Course Information

PeopleSoft offers several layers of control that can be implemented to prevent unauthorized access. Because PeopleSoft can be customized to meet individual organizations’ requirements, it is critical that auditors understand the system's underlying controls and capabilities.

In this two-day seminar you will examine the latest security and control architecture of PeopleSoft, including its e-commerce solution sets. You will look at the audit, security,  and control architectures and determine the strengths and weaknesses of the PeopleSoft  layers, including system administration, networks, Internet, database audibility,  operating systems, and on-line security. You will learn how to properly implement audit, integrity, and control for all users of an application system. You will cover the e-commerce, B2B, and employee self-service capabilities in the new open architecture of the latest releases and the Enterprise Performance Manager (EPM) module as it relates to architecture risks and controls.

Upon completion of this course, participants will be able to:

• Understand the security and control architecture of PeopleSoft
• Determine risks and control weaknesses in the PeopleSoft layers
• Conduct a PeopleSoft audit
• Implement application controls for PeopleSoft users

Course Outline

1. A PeopleSoft Primer
- the PeopleSoft architecture
- direct on-line, batch, query processing
- Internet B2B, e-customer, e-employee solution set
- control architecture and flow
- business process flow

2. Application Audibility and Control
- authentication controls
- authorization controls
- accountability controls
- identification processes
- sign-on security
- functional controls
- object-level, row-level, field-level security/control
- view- and panel-level security
- workflow controls
- eight steps to authorization

3. Functional Responsibilities
- user and role definitions
- operator preferences
- key panel
- key batch processes and process groups
- key query trees and access groups
- user authorization
- predefined roles and default user IDs
- operator security
- administration security

4. System Control Definition
- key menu/page definitions
- key configurations for business process
- defining business rules
- defining business entities
- defining workflow and approvals
- defining adequate audit trail
- defining default values

5. Auditing the Security Procedures
- infrastructure controls
-- operating system
-- network
-- database
-- Web server
-- application server
-- desktop/browser
- defining PeopleSoft business rules
- administration access and control
- PeopleSoft tools controls
- PeopleSoft application controls

6. Controlling Objects
- definitions
- menus, panels, records, fields
- trees and tree structures
- translate tables
- PeopleTools
- object groups
- granting and revoking access
- adding, deleting, and renaming objects
- object security
- change control

7. PeopleSoft's Network Controls
- authentication server
- application authentication process
- memory-resident IDs
- LDAP
- PKI
- Active Directory
- network transmission and session-level controls

8. E-Commerce Solutions
- B2B solutions
- e-customer solutions
- customer relationship solutions
- risks
- audit approach

9. Enterprise Performance Management (EPM)
- definition
- risks and controls
- reporting
- data classification

10. Security Concerns During the Implementation Cycle
- configuration controls
- the development process
- effective organizational strategies
- remote administration and segregation of duties
- project management controls
- change controls
- testing
- reporting

11. Audit Summary
- key risks and controls
- audit approach
- reports for auditors
- tools for auditors
- references

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.