kpmg

Top 25
Oracle IT
Application and IT
General Controls -
Test of Control
Templates

576928193.doc
 kpmg

Top 25 Oracle IT Application and IT

General Controls
Contents
Place the cursor over the page number you are looking for to get a direct link.

ORACLE IT APPLICATION CONTROLS

1 Finance 5
1.1 Flexfields are properly defined and are appropriate for management
reporting requirements. 5
1.2 Currency is properly set up and maintained within the system and
only authorized users have access to define currencies. 5
1.3 Journal entries can only be posted to a valid, open accounting
period and only authorized users can open/close accounting periods.5
1.4 Only authorized users have access to key Finance functions. 5

2 Fixed Assets 6
2.1 Fixed asset depreciation is being calculated accurately, system is
configured in accordance with Company policy and authorized
users have access to setup assets and change useful lives. 6

3 Payroll & Human Resources 7

3.1 Human Resource personnel only have the ability to setup, terminate
and make changes to the employee master file (note payroll
personnel are restricted from performing these functions). 7

4 Purchasing 8
4.1 Management (based on approval hierarchy) reviews the requisition.
Requisition is automatically routed based on department and dollar
amount. Purchasing Management (based on approval hierarchy)
reviews the purchase orders. 8
4.2 Oracle is configured to route any changes to purchase orders
through the proper approvals automatically. 8
4.3 Appropriate segregation of duties between purchasing, receiving,
invoicing and entering vendors. 8

576928193.doc 2
 kpmg

5 Accounts Payable 9
5.1 Oracle automatically performs 3-way match and access to setup,
modify, and override the tolerances is appropriately restricted. 9

6 Accounts Receivable 10
6.1 Appropriate credit limit tolerance that meets the requirements of the
business have been established within the system. 10
6.2 Appropriate procedures have been defined and are followed for
automatically writing off remaining balances 10
6.3 The Oracle AR Aging report is configured appropriately. 10
6.4 Appropriate transaction types and values are defined for each type
of receivable transactions. Receivables validate the transactions
against standard rules. 10
6.5 Policies and Procedures are designed and implemented for requiring
customers to be approved before business is transacted. 10

7 Order Management 11
7.1 To ensure that credit checking on orders is performed automatically
to prevent the shipment of products to customers with unacceptable
outstanding credit exposure. 11
7.2 To ensure that AutoInvoice automatically generates a customer
invoice after an order is recorded as “ship confirmed” in Oracle
Order Management. 11
7.3 Oracle applications automatically extracts the correct price of an
item based on the customer and the SKU number. Prices are
adjusted (discounts) based on the conditions defined in the price
list. 11
7.4 Access to modify the Item Master is restricted to
appropriate/authorized personnel only. 11

8 Finished Goods 12
8.1 Inventory Receipt Transactions in Oracle Applications are mapped
to appropriate accounts. 12
8.2 Purchase Price Variance is calculated by Oracle when product is
received into the warehouse. 12
8.3 Using a “Bar Code Scanner,” inventory personnel input the SKU
number, unit of measure, quantity and “to” and “from” location
within the warehouse into the scanner. Oracle is automatically
updated for the SKU quantity and location information. The
scanner works like a hand-held computer and transmits the data
from an antenna mounted at the DC via a wireless WAN to an
Oracle server where the data is updated. 12

576928193.doc 3
 kpmg

8.4 Revenue recognition for standard orders is setup in Oracle

Inventory based on SKU. The Company’s Accounting Rules and
assignments to SKUs has been setup in Oracle Applications in
accordance with company policy. 12

9 Contracts 13
9.1 Appropriate individuals have access to Oracle security
responsibilities, and those responsibilities are appropriately defined
and implemented in Oracle to enforce segregation of duties for the
following functions: Setup of Discounts, Releasing Holds, Access
to Master Files, Initiating RMAs, Creation and Mtce of Contracts.13

10 Application Security 14
10.1 System Administrative access to Oracle Applications is restricted to
authorized personnel. 14

576928193.doc 4
kpmg
Oracle IT Application IT Application and
General Control Templates

1 Finance

1.1 Flexfields are properly defined and are appropriate for

management reporting requirements.

