You are on page 1of 19

A.

Introduction
This Work Program and the associated tools (Practice Aids and GATE) are for INTERNAL USE ONLY. As management is res
system of internal control, this Work Program and its associated tools should not be distributed to our clients.
These tools are intended to be used by PwC Oracle specialists performing an audit, attestation or consulting engagement invo
application. For individuals intending to use this Work Program and / or related tools, they must have sufficient technical skills
recommended that at least one member of the team has specific training or experience in the ERP wherever practicable.

1. Engagement Tools
The Tools noted below provide a general overview of the Oracle application, along with its related control risks and co
tools are utilized, the following important caveats and reminders should be considered prior to the use of these tools:
Refer to PwC Audit Guide for policy on understanding, evaluating and validating internal controls. This Work Program a
Audit.

This Work Program and its related tools should only be used in conjunction with proper risk-based engagement plannin
importance to the engagement of transaction processing, risks and controls associated with the noted modules of Oracle sh
begun, and the tools should be tailored to each client environment.
This Work Program and its associated Practice Aid:
oMay not present all control risks associated with your client's use of Oracle
oAre not intended to address all possible relevant application controls in the process(es) supported by the modules
oDo not address Information Technology General Controls (ITGCs);
oAre focused primarily on automated, not manual, controls; and
oDo not present all possible key controls and do not represent the minimum nor maximum level of key controls that

oMay have particular functionality or controls referenced as "key". This term indicates that this control / functionality
environment. However, the identification of a key control for a client's environment will vary based on the client's unique
or the client's use of the application.
This Work Program and its associated tools are based on a standard installation of the ERP package. Clients often cus
implementation is unique, our work should be based on an understanding of the client's actual systems and processes, as im
or system configuration.
Because inherent functionality and controls can be affected by system customizations, practitioners should discuss any
inherent functionality with engagement management.
Each Work Program is specifically written for Oracle's 12 release. Use with any other versions should be done with care
between each Oracle release.

1.1. Work Program


The Work Program outlines the typical automated controls within the Oracle application. For each control, this document provid
risk, control objective, financial statement assertions, information processing objectives, Oracle Application navigation path, va
Each processes' work program is specifically designed for a particular release of the Oracle Application.

For the purposes of an audit of financial statements, an audit of internal controls over financial reports or an integrate

1.2. Practice Aid


PwC's Oracle Practice Aids are documents designed to give a user a broad understanding of Oracle's associated applications
These documents are not intended to provide comprehensive general guidance on this process in non-Oracle environments.
for which there is no PwC Practice Aid, please refer to appropriate Oracle User guides for further details. These can be found a
http://www.oracle.com/technology/documentation/index.html

Each practice aid is specifically written for Oracle's 12 release and is divided into 5 main sections, as outlined below:
1.2.1. Introduction/Engagement Approach/Key Contacts
The Introduction section of each practice aid outlines potential tools and engagement approaches that may be used when c
system. In addition, this contains important Risk and Quality-related caveats and reminders that should be followed for every
1.2.2.
In this Business Setups
section, key set-ups and configurations that are generally only configured upon installation, upgrades, or major busine
key configurations are provided to give the practitioner a basic understanding of the setups.
1.2.3. Standing
Within Data
the Standing Data section, key configurations that are subject to periodic changes are discussed. Along with function
standing data is generally entered into the application. In addition, the linkages between the standing data and business set
1.2.4. Transactions
This section outlines the key transactions within the business process. This includes the definition of the transactions, how tr
system, as well the data flow between transactions, standing data, and business setups.
1.2.5. Access and Segregation of Duties
This section outlines the typical access and segregation of duties risks within the Practice Aid's business process.

Within the Standing Data and Transactions sections of the Practice Aid, "Control Considerations" are also outlined. Each Cont
parts, as outlined below:
oBusiness Process Variables: These discuss the most common configurations/transactions that may be set up or used d
Oracle's functionality.
oControl Dependencies: This section outlines how configurations or transactions are dependent upon each other or othe
oControl Limitations: This section outlines how system configurations or transactions may be overridden. In addition, this
about how the configuration or transaction operates.
oTesting Notes: This section provides suggestions on how a practitioner might test or assess configurations and/or transa

The controls considerations section of the Practice Aid focuses solely on high-level concepts. For a listing of controls, refer to t
do not list all Oracle standard reports that exist for the cycle. For a complete list of this module's standard Oracle Reports, refe
http://www.oracle.com/technology/index.html.

1.. GATE
Oracle GATE is a proprietary web-based tool developed to assist in the analysis of Oracle configuration and security. The tool
statements, audit of internal controls over financial reporting or a consulting non-attest review of the Oracle application. For Or
can assist with segregation of duties analysis and module configuration. To use Oracle GATE, a series of SQL queries are run
from Oracle database tables. The output from these queries is uploaded to the GATE server and queries can be run against th
client's Oracle Application is configured. The Oracle GATE tool can be accessed at oraclegatev2.pwcinternal.com. For individu
sufficient technical skills to conduct such work. Note: Prior to running any command or script on a client system, discuss with th
consent is also recommended to the extent that this may be obtained.

B. Oracle Engagement Considerations


Practitioners may want to consider the following items during an audit of financial statements, an audit of internal controls over
review of the Oracle application.
1)Determine which version of the software your client is using. Check the version against the compatibility table in the "A
Aid, to ensure the appropriate Practice Aid is utilized.
2)Inquire of the client's business owners and system administrator if any customizations to the standard software have be
customizations to assess the effect.
3)Confirm the number of instances (separate Oracle databases environments) that the client maintains.
4)Confirm the number of Sets of Books, Operating Units and Modules in scope within each Oracle instance.
5)Interview the systems administrator or other suitable IT personnel to gain knowledge and understanding of the system d
databases and network).
6)Ascertain the approximate size of the user population and number of responsibilities.
7)Approach the security manager and request that a user is created for the practitioner. This role/ group should enable th
menus and programs in the in-scope Oracle application.
8)Discuss the relevant business processes with the client, ensuring an understanding of the application version, functiona
the client relies upon.
9)A fresh copy of the Practice Aid and its related Work Program(s) should be downloaded for each new engagement to en
tailoring.

10)Based upon the knowledge gained regarding the client's environment, tailor the Work Program to match the client's bus
11)When documenting any test results and resulting risks, consider both the mitigating/compensating controls, and manual
environment.
12)If needed, contact the key contacts shown in the Contacts section of this document for additional guidance regarding co
during the engagement.

C. Tool Feedback / Key Contacts


Further guidance on the technical contents of the associated Work Program and Practice Aid may be obtained from:
Glenn Montesclaros Vic
PricewaterhouseCoopers LLP Pricewa
350 South Grand Avenue, 49th Floor 1
Los Angeles, California, 90071, USA Boston, Ma
Telephone: +1 (213) 356 6194 Telephon
Email: glenn.p.montesclaros@us.pwc.com Email: vicky
For guidance regarding the GATE, refer to the associated documentation that accompanies the tool.

Please direct general comments, suggestions and questions regarding the Work Program and Practice Aid to:
Jay Posklensky
PricewaterhouseCoopers LLP Pricewa
400/500 Campus Drive 1
Florham Park, NJ 07932 USA Bosto
Telephone:+1 (973) 236 5379 Telepho
Email: jay.posklensky@us.pwc.com Email: jenn

Additional Resources
Relevant sites that can provide further Oracle information:
Site Location
Oracle Corporation www.oracle.com
PwC Guardian http://guardian.pwcinternal.com
PwC Oracle GATE http://oraclegatev2.pwcinternal.com
Contact the Key Contacts or local Learning and Development (L&D) representative for information regardin

Major Work Program version changes


Revision # Date Summary of Changes Editor

Publication 5-Nov-2007 Initial Publication of 12 documentation Errol


Ramdarie
SE ONLY. As management is responsible for designing and implementing a
tributed to our clients.
on or consulting engagement involving the review of the client's Oracle
must have sufficient technical skills to conduct such work. It is highly
e ERP wherever practicable.

h its related control risks and common application controls. When these
d prior to the use of these tools:
nal controls. This Work Program and related tools are not a substitute for PwC

er risk-based engagement planning and scoping. The relevance and


h the noted modules of Oracle should be clearly understood before work is

ss(es) supported by the modules noted herein within Oracle ;

aximum level of key controls that must exist.

tes that this control / functionality might be important to the client's control
vary based on the client's unique risk circumstances, control environment and /

e ERP package. Clients often customize their applications. Since each ERP
ctual systems and processes, as implemented, not on a generic/sample process

s, practitioners should discuss any customizations and the approach to testing

versions should be done with careful consideration, as there are differences

each control, this document provides a typical control description, business


cle Application navigation path, validation procedures, and expected results.
Application.

financial reports or an integrated audit, teams should consider those controls which have been classified as Financial in nature.
f Oracle's associated applications, their functionality, and control considerations.
cess in non-Oracle environments. For guidance on other modules within Oracle
rther details. These can be found at

tions, as outlined below:

roaches that may be used when conducting an assessment of an Oracle ERP


s that should be followed for every Oracle engagement.
allation, upgrades, or major business events are discussed. Definitions of the
s.
are discussed. Along with functionality definitions, this section outlines how
he standing data and business setups are outlined.
efinition of the transactions, how transactions are generally entered into the

Aid's business process.

ons" are also outlined. Each Control Consideration section is broken into 4

ions that may be set up or used differently depending upon the client's use of

ependent upon each other or other settings within the application.


may be overridden. In addition, this section highlights common misconceptions

ssess configurations and/or transactions.

