Skip to main content

Securing & Auditing PeopleSoft Applications

Back to Course Schedule
Date(s): Dec 12, 2017 - Dec 14, 2017
Time: 8:30AM - 5:00PM
Registration Fee: $599.00
Cancellation Date: Dec 05, 2017
City: Austin

Course Description

PeopleSoft offers several layers of control that can be implemented to prevent unauthorized access. Because PeopleSoft can be customized to meet individual organizations’ requirements, it is critical that auditors understand the system's underlying controls and capabilities.

In this three-day seminar you will examine the latest security and control architecture of PeopleSoft, including its e-commerce solution sets. You will look at the audit, security,  and control architectures and determine the strengths and weaknesses of the PeopleSoft  layers, including system administration, networks, Internet, database audibility,  operating systems, and on-line security. You will learn how to properly implement audit, integrity, and control for all users of an application system. You will cover the e-commerce, B2B, and employee self-service capabilities in the new open architecture of the latest releases and the Enterprise Performance Manager (EPM) module as it relates to architecture risks and controls.

Potential CPE Credits: 24.0
Govt Hours: This class meets 24.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 24.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Classroom
Experience Level: INTERMEDIATE
Category: Auditing

Course Objectives

Upon completion of this course, participants will be able to:

  • Understand the security and control architecture of PeopleSoft
  • Determine risks and control weaknesses in the PeopleSoft layers
  • Conduct a PeopleSoft audit
  • Implement application controls for PeopleSoft users

Course Outline

1. A PeopleSoft Primer
- the PeopleSoft architecture
- direct on-line, batch, query processing
- Internet B2B, e-customer, e-employee solution set
- control architecture and flow
- business process flow

2. Application Audibility and Control
- authentication controls
- authorization controls
- accountability controls
- identification processes
- sign-on security
- functional controls
- object-level, row-level, field-level security/control
- view- and panel-level security
- workflow controls
- eight steps to authorization

3. Functional Responsibilities
- user and role definitions
- operator preferences
- key panel
- key batch processes and process groups
- key query trees and access groups
- user authorization
- predefined roles and default user IDs
- operator security
- administration security

4. System Control Definition
- key menu/page definitions
- key configurations for business process
- defining business rules
- defining business entities
- defining workflow and approvals
- defining adequate audit trail
- defining default values

5. Auditing the Security Procedures
- infrastructure controls
-- operating system
-- network
-- database
-- Web server
-- application server
-- desktop/browser
- defining PeopleSoft business rules
- administration access and control
- PeopleSoft tools controls
- PeopleSoft application controls

6. Controlling Objects
- definitions
- menus, panels, records, fields
- trees and tree structures
- translate tables
- PeopleTools
- object groups
- granting and revoking access
- adding, deleting, and renaming objects
- object security
- change control

7. PeopleSoft's Network Controls
- authentication server
- application authentication process
- memory-resident IDs
- Active Directory
- network transmission and session-level controls

8. E-Commerce Solutions
- B2B solutions
- e-customer solutions
- customer relationship solutions
- risks
- audit approach

9. Enterprise Performance Management (EPM)
- definition
- risks and controls
- reporting
- data classification

10. Security Concerns During the Implementation Cycle
- configuration controls
- the development process
- effective organizational strategies
- remote administration and segregation of duties
- project management controls
- change controls
- testing
- reporting

11. Audit Summary
- key risks and controls
- audit approach
- reports for auditors
- tools for auditors
- references


No prerequisites required, however basic IT auditing or experienced is assumed.


Gordon Klein

Gordon Klein is the Administrative Services Manager for the City of Tallahassee Underground Utilities and Public Infrastructure department; making him responsible for the budget, rates, payroll, and vendor payments for the gas, water, sewer and storm water utilities as well as the Public Works functions of designing, building and maintaining roads, streets and sidewalks. 

He is a Senior Instructor for MIS Training Institute and a Florida Governors Sterling Examiner.  Over the course of his career he has worked in accounting, finance, budget, purchasing, information technology, internal audit, economic development, small business development and tourism and has taught business and entrepreneurship classes for Leon County Schools, Lively Technical Center, Tallahassee Community College and Florida State University. 

He has also earned the designation of Certified Government Finance Officer, Certified Information Systems Auditor and Certified Public Manager.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit

Back to Course Schedule