraud.
• Managing access privileges across business applications and siloed identity repositories.
• Privileges are managed on a system-by-system basis rather than across the whole organisation thus making conflicting roles difficult to spot and manage.
• Difficulty auditing and report access controls.
• Difficulty protecting information assets.

Oracle is uniquely positioned to ease the burden of segregation of duty management and appropriate privilege assignment. Oracle solutions for SOD and privilege assignment span business applications, middleware infrastructures and database and are designed to operate in a heterogeneous IT environment.

Key benefits:

• Reduce risk of fraud through SOD issues across Oracle business applications and heterogeneous environments.
• Eased reporting and auditing for regulatory compliance initiatives.
• Improved protection and privacy of information.
• Reduce costs of regulatory compliance initiatives.
• Consolidated management of privilege assignments.
• Understand vulnerabilities introduced into your organisations through inappropriate privilege assignment.