. For a listing of controls, refer to the module's work program. The Practice Aids
le's standard Oracle Reports, refer to the Oracle user guide at

onfiguration and security. The tool may be used in an audit of financial


w of the Oracle application. For Oracle releases 11.5.7 and later, Oracle GATE
E, a series of SQL queries are run against the client's environments to pull data
and queries can be run against the server to obtain information about how the
tev2.pwcinternal.com. For individuals intending to use GATE, they must have
on a client system, discuss with the client and obtain verbal consent. Written

s, an audit of internal controls over financial reporting, or a consulting non-attest

nst the compatibility table in the "Application Highlights" section of this Practice

s to the standard software have been made. Request a list of these

client maintains.
ach Oracle instance.
and understanding of the system design (linkage with external applications,

This role/ group should enable the practitioner to have read-only access to all

f the application version, functionality, and reports (customized or normal) that

ed for each new engagement to ensure the most up-to-date version is used for

Program to match the client's business processes and specific risk profile.
ompensating controls, and manual processes that may impact an automated

r additional guidance regarding complex technical situations that may arise

d may be obtained from:


Vicky Lirantonakis
PricewaterhouseCoopers LLP
125 High Street
Boston, Massachusetts, 02110, USA
Telephone: +1 (617) 530 7031
Email: vicky.lirantonakis@us.pwc.com
the tool.

nd Practice Aid to:


Jen Orosan
PricewaterhouseCoopers LLP
125 High Street
Boston, MA 02110 USA
Telephone:+1 (617) 530 7133
Email: jennifer.l.orosan@us.pwc.com

esentative for information regarding Oracle training courses.


Oracle Practice Aid
General Ledger Process
Release 12 Control Matrix

Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
1 General Business Setups GL-001 Financial Primary Journal entries are recorded Journal Wizard/Web ADI (Application Desktop Inaccurate journal entries are Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GLDI: Force Journals to Balance GATE REPORT 1: ZZ System
Ledger completely and accurately. Integrator) Journal entries are in balance prior posted to the GL, resulting in Query: "GLDI: Force Journal to Balance" identify the value of the "GLDI: Force Journals to Balance (GLDI_FORCE_JOURNAL_BALANCE)" profile option is Enabled. Profile Options - Site
to being imported into the GL interface tables. misstatements in account (GLDI_FORCE_JOURNAL_BALANCE)" profile option. GATE REPORT 2: ZZ System
balances. Potential Additional Procedures: If this profile option is not enabled, discuss Profile Options - Application
with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
2 General Business Setups GL-002 Financial Primary Changes to the chart of Key flexfield segment definitions cannot be Changes in key flexfield Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Freeze Flexfield Definition" parameter is Enabled for each key GATE REPORT 1: GL Key Flexfield
Ledger accounts are prevented and modified. definitions could cause Financials / Flexfields / Key / Segments / identify the value of the "Freeze Flexfield Definition" configuration for each key accounting flexfield. Structure Definition 2
detected. inconsistent transaction Query: Application - "General Ledger"; accounting flexfield.
accounting and data corruption X X X Flexfield Title - "Accounting Flexfield" Potential Additional Procedures: If this configuration is not enabled for each
issues, resulting in misstatements key accounting flexfield, discuss with the client their rationale behind the
in account balances. setting and any applicable mitigating/compensating controls.
No
3 General Business Setups GL-003 Financial Primary Consolidation entries are Intercompany journal entries must balance. Intercompany activity does not Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Enable Intracompany Balancing" configuration is Enabled. Not Built. Update GATE REPORT 1:
Ledger recorded completely and eliminate during consolidation, Accounting Setup Manager / Accounting identify the value of the "Enable Intracompany Balancing" configuration. GL Set Of Books Definition 2
accurately. affecting the accuracy and Setups / Query the Ledger Name / Update
disclosure of consolidated X X X X X X Accounting Options (Pencil icon) / Update
accounts. Primary Ledger / Ledger Options (Journal
Processing)
No
4 General Business Setups GL-004 Financial Primary Journal entries are recorded Journal entries cannot be posted if they do Incorrect journal entries could Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Allow Suspense Posting" parameter is Disabled (no assigned Not Built. Update GATE REPORT 1:
Ledger completely and accurately. not balance. result in misstatement in account Accounting Setup Manager / Accounting identify the account value of the "Suspense Account" configuration. Suspense Account). GL Set Of Books Definition 2
balances. Setups / Query the Ledger Name / Update
X X Accounting Options (Pencil icon) / Update
Primary Ledger / Ledger Options (Journal
Processing)
No
5 General Business Setups GL-005 Financial Primary Journal entries are approved. Journal approval workflow is defined Invalid or incorrect journal entries Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Enable Journal Approval" configuration is Enabled. GATE REPORT 1: GL Set of Books
Ledger according to the approval policy. could result in misstatements in Accounting Setup Manager / Accounting identify the value of the configuration "Enable Journal Approval". Definitions 2
account balances. Setups / Query the Ledger Name / Update 2. The "Require Journal Approval" configuration is Enabled for all active or GATE REPORT 2: GL Journal Entry
Accounting Options (Pencil icon) / Update 2. Observe online (using navigation path #2) or inspect GATE REPORT 2 to applicable journal sources. Sources
Primary Ledger / Ledger Options (Journal identify the value of the "Require Journal Approval" configuration. GATE REPORT 3: GL Journal
Processing) 3. Journal authorisation limits are set up according to corporate policy. Authorization Limits
3. Observe online (using navigation path #3) or inspect GATE REPORT 3 and GATE REPORT 4: ZZ System
2. General Ledger Super User: Setup / Journal identify the journal authorization limits which have been defined. 4. The "Journal: Allow Preparer Approval Profile Options - Site
/ Sources / Query: Manual or Applicable (GL_ALLOW_PREPARER_APPROVAL)" profile option is Disabled. GATE REPORT 5: ZZ System
Journal Source (Require Journal Approval) 4. Observe online (using navigation path #4) or inspect GATE REPORTS 4-8 to Profile Options - Application
identify the value of the "Journal: Allow Preparer Approval Potential Additional Procedures: If this profile option is not disabled, GATE REPORT 6: ZZ System
X X X X X X 3. General Ledger Super User: Setup / (GL_ALLOW_PREPARER_APPROVAL)" profile option. discuss with the client their rationale behind the setting and any applicable Profile Options - Responsibility
Employees / Limits (Journal Authorization mitigating/compensating controls. GATE REPORT 7: ZZ System
Limits) Profile Options - User
Testing Note: Profile options can be undefined or set at the site, GATE REPORT 8: ZZ System
4. System Administrator: Profile / System / application, responsibility or user level. Refer to the System Administration Profile Options - Not Defined
Query: "Journal: Allow Preparer Approval" Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
6 General Business Setups GL-006 Financial Primary Postings from sub-ledger to Journal entries originating in subledgers Unreconciled journals between Automated Preventative Configurable 1. General Ledger Super User: Setup / Journal 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Freeze Journal Source" option is Enabled for all subledger journal GATE REPORT 1: GL Journal Entry
Ledger GL are made completely, cannot be modified in the journal entry subledger and General Ledger / Sources / Query: Source Name (Freeze identify the value of the "Freeze Journal" configuration. sources. Sources
accurately and in the window. Journals from a frozen source may occur. Journals)
appropriate period. cannot be reversed in the GL. Potential Additional Procedures: If this configuration is not enabled for all
subledger journal sources, discuss with the client their rationale behind the
setting and any applicable mitigating/compensating controls. Discuss
X X X X X whether they will reverse any subledger journals in the GL.

Testing Note: Not all journal sources may need to be frozen. Refer to
General Ledger Practice Aid for guidance on how journal sources affect the
control environment.

No
7 General Business Setups GL-007 Financial Primary Journal entries are entered Consecutive gapless journal numbers are Journal entries might not be Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 1. The "Sequential Numbering (UNIQUE:SEQ_NUMBERS)" profile option GATE REPORT 1: ZZ System
Ledger completely. utilized to provide completeness. entered completely resulting in Query: "Sequential Numbering" and identify the value of the "Sequential Numbering is set to Always Used. Profile Options - Site
incomplete financial statement. (UNIQUE:SEQ_NUMBERS)" profile option. GATE REPORT 2: ZZ System
2. System Administrator: Profile / System / 2. The "Intercompany: Use Automatic Transaction Numbering Profile Options - Application
Query: "Intercompany: Use Automatic 2. Observe online (using navigation path #2) or inspect GATE REPORTS 1-5 to (GL_IEA_USE_AUTO_TRANS_NUM)" profile option is Enabled. GATE REPORT 3: ZZ System
Transaction Numbering" identify the value of the "Intercompany: Use Automatic Transaction Numbering Profile Options - Responsibility
(GL_IEA_USE_AUTO_TRANS_NUM)" profile option. 3. The "Document Sequences Type" configuration is set to Gapless for all GATE REPORT 4: ZZ System
3. General Ledger Super User: Setup / document names assigned to the general ledger application. Profile Options - User
Financials / Sequences / Document / Define 3. Observe online (using navigation path #3) or inspect GATE REPORT 6 to GATE REPORT 5: ZZ System
identify the "Document Sequences Type" configuration for all document names 4. For all (document) categories within the general ledger application, the Profile Options - Not Defined
X X X 4. General Ledger Super User: Setup / assigned to the general ledger application. (numbering) method is defined as Automatic. GATE REPORT 6: GL Document
Financials / Sequences / Document / Assign Sequences
4. Observe online (using navigation path #3) or inspect GATE REPORT 7 to Potential Additional Procedures: If these configurations are not utilized, GATE REPORT 7: GL Document
identify the (numbering) method for all (document) categories in the general discuss with the client their rationale behind the setting and any applicable Sequence Assignments
ledger application. mitigating/compensating controls.

Testing Note: The relevance of consecutive gapless numbering is


dependent upon local regulatory requirements.