1.2 Currency is properly set up and maintained within the system

and only authorized users have access to define currencies.

1.3 Journal entries can only be posted to a valid, open accounting

period and only authorized users can open/close accounting periods.

1.4 Only authorized users have access to key Finance functions.

Page 5
kpmg
Oracle IT Application IT Application and
General Control Templates

1 Fixed Assets

1.5 Fixed asset depreciation is being calculated accurately, system is

configured in accordance with Company policy and authorized users
have access to setup assets and change useful lives.

Page 6
kpmg
Oracle IT Application IT Application and
General Control Templates

2 Payroll & Human Resources

1.6 Human Resource personnel only have the ability to setup,

terminate and make changes to the employee master file (note payroll
personnel are restricted from performing these functions).

Page 7
kpmg
Oracle IT Application IT Application and
General Control Templates

3 Purchasing

1.7 Management (based on approval hierarchy) reviews the

requisition. Requisition is automatically routed based on department
and dollar amount. Purchasing Management (based on approval
hierarchy) reviews the purchase orders.

1.8 Oracle is configured to route any changes to purchase orders

through the proper approvals automatically.

1.9 Appropriate segregation of duties between purchasing, receiving,

invoicing and entering vendors.

Page 8
4 Accounts Payable

1.10 Oracle automatically performs 3-way match and access to setup,

modify, and override the tolerances is appropriately restricted.
5 Accounts Receivable

1.11 Appropriate credit limit tolerance that meets the requirements of

the business have been established within the system.

1.12 Appropriate procedures have been defined and are followed for
automatically writing off remaining balances

1.13 The Oracle AR Aging report is configured appropriately.

1.14 Appropriate transaction types and values are defined for each
type of receivable transactions. Receivables validate the transactions
against standard rules.

1.15 Policies and Procedures are designed and implemented for

requiring customers to be approved before business is transacted.
6 Order Management

1.16 To ensure that credit checking on orders is performed

automatically to prevent the shipment of products to customers with
unacceptable outstanding credit exposure.

1.17 To ensure that AutoInvoice automatically generates a customer

invoice after an order is recorded as “ship confirmed” in Oracle Order
Management.

1.18 Oracle applications automatically extracts the correct price of an

item based on the customer and the SKU number. Prices are adjusted
(discounts) based on the conditions defined in the price list.

1.19 Access to modify the Item Master is restricted to

appropriate/authorized personnel only.
7 Finished Goods

1.20 Inventory Receipt Transactions in Oracle Applications are

mapped to appropriate accounts.

1.21 Purchase Price Variance is calculated by Oracle when product is

received into the warehouse.

1.22 Using a “Bar Code Scanner,” inventory personnel input the SKU
number, unit of measure, quantity and “to” and “from” location within
the warehouse into the scanner. Oracle is automatically updated for
the SKU quantity and location information. The scanner works like a
hand-held computer and transmits the data from an antenna mounted
at the DC via a wireless WAN to an Oracle server where the data is
updated.

1.23 Revenue recognition for standard orders is setup in Oracle

Inventory based on SKU. The Company’s Accounting Rules and
assignments to SKUs has been setup in Oracle Applications in
accordance with company policy.
8 Contracts

1.24 Appropriate individuals have access to Oracle security

responsibilities, and those responsibilities are appropriately defined
and implemented in Oracle to enforce segregation of duties for the
following functions: Setup of Discounts, Releasing Holds, Access to
Master Files, Initiating RMAs, Creation and Mtce of Contracts.
9 Application Security

1.25 System Administrative access to Oracle Applications is restricted

to authorized personnel.