No
8 General Business Setups GL-008 Financial Primary Changes to the chart of Only valid account combinations are utilized. Invalid account code combinations Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Allow Dynamic Inserts" parameter is Disabled. GATE REPORT 1: GL Key Flexfield
Ledger accounts are processed could result in journals being Financials / Flexfields / Key / Segments / identify the value of the "Allow Dynamic Inserts" configuration. Structure Definition 2
completely and accurately posted to incorrect general ledger Query: Application - "General Ledger";
accounts resulting in X X X X Flexfield Title - "Accounting Flexfield"
misstatements in account
balances.
No

7 368766701.xls 10/15/201718:12:45
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
9 General Business Setups GL-009 Financial Primary Journal entries are recorded Key flexfield security rules are appropriately Transactions may be processed Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. For each Key Accounting Flexfield, the Security Rule and the Security GATE REPORT 1: GL Key Flexfield
Ledger completely and accurately. designed to restrict responsibility access to by users against account Financials / Flexfields / Key / Security / Define ensure that for each Key Accounting Flexfield, the Security Rule and the Security Rule Elements are defined according to policy. Security Rule Elements
certain key flexfield segment values according segments they are not authorized Rule Elements are defined according to policy. GATE REPORT 2: GL Key Flexfield
to company policy. to process in resulting in account 2. General Ledger Super User: Setup / 2. For each Security Rule, responsibilities have been assigned to each Security Rule Assignments
misstatements. X X X X X Financials / Flexfields / Key / Security / Assign 2. Observe online (using navigation path #2) or inspect GATE REPORT 2 to Security Rule according to policy.
ensure that for each Security Rule, responsibilities have been assigned to each
Security Rule according to policy.
No
10 General Business Setups GL-010 Financial Primary The retained earnings A retained earnings account is appropriately Retained Earnings may be posted Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. For each Ledger, the account noted in the "Retained Earnings" field is Not Built
Ledger account is appropriately set up for each defined Ledger. to an inappropriate account Accounting Setup Manager / Accounting identify the value of the "Retained Earnings" field to ensure the account is appropriately defined to reflect the retained earnings account as per the
defined to ensure postings resulting in misstatements of the Setups / Query the Ledger Name / Update defined appropriately. Chart of Accounts. GATE REPORT 1: TBD
are complete and accurate. earnings account. X X X X Accounting Options (Pencil icon) / Update
Primary Ledger / Ledger Options (Year End
Processing)
No
11 General Business Setups GL-011 Financial Primary Intercompany Journals are Intercompany transactions cannot be GIS (Global Intercompany Automated Preventative Configurable 1. Intercompany Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Manual approval" parameter is Required for each defined Not Built
Ledger approved. overridden and are approved according to System) subsidiaries could Transaction Types / Query: Transaction Type identify the value of the "Manual Approval" configuration for each defined intercompany transaction type.
company policy. potentially post unauthorized Name (Manual Approval) intercompany transaction type. GATE REPORT 1: TBD
intercompany transactions X X X X
resulting in account
misstatements.
No
12 General Business Setups GL-012 Financial Secondary Journal entries are recorded AutoAllocation journals are inspected for Incorrect or inappropriate Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Journal Review Required (GL_JRNL_REVW_REQUIRED)" GATE REPORT 1: ZZ System
Ledger completely and accurately. accuracy before posting to the General AutoAllocation Batches may be Query: "GL: Journal Review Required" identify the value of the "GL: Journal Review Required profile option is Enabled. Profile Options - Site
Ledger. posted resulting in misstatements (GL_JRNL_REVW_REQUIRED)" profile option. GATE REPORT 2: ZZ System
in account balances. Potential Additional Procedures: If this profile option is not enabled, discuss Profile Options - Application
with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
13 General Business Setups GL-013 Financial Secondary Currency translations are Currency conversion roll forward days are Currency conversion rates may Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "MRC: Maximum days to roll forward conversion rate GATE REPORT 1: ZZ System
Ledger accurate. configured according to company policy. become outdated and incorrect, Query: "MRC: Maximum days to roll forward identify the value of the "MRC: Maximum days to roll forward conversion rate (MRC_MAX_DAYS_TO_ROLL_RATE)" profile option agrees with the Profile Options - Site
resulting in misstatements in conversion rate" (MRC_MAX_DAYS_TO_ROLL_RATE)" profile option. clients policy surrounding foreign exchange. GATE REPORT 2: ZZ System
account balances. Profile Options - Application
Testing Note: Profile options can be undefined or set at the site, GATE REPORT 3: ZZ System
application, responsibility or user level. Refer to the System Administration Profile Options - Responsibility
X X X Practice Aid for guidance on how the profile option hierarchy affects the GATE REPORT 4: ZZ System
control environment. Refer to Oracle Corporation's General Ledger User Profile Options - User
Guide for a listing of profile options, their descriptions, and their GATE REPORT 5: ZZ System
configuration options. Profile Options - Not Defined

No
14 General Business Setups GL-014 Financial Secondary Currency translations are Inverse relationships between currency Accounting for foreign exchange Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "Daily Rates Window: Enforce Inverse Relationship During Entry GATE REPORT 1: ZZ System
Ledger accurate. exchange rates are automatically calculated. transactions may be inaccurate if Query: "Daily Rates Window: Enforce Inverse identify the value of the "Daily Rates Window: Enforce Inverse Relationship (GL_DAILY_RATES_ENFORCE_INVERSE)" profile option is Enabled. Profile Options - Site
the inverse relationships between Relationship During Entry" During Entry (GL_DAILY_RATES_ENFORCE_INVERSE)" profile option. GATE REPORT 2: ZZ System
two currencies are not aligned. Potential Additional Procedures: If this profile option is not enabled, discuss Profile Options - Application
with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
X X Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

Testing Note: Refer to General Ledger Practice Aid for guidance on how
currency exchange rates affect the control environment.

No
15 General Business Setups GL-015 Financial Secondary Currency translations are Journal entries cannot contain multiple Multiple currency exchange rates Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 1. The "Journals: Allow Multiple Exchange Rates GATE REPORT 1: ZZ System
Ledger accurate. currency exchange rates. may force the entry to be Query: "Journals: Allow Multiple Exchange identify the value of the "Journals: Allow Multiple Exchange Rates (MULTIPLE_RATES_PER_JE)" profile option is Disabled. Profile Options - Site
unbalanced in the functional Rates" (MULTIPLE_RATES_PER_JE)" profile option. GATE REPORT 2: ZZ System
currency and the difference Potential Additional Procedures: If this profile option is not disabled, Profile Options - Application
posted to a suspense account. discuss with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
This could result in misstatements mitigating/compensating controls. Profile Options - Responsibility
in account balances. GATE REPORT 4: ZZ System
X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
16 General Business Setups GL-016 Financial Secondary Journal entries are Rollup groups are frozen to prevent Changes to Rollup Groups would Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Freeze Rollup Groups" parameter is Enabled. GATE REPORT 1: Standard
Ledger accurately reflected in the unauthorized changes. affect how individual chart of Financials / Flexfields / Key / Segments / identify the value of the "Freeze Rollup Groups" configuration for the Advanced Query GATE REPORT -
financial statements. account values, used within Query: Application - "General Ledger"; corresponding Key Flexfield Structure (Chart of Accounts). Potential Additional Procedures: If this configuration is not enabled, discuss GL Key Flexfield Structure
journal entries, are consolidated X X X Flexfield Title - "Accounting Flexfield" with the client their rationale behind the setting and any applicable Definition 2
for financial statement reporting. mitigating/compensating controls.
No
17 General Business Setups GL-017 Financial Secondary Journal entries are recorded Users cannot override the journal entry Journal entries may be reversed Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "Journals: Override Reversal Method GATE REPORT 1: ZZ System
Ledger completely and accurately. reversal method. using another method, which is Query: "Journals: Override Reversal Method" identify the value of the "Journals: Override Reversal Method (GL_OVERRIDE_REVERSAL_OPTION)" profile option is Disabled. Profile Options - Site
affecting the display or (GL_OVERRIDE_REVERSAL_OPTION)" profile option. GATE REPORT 2: ZZ System
presentation of data online and in Potential Additional Procedures: If this profile option is not disabled, Profile Options - Application
financial statements. discuss with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No

8 368766701.xls 10/15/201718:12:46
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
18 General Business Setups GL-018 Financial Secondary Income statement account The Income Statement Revaluation Rule Income statement accounts may Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Income Statement Accounts Revaluation Rule GATE REPORT 1: ZZ System
Ledger balances are revalued provides the currency revaluation method not be appropriately revalued Query: "GL: Income Statement Accounts identify the value of the "GL: Income Statement Accounts Revaluation Rule (GL_REVAL_INC_ACC_RULE)" profile option is set to "PTD". Profile Options - Site
appropriately at period end. according to accounting policy. each period, causing gain or loss Revaluation Rule" (GL_REVAL_INC_ACC_RULE)" profile option. GATE REPORT 2: ZZ System
amounts to be inaccurate. Business Process Considerations: Revaluation method is only relevant for Profile Options - Application
clients who utilize reporting currencies. The method used for revaluation GATE REPORT 3: ZZ System
depends on the clients revaluation process. Profile Options - Responsibility
GATE REPORT 4: ZZ System
Potential Additional Procedures: If this profile option is not set to PTD, Profile Options - User
discuss with the client their rationale behind the setting and any applicable GATE REPORT 5: ZZ System
X X X mitigating/compensating controls. Profile Options - Not Defined

Testing Note: Profile options can be undefined or set at the site,


application, responsibility or user level. Refer to the System Administration
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
19 General Business Setups GL-019 Financial Secondary Journal entries are valid and AutoReversal of journal category batches at Journals requiring reversal may Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Launch AutoReverse After Open Period GATE REPORT 1: ZZ System
Ledger recorded in the appropriate the beginning of a period are automatically not be reversed completely and Query: "GL: Launch AutoReverse After Open identify the value of the "GL: Launch AutoReverse After Open Period (GL_AUTOREV_AFTER_OPEN_PERIOD)" profile option is Enabled. Profile Options - Site
period. scheduled. accurately. Period" (GL_AUTOREV_AFTER_OPEN_PERIOD)" profile option. GATE REPORT 2: ZZ System
2. The "Reversal Period" configuration is set to "Next Non-Adjusting" and Profile Options - Application
2. General Ledger Super User: Setup / Journal 2. Observe online (using navigation path #2) or inspect GATE REPORT 6 to the "AutoReverse" checkbox is Enabled for all journal sources relevant for GATE REPORT 3: ZZ System
/ AutoReverse inspect the journal sources relevant for AutoReverse and identify the value of the the AutoReverse function. Profile Options - Responsibility
"Reversal Period" and "AutoReverse" checkbox configurations. GATE REPORT 4: ZZ System
Potential Additional Procedures: If this profile option and configurations are Profile Options - User
not defined appropriately and/or enabled, discuss with the client their GATE REPORT 5: ZZ System
rationale behind the settings and any applicable mitigating/compensating Profile Options - Not Defined
X X X X X X controls. GATE REPORT 6: GL Journal
Reversal Criteria Assignment
Testing Note: Profile options can be undefined or set at the site,
application, responsibility or user level. Refer to the System Administration
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
20 General Business Setups GL-020 Financial Secondary Journal entries are recorded Calendars are defined to ensure that Incorrect calendar definition could Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. For all fiscal year types, the periods per year are configured to be GATE REPORT 1: GL Accounting
Ledger in the appropriate period. transactions are posted according to the result in postings of transactions Financials / Calendars / Types verify that the fiscal calendar types have been defined with the correct number of consistent with the period type. Calendar
company's close calendar. outside of the companies close periods per year.
schedule resulting in 2. General Ledger Super User: Setup / 2. The following calendar parameters are defined according to policy:
misstatements in account Financials / Calendars / Accounting 2. Observe online (using navigation path #2) or inspect GATE REPORT 1 to a. Prefix
balances. verify that all accounting calendars have been defined correctly. b. Type
c. Year
d. Quarter (Number)
e. Num (Period)
X X X X X X f. From (Period)
g. To (Period)
h. Name (Period)
i. Adjusting

Testing Note: Refer to the General Ledger Practice Aid for guidance on
how calendars affect the control environment.

No
21 General Business Setups GL-021 Financial Secondary Basic definitions enable Each Primary Ledger is appropriately defined Inappropriately defined Primary Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Each Ledger has been established using the appropriate Functional Not built. Update GATE REPORT 1:
Ledger journal entries to be recorded with the currency, calendar, chart of accounts, Ledgers can result in processing Accounting Setup Manager / Accounting verify that the following parameters are appropriately defined for each Ledger: Currency, Chart of Accounts, Calendar/Period Type, and Subledger GL Set of Books Definitions 2
completely and accurately in and accounting convention/method used by of transactions in incorrect Setups / Query the Ledger Name / Update a. Functional Currency Accounting Method.
the appropriate period. each entity. currency or posting of transactions Accounting Options (Pencil icon) / Update b. Chart of Accounts
to incorrect general ledger X X X X Primary Ledger / Review (Standard c. Name (Calendar) Testing Note: Refer to the General Ledger Practice Aid for guidance on
accounts. Information, Accounting Calendar, and d. Accounting Method how Primary Ledger definitions affect the control environment.
Subledger Accounting Options)
No
22 General Business Setups GL-022 Financial Secondary Basic definitions enable If used, Secondary Ledger is appropriately Inappropriately defined Secondary Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Each Secondary Ledger has been established using the appropriate Not built.
Ledger journal entries to be recorded defined and mapped to the Primary Ledger Ledgers can result in processing Accounting Setup Manager / Accounting verify that the following parameters are appropriately defined for each Ledger: Functional Currency, Chart of Accounts, Calendar/Period Type, and GATE REPORT 1: TBD
completely and accurately in including the journal posting capabilities. of transactions in incorrect Setups / Query the Ledger Name / Update a. Functional Currency Subledger Accounting Method. GATE REPORT 2: TBD
the appropriate period. currency or posting of transactions Accounting Options (Pencil icon) / Update b. Chart of Accounts
to incorrect general ledger Secondary Ledger / Review (Standard c. Name (Calendar) 2. Post Journals Automatically from Source Ledger is Disabled. If the
accounts. Journals may not be Information, Accounting Calendar, and d. Accounting Method journal source "Other" is not enabled, specific journal sources are enabled
posted to the Secondary Ledger. Subledger Accounting Options) based on company policy.
X X X X X 2. Observe online (using navigation path #2) or inspect GATE REPORT 2 and
2. General Ledger Super User: Setup / verify that the following parameters are appropriately defined for each Testing Note: Refer to the General Ledger Practice Aid for guidance on
Accounting Setup Manager / Accounting Secondary Ledger based on company policy: how Secondary Ledger definitions affect the control environment.
Setups / Query the Ledger Name / Update a. Post Journals Automatically from Source Ledger
Accounting Options (Pencil icon) / Update b. Journal Sources
Primary to Secondary Ledger Mapping

Yes
23 General Business Setups GL-023 Financial Secondary Basic definitions enable Journals posted in Secondary Ledger retains An audit trail may not be available Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Retain Journal Creator from Primary Ledger option is set to Yes. Not built.
Ledger journal entries to be recorded the journal creator from the Primary Ledger. to identify who created and posted Accounting Setup Manager / Accounting verify that the Retain Journal Creator from Primary Ledger option is Enabled. GATE REPORT 1: TBD
completely and accurately in the journal in the Primary Ledger. Setups / Query the Ledger Name / Update Testing Note: Refer to the General Ledger Practice Aid for guidance on
the appropriate period. X X X X X Accounting Options (Pencil icon) / Update how Secondary Ledger definitions affect the control environment.
Primary to Secondary Ledger Mapping
Yes
24 General Business Setups GL-024 Financial Secondary Basic definitions enable The balancing segment values for each Inappropriate balancing segment Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. The Balancing Segment Values are appropriately defined based on Not built.
Ledger journal entries to be recorded Ledger are appropriately defined. values may allow recording of Accounting Setup Manager / Accounting verify that the Balancing Segment Values are appropriately defined per company company policy. GATE REPORT 1: TBD
completely and accurately in journals to incorrect entities. Setups / Query the Ledger Name / Update policy.
the appropriate segment. X X X X X Accounting Options (Pencil icon) / Update Testing Note: Refer to the General Ledger Practice Aid for guidance on
Balancing Segment Value Assignments how Balancing Segment Value definitions affect the control environment.
Yes
25 General Business Setups GL-025 Financial Secondary Currency translations are Reporting Currencies are appropriately Incorrect Reporting Currencies Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Only the appropriate Reporting Currencies related to the Ledger are Not built. Update GATE REPORT 1:
Ledger accurate. defined. may be defined and Accounting Setup Manager / Accounting verify that only the Reporting Currencies related to a Ledger are configured. configured and assigned. GL Set of Books Definitions 3
inappropriately assigned to Setups / Query the Ledger Name / Update
Ledger, resulting in companies not Accounting Options (Pencil icon) / Update
complying with regulatory X X X X Reporting Currencies / Click Reporting Testing Note: Ledger definitions are crucial to setting up the general ledger.
requirements where reporting is Currency Name Refer to General Ledger Practice Aid for guidance on how Reporting
required in local currencies. Currency definitions affect the control environment.
Yes

9 368766701.xls 10/15/201718:12:46
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
26 General Business Setups GL-026 Financial Secondary Basic definitions enable Ledger Sets are appropriately defined to Consolidated reports may be Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1 & 2. All Ledger Sets are appropriately configured and assigned with Not built.
Ledger journal entries to be recorded ensure that applicable Ledgers feed into the incomplete if Ledger Sets are not Financials / Ledger Sets verify that the Ledger Sets are appropriately configured. Ledgers. GATE REPORT 1: TBD
completely and accurately in appropriate Ledger Sets. defined appropriately.
the appropriate period. 2. General Ledger Super User: Other / 2. Based on PwC Methodology, inspect samples of ledger sets in the Oracle
X X X X X Requests / Submit New Request / single standard report, Other - Ledger Set Listing, and ensure they have been Testing Note: Ledger definitions are crucial to setting up the general ledger.
Request / Submit: Name (Other - Ledger Set appropriately defined. Refer to General Ledger Practice Aid for guidance on how Ledger Set
Listing) definitions affect the control environment.
Yes
27 General Business Setups GL-027 Financial Secondary Journal entries are recorded ADI enforces converted currencies to balance An Excessive Threshold amounts Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GLDI: Converted Entry Threshold GATE REPORT 1: ZZ System
Ledger completely and accurately. within defined limits. might lead to inaccurate postings Query: "GLDI: Converted Entry Threshold" identify the value of the "GLDI: Converted Entry Threshold (GLDI_CONVERTED_ENTRY_THRESHOLD)" profile option is defined Profile Options - Site
to GL. (GLDI_CONVERTED_ENTRY_THRESHOLD)" profile option. according to policy. GATE REPORT 2: ZZ System
Profile Options - Application
Potential Additional Procedures: If this profile option is not defined GATE REPORT 3: ZZ System
according to policy, discuss with the client their rationale behind the setting Profile Options - Responsibility
and any applicable mitigating/compensating controls. GATE REPORT 4: ZZ System
Profile Options - User
X X Testing Note: Profile options can be undefined or set at the site, GATE REPORT 5: ZZ System
application, responsibility or user level. Refer to the System Administration Profile Options - Not Defined
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
28 General Business Setups GL-028 Financial Secondary Journal entries are recorded Cross-Validation rules are enforced in journal Inaccurate journal entries are Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "Flexfields:Validate On Server GATE REPORT 1: ZZ System
Ledger completely and accurately. entries originating from Web ADI. posted to the GL, impacting the Query: "Flexfields:Validate On Server" identify the value of the "Flexfields:Validate On Server (FLEXFIELDS:VALIDATE_ON_SERVER)" profile option is Enabled. Profile Options - Site
accuracy of financial reporting. (FLEXFIELDS:VALIDATE_ON_SERVER)" profile option. GATE REPORT 2: ZZ System
Potential Additional Procedures: If this profile option is not enabled, discuss Profile Options - Application
with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
29 General Business Setups GL-029 Financial Journal entries are recorded Data access set assigned to a General Transactions could be processed Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Data Access Set" profile option has a defined default value Not Built
Ledger / completely and accurately. Ledger responsibility is appropriately defined. resulting in potential misstatement Query: "GL: Data Access Set" identify the value of the "GL: Data Access Set" profile option. based on company policy.
Subledger of the accounts. Update the ff to include new system
Accounting 2. System Administrator: Profile / System / 2. Observe online (using navigation path #2) or inspect GATE REPORTS 1-5 to 2. The "SLA: Enable Data Access Set Security in Subledger" profile option profiles:
Query: "SLA: Enable Data Access Set Security identify the value of the "SLA: Enable Data Access Set Security in Subledger" is enabled. GATE REPORT 1: ZZ System
in Subledger" profile option. Profile Options - Site
GATE REPORT 2: ZZ System
3. System Administrator: Profile / System / 3. Observe online (using navigation path #3) inspect GATE REPORTS 1-5 to 3. The "SLA: Additional Data Access Set" profile option has a defined Profile Options - Application
Query: "SLA: Additional Data Access Set" identify the value of the "SLA: Additional Data Access Set" profile option. default value based on company policy. GATE REPORT 3: ZZ System
Profile Options - Responsibility
Potential Additional Procedures: If this profile option is not enabled or does GATE REPORT 4: ZZ System
not have the expected result, discuss with the client their rationale behind Profile Options - User
X X the setting and any applicable mitigating/compensating controls. GATE REPORT 5: ZZ System
Profile Options - Not Defined
Testing Note: Profile options can be undefined or set at the site,
application, responsibility or user level. Refer to the System Administration
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger and
Subledger Accounting User Guides for listings of profile options, their
descriptions, and their configuration options.

Yes
30 General Business Setups GL-030 Financial Allocations and Budgeting Profile options related to MassAllocation and Allocations and budgets are Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Number of Accounts In Memory" profile option has a defined Not Built
Ledger are appropriately processed. MassBudget programs are enabled to improperly processed as a result Query: "GL: Number of Accounts In Memory" identify the value of the "GL: Number of Accounts In Memory" profile option. This value per company policy.
improve or optimize performance. of the low performance of the profile option allows the client to set the concurrent program controls to improve Update the ff to include new system
programs. 2. System Administrator: Profile / System / the performance of the MassAllocation and MassBudget programs. The more 2. The "GL: Number of Records to Process at Once" profile option has a profiles:
Query: "GL: Number of Records to Process at accounts MassAllocations/MassBudgets can hold in memory, the faster the defined value per company policy. GATE REPORT 1: ZZ System
Once" programs will run. Profile Options - Site
Testing Note: Profile options can be undefined or set at the site, GATE REPORT 2: ZZ System
2. Observe online (using navigation path #2) inspect GATE REPORTS 1-5 to application, responsibility or user level. Refer to the System Administration Profile Options - Application
X X X X identify the value of the "GL: Number of Records to Process at Once" profile Practice Aid for guidance on how the profile option hierarchy affects the GATE REPORT 3: ZZ System
option. This profile option allows one to set the concurrent program controls to control environment. Refer to Oracle Corporation's General Ledger User Profile Options - Responsibility
improve the performance of journal Import, MassAllocations and MassBudgets. Guide for a listing of profile options, their descriptions, and their GATE REPORT 4: ZZ System
configuration options. Profile Options - User
GATE REPORT 5: ZZ System
Profile Options - Not Defined Not
Built
No
31 General Business Setups GL-031 Financial MassAllocations and When using ledgers with average balance MassAllocations and Recurring Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Number of formulas to validate for each MassAllocation batch" Not Built
Ledger Recurring Journals are processing enabled, the number of Journals may not be processed Query: "GL: Number of formulas to validate for identify the value of the "GL: Number of formulas to validate for each profile option has a defined value based on company policy.
appropriately processed. Massallocation and Recurring Journals accurately and inappropriate each MassAllocation batch" MassAllocation batch" profile option. Client uses this profile option to specify the Update the ff to include new system
formulas are properly setup. formulas may be used. number of MassAllocation formulas that will be pre-validated in the Generate 2. The "GL: Number of formulas to validate for each Recurring Journal profiles:
2. System Administrator: Profile / System / MassAllocation Journals form before the Run MassAllocations program is batch" profile option has a defined value based on company policy. GATE REPORT 1: ZZ System
Query: "GL: Number of formulas to validate for generated. Profile Options - Site
each Recurring Journal batch" Testing Note: Profile options can be undefined or set at the site, GATE REPORT 2: ZZ System
2. Observe online (using navigation path #2) or inspect GATE REPORTS 1-5 to application, responsibility or user level. Refer to the System Administration Profile Options - Application
X X X X identify the value of the "GL: Number of formulas to validate for each Recurring Practice Aid for guidance on how the profile option hierarchy affects the GATE REPORT 3: ZZ System
Journal batch" profile option. Client uses this profile option to specify the number control environment. Refer to Oracle Corporation's General Ledger User Profile Options - Responsibility
of Recurring Journal formulas that will be pre-validated in the Generate Guide for a listing of profile options, their descriptions, and their GATE REPORT 4: ZZ System
Recurring Journals form before the Recurring Journal Entry program is configuration options. Profile Options - User
generated. GATE REPORT 5: ZZ System
Profile Options - Not Defined Not
Built
No

10 368766701.xls 10/15/201718:12:46
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
32 General Business Setups GL-032 Financial Journal entries are recorded Correct journal line types and account Invalid journals could be posted Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "SLA: Accounting Methods Builder Context" profile option has a Not Built
Ledger / completely and accurately. derivation rules are defined for each which may result to financial Query: "SLA: Accounting Methods Builder identify the value of the "SLA: Accounting Methods Builder Context" profile defined value based on client's policy..
Subledger accounting method. misstatements. Context" option. T Update the ff to include new system
Accounting Testing Note: Profile options can be undefined or set at the site, profiles:
application, responsibility or user level. Refer to the System Administration GATE REPORT 1: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Site
control environment. Refer to Oracle Corporation's General Ledger User GATE REPORT 2: ZZ System
Guide for a listing of profile options, their descriptions, and their Profile Options - Application
X X X X configuration options. GATE REPORT 3: ZZ System
Profile Options - Responsibility
GATE REPORT 4: ZZ System
Profile Options - User
GATE REPORT 5: ZZ System
Profile Options - Not Defined Not
Built
Yes
33 General Business Setups GL-033 Financial The functionality to access Assigned data access is enforced when users Subledger transactions can be Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "SLA: Enable Subledger Transaction Security in GL" profile option is Not Built
Ledger / the subledger transactions drill-down journals to the subledgers. accessed by unauthorized users Query: "SLA: Enable Subledger Transaction identify the value of the "SLA: Enable Subledger Transaction Security in GL" set to Yes.
Subledger through General Ledger through General Ledger Security in GL" profile option. Update the ff to include new system
Accounting responsibilities is responsibilities. Potential Additional Procedures: If this profile option is not defined or set to profiles:
appropriately defined. No, discuss with the client their rationale behind the setting and any GATE REPORT 1: ZZ System
applicable mitigating/compensating controls. Profile Options - Site
GATE REPORT 2: ZZ System
Testing Note: Profile options can be undefined or set at the site, Profile Options - Application
X X X X application, responsibility or user level. Refer to the System Administration GATE REPORT 3: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Responsibility
control environment. Refer to Oracle Corporation's General Ledger User GATE REPORT 4: ZZ System
Guide for a listing of profile options, their descriptions, and their Profile Options - User
configuration options. GATE REPORT 5: ZZ System
Profile Options - Not Defined Not
Built
Yes
34 General Business Setups GL-034 Operational Journal entries are recorded Definitions of Flexfield segments and Flexfield definitions may cause Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The number of enabled accounting flexfields is in accordance with GATE REPORT 1: GL Key Flexfield
Ledger completely and accurately. associated data attributes of enforce data processing failures or Financials / Flexfields / Key / Segments / identify the flexfield segments defined. standard industry practices or company policy. Segments
consistent format of financial data. interference with business Query: Application - "General Ledger"; GATE REPORT 2: GL Key Flexfield
information needs. Flexfield Title - "Accounting Flexfield"/ 2. Observe online (using navigation path #2) or inspect GATE REPORT 2 to 2. Data attributes assigned to flexfield segments is set in accordance with Value Sets
Segments /(alternative region) Segments identify the values of the established data attributes. standard industry practices.
X X X
2. General Ledger Super User: Setup / Testing Note: Refer to the General ledger Practice aid for guidance on how
Financials / Flexfields / Validation / Sets the setup of flexfields affects the control environment.

No
35 General Business Setups GL-035 Operational Journal entries are recorded Journal entries can only be posted during Journals entries posted outside Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "Journals: Allow Non-Business Day Transactions GATE REPORT 1: ZZ System
Ledger completely and accurately. authorized days. authorized days may not receive Query: "Journals: Allow Non-Business Day identify the value of the "Journals: Allow Non-Business Day Transactions (GL_ALLOW_NON_BUSINESS_DAY)" profile option is Disabled. Profile Options - Site
proper approval or review. Transactions" (GL_ALLOW_NON_BUSINESS_DAY)" profile option. GATE REPORT 2: ZZ System
Potential Additional Procedures: If this profile option is not disabled, Profile Options - Application
discuss with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
36 General Business Setups GL-036 Operational Management is monitoring Budget journals are required for each budget Modifications made to budgets Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Require Budget Journal" parameter is Enabled for each defined Not built. Update GATE REPORT 1:
Ledger business objectives actively. to maintain an audit trail. have no audit trail. Accounting Setup Manager / Accounting identify the value of the "Require Budget Journal" option for the corresponding Ledger. GL Set Of Books Definitions 3
Setups / Query the Ledger Name / Update Ledger.
X X Accounting Options (Pencil icon) / Update
Primary Ledger / Review (Budgetary Control)

No
37 General Business Setups GL-037 Operational Management is monitoring Budgetary control is used for all relevant Ledgers may not be included in Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Budgetary Control" option is Enabled for all relevant Ledgers. Not built. Update GATE REPORT 1:
Ledger business objectives actively. Ledgers. the budget process causing Accounting Setup Manager / Accounting identify the value of the "Budgetary Control" option for all relevant Ledgers. GL Set Of Books Definitions 3
budget monitoring to be non- Setups / Query the Ledger Name / Update 019963:
existent. Accounting Options (Pencil icon) / Update Did you add this o
X X X in existence?
Primary Ledger / Review (Budgetary Control)

No
38 General Business Setups GL-038 Operational Management is monitoring Budget organizations are protected by a Budgets may not be secured and Automated Preventative Configurable 1. General Ledger Super User: Budgets / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Password Security" option has been Enabled for each budget Not Built.
Ledger business objectives actively. password. vulnerable to unauthorized Define / Organization / (alternative region) Set identify the value of the "Password Security" option for each budget organization.
modification. X X X Password organization. GATE REPORT 1: TBD
No
39 General Business Setups GL-039 Operational Access to financial data is Access to Reports via Web ADI is restricted Unauthorized (read) Access to Automated Preventative Configurable 1. System Administrator: Profile / System / 1.Observe online (using navigation path #2) or inspect GATE REPORTS 1-5 to 1. The "ADI: Allow Sysadmin to View All Output GATE REPORT 1: ZZ System
Ledger restricted financial data. Query: "ADI: Allow Sysadmin to View All identify the value of the "ADI: Allow Sysadmin to View All Output (ADI_WHEN_SYSADMIN_OUTPUT_VIEW)" profile option is Disabled. Profile Options - Site
Output" (ADI_WHEN_SYSADMIN_OUTPUT_VIEW)" profile option. GATE REPORT 2: ZZ System
Potential Additional Procedures: If these profile option are not disabled, Profile Options - Application
discuss with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X X X X X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
40 General Business Setups GL-040 Operational Journal entries are recorded The number of future periods is restricted. Journals may be maliciously or Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The number of future periods does not exceed 1 for each Ledger unless Not built. Update GATE REPORT 1:
Ledger in the appropriate period unintentionally entered into a Accounting Setup Manager / Accounting identify the number of future periods for each Ledger. there is a business requirement. GL Set Of Books Definitions 1
future accounting period. Setups / Query the Ledger Name / Update
X X X X Accounting Options (Pencil icon) / Update Testing Note: If Oracle Projects is used, future periods are required to
Primary Ledger / Review (Accounting exceed 1. For more information on how future periods affect the control
Calendar) environment, refer to General Ledger Practice Aid.
No

11 368766701.xls 10/15/201718:12:46
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
41 General Business Setups GL-041 Operational Journal entries are recorded ADI enforces the use of one defined journal The use of variable journal Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GLDI: Journal Source (GLDI_JOURNAL_SOURCE)" profile option GATE REPORT 1: ZZ System
Ledger completely and accurately. source. sources is a risk to the traceability Query: "GLDI: Journal Source" identify the value of the "GLDI: Journal Source (GLDI_JOURNAL_SOURCE)" is defined appropriately. Profile Options - Site
of journals posted by ADI. profile option. GATE REPORT 2: ZZ System
Potential Additional Procedures: If this profile option is not defined, discuss Profile Options - Application
with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X X X X X X X X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
42 General Business Setups GL-042 Operational Journal entries and currency Only appropriate currencies are enabled Incorrect currencies may be used Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Only appropriate currencies are enabled. GATE REPORT 1: GL Currencies
Ledger translations are recorded within the system. resulting in incorrect financial Currencies / Define verify that only appropriate currencies are enabled.
accurately. data. X X
No
43 General Business Setups GL-043 Financial Journal entries are recorded Journal entries related to transaction Journals entries could be posted Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "GL Ledger Name" profile option has a defined default value based Not Built.
Ledger completely and accurately. processing should be posted to the to the incorrect Ledger which may Query: "GL Ledger Name" identify the value of the "GL Ledger Name" profile option. on the company policy.
appropriate Ledger. result to financial misstatement. GATE REPORT 1: TBD
iegleston001: Potential Additional Procedures: Based on the number of responsibilities
This seems like it would defined and PwC sampling process, discuss with the engagement
have a financial impact? management on how many responsibilities to test.

Testing Note: Profile options can be undefined or set at the site,


X X X application, responsibility or user level. Refer to the System Administration
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.
iegleston001:
Likewise, this sounds like a
financial control Yes
44 General Business Setups GL-044 Financial Journal entries are recorded Subledger Journal Entries are imported Journal entries may not be Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: Archive Journal Import Data" profile option has a defined Not Built
Ledger / completely and accurately. completely and reviewed accordingly. transferred completely which Query: "GL: Archive Journal Import Data" identify the value of the "GL: Archive Journal Import Data" profile option. default value based on company policy.
Subledger result to misstatement of account Update the ff to include new system
Accounting balances. 2. System Administrator: Profile / System / 2. Observe online (using navigation path #2) or inspect GATE REPORTS 1-5 to Potential Additional Procedures: If this option is set to Yes, we should ask profiles:
Query: "SLA: Disable Journal Import" identify the value of the "SLA: Disable Journal Import" profile option. This profile the client on what are their manual and clean-up steps to make sure that GATE REPORT 1: ZZ System
option controls whether subledger journal entries are imported to General the journal import data are reviewed and regularly deleted, respectively. On Profile Options - Site
Ledger. the other hand, if this option is set to No, we also have to ask the client GATE REPORT 2: ZZ System
what their manual controls that they implement to make sure that journal Profile Options - Application
entries from the subledger modules are completely and accurately imported GATE REPORT 3: ZZ System
to General Ledger. Profile Options - Responsibility
X X X X GATE REPORT 4: ZZ System
2. The "SLA: Disable Journal Import" profile option is set to No. Profile Options - User
GATE REPORT 5: ZZ System
Testing Note: Profile options can be undefined or set at the site, Profile Options - Not Defined Not
application, responsibility or user level. Refer to the System Administration Built
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

Yes
45 General Business Setups GL-045 Financial Data Access Sets are Access sets are appropriately defined and Inappropriate configuration and Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. Access sets are defined according to company policy. Not Built
Ledger appropriately defined. assigned to users. assignment of definition access Financials / Definition Access Sets / Define determine that access sets are defined according to company policy.
sets may result to invalid journals 2. Access sets are assigned to authorized users based on company policy. GATE REPORT 1: TBD
being posted. 2. General Ledger Super User: Setup / 2. Observe online (using navigation path #2) or inspect GATE REPORT 2 to GATE REPORT 2: TBD
Financials / Definition Access Sets / Assign determine that access sets are assigned to authorized users based on company Testing Note: If the report noted in step 1 is not utilized, discuss with
X X X X X
policy. management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
iegleston
001:
Is this Yes
really
46 General Business Setups GL-046 Financial financial - Accounting events are used Journals should be automatically numbered If journals are not allocated a Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Manual journals and subledger journals should use accounting Update GATE REPORT 1:
Ledger what's the to generate document based on accounting event. sequential number based on the Financials / Sequences / Accounting / Assign / review which documents have been assigned an accounting sequence. sequences and have these generated by journal effective date. Document Sequences
impact for sequences. journal effective date (posting Search: "Sequencing Event Name" Consider whether the event that generates the sequential number is appropriate.
material date), posted journals may not For journals, the event should be journal effective date.
misstatem have a gapless sequence (as
ent? iegleston001:
This does not sound like it's journals may be created and then
worded as a control deleted). This is a legal
requirement in some countries. X X X
Sequential numbering based on
posting date provides
management with comfort over
completeness when reviewing
journals.
Yes
47 General Business Setups GL-047 Operational Journal entries are recorded Journal entry reconciliation is enabled. This If this is not used, additional work Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Journal reconciliation should be enabled. Not Built.
Ledger completely and accurately. enables the reconciliation of journal lines that may be required around journal Financials / Accounting Setup Manager / determine whether enable journal reconciliation is enabled.
Journal entry reconciliation is should net to zero. Journal entry reconciliation reconciliation at period end. Select Ledger / Update ledger / Advanced GATE REPORT 1: TBD
enabled is enabled, forcing journal lines in journal X X X X Options / View: "Enable Journal
entries to net to zero. Reconciliation"
Yes
48 General Business Setups GL-048 Financial The Subledger Accounting The Subledger Accounting Method If an inaccurate Subledger Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT ! and 1. The Subledger Accounting Method used should be enabled in the Not Built.
Ledger Method is defined in the determines the set of Subledger Accounting Accounting Method is used, Financials / Accounting Setup Manager / determine the Subledger Accounting Method setting. Validate the setup to the Subledger Accounting form; the configuration of the Subledger Accounting
Accounting Setup Manager. Rules applied to subleger events. entries may not be made in line Select Ledger / Update ledger / Ledger enabled Subledger Accounting Method in the Subledger Accounting screens Method should be appropriate given the Ledger's accounting convention. GATE REPORT 1: TBD
with the ledger's accounting X X X X X X X X X Definition / View "Subledger Accounting (see SLA work program).
convention, leading to financial Method"
misstatement.
Yes
49 General Business Setups GL-049 Financial Reporting Currencies are Reporting Currencies are defined for each If these are not set up correctly, Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. All required Reporting Currencies should be enabled. Not Built.
Ledger appropriately configured. appropriate ledger. This enables the user to balances may be translated Financials / Accounting Setup Manager / determine if all reporting currencies required by the client are enabled.
view the journals in a different translated inaccurately, which may result in Ledger Definition / Accounting Options for 2. The currency conversion level is appropriately defined based on GAAP GATE REPORT 1: TBD
currency amounts. financial misstatement. selected ledger / Update Reporting Currencies 2. Ensure that the currency conversion level (Journal, Balance or Subledger) is applied to the Ledger.
appropriate given the role of the Reporting Currency.
X X X X 2. The c period end rate type and period average rate type are
3. Ensure that the currency translation options (period end rate type and period appropriately defined based on GAAP applied to the Ledger.
average rate type) are appropriate given the Ledger's accounting convention.

Yes

12 368766701.xls 10/15/201718:12:46
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
50 General Business Setups GL-050 Financial Intercompany Balancing Intercompany balancing rules can be setup If intercompany balancing is not Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Balancing segments rules are correctly defined based on company Not Built.
Ledger rules are appropriately between companies so that when a journal is configured appropriately, Financials / Accounting Setup Manager / review the intercompany balancing rules. policy.
configured. created in one company, the balancing entry unbalanced journals may be Accounting Setups / Accounting Options / GATE REPORT 1: TBD
is posted to the other company. posted. Alternatively, journals X X X X X X Intercompany Balancing Rules / Legal Entity / 2. Ensure that the debit and credit balancing segment values are defined 2. The intercompany accounts for debit and credit segment values are
may be posted to inappropriate Legal Entity selected / Setup Rules appropriately. correctly defined.
code combinations.
Yes
51 General Standing Data GL-051 Financial Primary Currency translations are Currency conversation rates are regularly Currency conversions are not Manual Detective Manual 1. General Ledger Super User: Other / 1. For the currency method used by the client (daily, period or historical), inspect 1. The samples of the identified currency reports contain evidence of NA
Ledger accurate. reviewed to ensure they have been imputed entered regularly and accurately, Requests / Submit New Request / Single a sample of the following reports based on PwC Methodology and examine for appropriate review.
accurately and in a timely manner. affecting the accuracy of financial Request / Submit: Name - (Currency - Daily evidence of review:
data. Conversion Rates Listing) a-Currency - Daily Rates Conversion Listing Testing Note: If the reports noted in step 1 are not utilized, discuss with
b-Currency - Period Rates Listing management what other reports, processes or mitigating/compensating
2. General Ledger Super User: Other / c-Currency - Historical Rates Listing controls are used to address the control risk.
Requests / Submit New Request / Single
Request / Submit: Name - (Currency - Period
Rates Listing)

3. General Ledger Super User: Other /


X X Requests / Submit New Request / Single
Request / Submit: Name - (Currency -
Historical Rates Listing)

No
52 General Standing Data GL-052 Financial Primary Journal entries are recorded The general ledger code combination Transactions are posted to invalid Manual Detective Manual 1.System Administrator: Requests / Run / 1. Based on PwC Methodology, inspect a sample of the Cross-Validation Rule 1. The samples of the Cross-Validation Rule Violation Report contain NA
Ledger completely and accurately. violations are monitored and followed up on a accounts resulting in invalid and Single Request / Submit: Name - (Cross- Violation Report and ensure they have been appropriately reviewed. evidence of appropriate review.
regular basis. inaccurate financial statements. Validation Rule Violation Report)
X X Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No
53 General Standing Data GL-053 Financial Primary Journal entries are recorded Cross validation rules prevent invalid account Unauthorized or invalid general Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Cross-Validate Segments" option is Enabled for all accounting GATE REPORT 1: GL Key Flexfield
Ledger completely and accurately. code combinations from being posted to the ledger account combinations may Financials / Flexfields / Key / Segments / identify the value of the "Cross-Validate Segments" option. flexfields. Structure Definition 2
General Ledger. be created. Query: Application - "General Ledger";
Flexfield Title - "Accounting Flexfield" 2. Observe online (using navigation path #2) and confirm that the Cross 2. Cross Validation Rules and their elements (type and value range) are set
Validation Rules and their elements (type and value range) are set up according up according to policy.
2. General Ledger Super User: Setup / to policy.
Financials / Flexfields / Key / Rules

X X

No
54 General Standing Data GL-054 Financial Primary Balances and details are Financial Statement Generator (FSG) FSG mappings may be configured Manual Preventative Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect the FSG: Where Used GATE REPORT 1. The Financial Statement Generator Reports are defined according to NA
Ledger included in the Financial mappings are defined according to policy. incorrectly resulting in incorrect Requests / Submit New Request / single to ensure that Financial Statement Generator reports are defined appropriately. policy.
statements completely and financial reports. Request / Submit: Name (FSG: Where Used
accurately. Report)

X X X X X X X X X X

No
55 General Standing Data GL-055 Financial Secondary Postings from sub-ledger to AutoPost criteria sets are defined Unauthorized or invalid journals Automated Preventative Configurable 1. General Ledger Super User: Setup / Journal 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1 and 1. Each enabled AutoPost Criteria Set's values for the attributes category, GATE REPORT 1: GL AutoPost
Ledger GL are made completely, appropriately and according to company may be posted, resulting in / AutoPost 2 to verify that enabled AutoPost criteria sets and their attributes are set up balance type and period are set according to company policy. Criteria Set 1
accurately and in the policy. misstatements of accounts. according to policy. GATE REPORT 2: GL AutoPost
appropriate period. Potential Additional Procedures: If this configuration is not defined and/or Criteria Set 2
enabled, discuss with the client their rationale behind the setting and any
applicable mitigating/compensating controls.

Testing Note: AutoPost has a number of configurations and control


dependencies. Refer to the General Ledger Practice Aid for guidance on
how the various settings can impact the control environment.

X X X X X X

No

13 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
56 General Standing Data GL-056 Financial Secondary Opening balances are The year-end carry forward function ensures Accounts carried forward to the Automated Preventative Inherent For inherent controls, discuss the testing For inherent controls, discuss the testing approach with engagement For inherent controls, discuss the testing approach with engagement NA
Ledger complete and accurate. the accurate carry forward of accounts. next year may be incomplete approach with engagement management. management. management.
resulting in incorrect financial
statements. Testing Note: Inherent functionality is not reliant on configurations, but
instead is driven by the application's seeded code. The functionality that
supports this control cannot be changed without adjusting the application's
underlying SQL code.

X X X X X

No
57 General Standing Data GL-057 Financial Secondary Currency translations are A cumulative translation adjustment account is Adjustments from currency Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) to identify the value of the 1. For each Ledger, the account noted in the "Cumulative Translation Not Built
Ledger accurate. appropriately set up for each defined Ledger. translation or revaluations may not Accounting Setup Manager / Accounting "Cumulative Translation Adjustment Account" field to ensure that the account is Adjustment Account" field is appropriately defined.
be appropriately accounted for, Setups / Query the Ledger Name / Update defined appropriately according to the Chart of Accounts.
resulting in inaccurate financial Accounting Options (Pencil icon) / Update
reports. Primary Ledger / Review (Currency Translation
Options)

X X

No
58 General Standing Data GL-058 Financial Secondary Journal entries are Summary accounts are utilized and defined Summary accounts may include Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) to identify the summary accounts 1. Summary Accounts have been defined according to policy. Not Built
Ledger aggregated completely and according to policy. inappropriate detailed accounts, Accounts / Summary that have been defined.
accurately. resulting in financial report
balance values that do not X X X
accurately reflect individual
account balances.
No
59 General Standing Data GL-059 Financial Secondary Journal entries are recorded MassAllocation formulas have been defined MassAllocation formulas may be Automated Preventative Configurable 1. General Ledger Super User: Journals / 1. Observe online (using navigation path #1), inspect GATE REPORTS 1-2 or 1. MassAllocation formulas have been defined according to corporate policy. GATE REPORT 1: GL Mass
Ledger completely and accurately. according to policy. configured incorrectly resulting in Define / Allocation run the MassAllocation Formula Listing Report to determine if MassAllocation Allocation Formulas
financial data (e.g. overhead formulas have been defined according to corporate policy. GATE REPORT 2: GL Mass
expenses) being allocated X X Allocation Batches
inappropriately.
No
60 General Standing Data GL-060 Financial Secondary Journal entries are Account rollup groups are defined Inappropriately defined rollup Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. For each segment value for which the Parent box is enabled, view the GATE REPORT 1: Not Built
Ledger aggregated completely and appropriately. groups may provide management Financials / Flexfields / Key / Values / ensure that for each segment value for which the Parent box is enabled, view defined child ranges and ensure the child ranges are set up appropriately. GATE REPORT 2: GL Key Flexfield
accurately. with inaccurate summary (alternative region) Values, Hierarchy, the defined child ranges and ensure the child ranges are set up appropriately. Segment Values
information. Qualifiers / (alternative region) Define Child 2. For each segment value for which the Parent box is enabled, they are
Ranges 2. Observe online (using navigation path #2) or inspect GATE REPORT 2 to assigned to an appropriate (rollup) group.
ensure that for each segment value for which the Parent box is enabled, they
X X X 2. General Ledger Super User: Setup / are assigned to an appropriate (rollup) group.
Financials / Flexfields / Key / Values /
(alternative region) Values, Hierarchy,
Qualifiers

No
61 General Standing Data GL-061 Financial Secondary Journal entries are posted Alternate accounts are appropriately defined Journals using disabled accounts Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Disabled accounts have assigned alternate accounts. Not Built.
Ledger completely and accurately. to ensure that journals are posted to the that do not have alternate Accounts / Combinations / Query: Disabled verify if disabled accounts (accounts combinations) have assigned alternate
appropriate accounts, if the existing account accounts could not be transferred Accounts (Enabled box is unchecked) / accounts. 2. If the disabled accounts have no assigned alternate accounts, discuss GATE REPORT 1: TBD
has been disabled which will result to misstatement Alternate Account field with client the reason behind the setup.
of account balances. X X X X
Testing Note: Refer to the General Ledger Practice Aid for guidance on
how disabled and alternate accounts can impact the control environment.

Yes
62 General Standing Data GL-062 Operational Management is monitoring Budget control tolerances are automatically Control tolerances for budgets Automated Preventative Configurable 1. General Ledger Super User: Budgets / 1. Observe online (using navigation path #1), or inspect GATE REPORT 1 to 1. The "Funds Check Level" parameter assigned to each budgeted account GATE REPORT 1: GL Budget
Ledger business objectives actively. controlled by Oracle. may be incorrect or not current, Define / Controls / (alternative region) Funds identify the value of the "Funds Check Level" setting assigned to each budgeted range is set up according to policy. Control Options
resulting in ineffective budget X X Check Level account range.
monitoring.
No
63 General Standing Data GL-063 Operational Management is monitoring Budget formulas are used to calculate Budget formulas are created Automated Preventative Configurable 1. General Ledger Super User: Budgets / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. Budget formulas are set up according to policy. Not Built
Ledger business objectives actively. budgets. incorrectly, resulting in future Define / Formula inspect a sample of budget formulas based on PwC Methodology to ensure they
business decisions that are based X X are set up according to policy. GATE REPORT 1: TBD
on incorrect budgets.
No
64 General Standing Data GL-064 Operational Management is monitoring Budget organizations have been assigned the Budgets may not be completely Automated Preventative Configurable 1. General Ledger Super User: Budgets / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The account ranges of each budget organization are set up according to Not Built
Ledger business objectives actively. appropriate account ranges. assigned all account ranges that Define / Organization / (alternative region) inspect the account ranges of each budget organization to ensure they are set policy.
are intended to be budgeted for. X X Ranges up according to policy. GATE REPORT 1: TBD
No
65 General Standing Data GL-065 Operational Journal entries are recorded AutoAllocation can be rolled back if it fails. If erroneous automatic allocations Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "GL: AutoAllocation Rollback Allowed GATE REPORT 1: ZZ System
Ledger completely and accurately. cannot be rolled back, the manual Query: "GL: Auto Allocation Rollback Allowed" identify the value of the "GL: AutoAllocation Rollback Allowed (GL_AUTO_ALLOC_ROLLBACK_ALLOWED)" profile option is Enabled. Profile Options - Site
correction or reversal of potentially (GL_AUTO_ALLOC_ROLLBACK_ALLOWED)" profile option. GATE REPORT 2: ZZ System
numerous cascading journals may Potential Additional Procedures: If this profile option is not enabled, discuss Profile Options - Application
be prone to human error, causing with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
financial statements to be mitigating/compensating controls. Profile Options - Responsibility
inaccurate. GATE REPORT 4: ZZ System
X X X X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
14 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
66 General Standing Data GL-066 Financial Definition Access Sets Definition Access Sets can be used to restrict If definition access sets are not Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 and 1. All definitions that are used by the client should have a Definition Access Not Built.
Ledger restrict inappropriate access to: appropriately designed, Financials / Definition Access Sets / Data determine which definitions are used by the client. For each of these definitions, Set defined.
responsibilities from using, MassAllocation and MassBudget Formulas inappropriate users may gain Access Sets / Define and Assign / Search: determine if a Definition Access Set has been developed. GATE REPORT 1: TBD
viewing or modifying FSG Reports and Components access to sensitive functionality. "Definition Access Sets" 2 & 3. For guidance on assessing and testing segregation of duties, please
definitions. Accounting Calendars This could result in financial 2. If a Definition Access Set has been developed, determine the level of access refer to this module's Practice Aid and PwC Oracle GATE. To achieve
Transaction Calendars misstatement. 2. For guidance on assessing and testing (use/view/modify) allocated to each responsibility. segregation of duties, standard users should not be able to modify AND
AutoPost Criteria Sets segregation of duties, please refer to this use the definition. The ability to modify definitions should be restricted.
AutoReversal Criteria Sets module's Practice Aid and PwC Oracle GATE. 3. Identify which users have access to this responsibility and consider whether it
Budget Organizations is appropriate for them to have this level of access.
Chart of Accounts Mappings 3. For guidance on assessing and testing
Consolidation Definitions X X X X X X X X X segregation of duties, please refer to this
Consolidation Sets module's Practice Aid and PwC Oracle GATE.
Elimination Sets
Ledger Sets
Recurring Journals and Budget Formulas
Rate Types
Revaluations

Yes
67 General Standing Data GL-067 Financial Journals cannot be posted to Subledger accounts can be designated as If control accounts are not Automated Preventative Configurable 1. General Ledger Super User: Setup / 1-3. All subledger accounts should be designated as control accounts in Not Built.
Ledger subledger accounts in the control accounts in the GL. This prevents configured, users can post Financials / Flexfields / Key / Values; view the the GL.
General Ledger. users from posting to these accounts in the journals to subledger accounts. account listing and identify if the qualifier for 1.Observe online (using navigation path #1) or inspect GATE REPORT 1 and GATE REPORT 1: TBD
General Ledger when creating manual This can lead to unreconciled third party control account has been set to determine which accounts have the "Third Party Control Account" setting
journals. differences between the subledger "YES". enabled.
and the general ledger.
x x x x x 2. Validate the accounts identified in #1 with the client to determine if they are
correctly assigned as subledger control accounts.

3. Optionally, run the "Chart of Accounts - Segment Value" report from


concurrent manager and compare it with the Trial Balance. Any natural accounts
in Trial Balance that are not in the Segment Value report are control accounts.
Yes
68 General Process Journal GL-068 Financial Primary Journal entries are approved Journals selected for AutoPosting are Incomplete and inaccurate Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the output of the Program - 1. The samples of the output of the Program - Automatic Posting (the NA
Ledger entries and are recorded in the inspected and approved according to journals batches might be posted Requests / Submit New Request / Single Automatic Posting (the AutoPost Execution Report) and ensure they have been AutoPost Execution Report) contain evidence of appropriate review.
appropriate period. company policy. automatically affecting financial Request / Submit: Name - (Program - appropriately reviewed.
statements. X X X X X Automatic Posting) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No
69 General Process Journal GL-069 Financial Primary Journal entries are recorded Recurring journals are inspected on a regular Outdated Recurring journals may Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the Other - Recurring 1. The samples of the Other - Recurring Formula Listing reports contain NA
Ledger entries completely and accurately. basis to ensure they are not outdated. lead to inaccurate journals Requests / Submit New Request / Single Formula Listing reports and ensure they have been appropriately reviewed. evidence of appropriate review.
resulting in misstatements of Request / Submit: Name - (Other - Recurring
accounts. Formula Listing) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
X X X X X controls are used to address the control risk. In addition, recurring journals
can be defined in several ways, application, responsibility or user level.
Refer to the System Administration Practice Aid for guidance on how the
profile option hierarchy affects the control environment.

No
70 General Process Journal GL-070 Financial Primary Journal entries are recorded Accounting data from external systems is The import of valid accounting Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the output of the Program - 1. The samples of the output of the Program - Import Journals (the Journal NA
Ledger entries completely and accurately. reviewed. data from external sources may Requests / Submit New Request / Single Import Journals (the Journal Import Execution Report) and ensure they have Import Execution Report) contain evidence of appropriate review.
be incomplete, causing the Request / Submit: Name - (Program - Import been appropriately reviewed.
financial statements to be X X X X Journals) Testing Note: If the report noted in step 1 is not utilized, discuss with
incomplete. management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No
71 General Process Journal GL-071 Financial Primary Journal entries are approved Journal entries with a status of posted cannot Journals posted multiple times Automated Preventative Inherent For inherent controls, discuss the testing For inherent controls, discuss the testing approach with engagement For inherent controls, discuss the testing approach with engagement NA
Ledger entries and are recorded in the be re-posted. could result in inaccurate financial approach with engagement management. management. management.
appropriate period. statements.
Testing Note: Inherent functionality is not reliant on configurations, but
X X X instead is driven by the application's seeded code. The functionality that
supports this control cannot be changed without adjusting the application's
underlying SQL code.
No
72 General Process Journal GL-072 Financial Secondary Journal entries are recorded The journal category, journal source, currency, Inaccurate journal entries are Automated Preventative Inherent For inherent controls, discuss the testing For inherent controls, discuss the testing approach with engagement For inherent controls, discuss the testing approach with engagement NA
Ledger entries completely and accurately. GL Date, segments and segment values are posted to the GL, impacting the approach with engagement management. management. management.
validated from Web ADI (Applications Desktop accuracy of financial reporting.
Integrator) journal entries prior to being Testing Note: Inherent functionality is not reliant on configurations, but
imported into the GL interface tables. X X X instead is driven by the application's seeded code. The functionality that
supports this control cannot be changed without adjusting the application's
underlying SQL code.
No
73 General Process Journal GL-073 Financial Secondary Journal entries are recorded Oracle will not allow journal entries to be Inaccurate journal entries are Automated Preventative Inherent For inherent controls, discuss the testing For inherent controls, discuss the testing approach with engagement For inherent controls, discuss the testing approach with engagement NA
Ledger entries completely and accurately. saved without the following fields completed: posted to the GL, impacting the approach with engagement management. management. management.
Journal Name, Period, Category, Effective accuracy of financial reporting.
Date, Currency, Conversion Date. Testing Note: Inherent functionality is not reliant on configurations, but
X X X instead is driven by the application's seeded code. The functionality that
supports this control cannot be changed without adjusting the application's
underlying SQL code.
No
74 General Process Journal GL-074 Financial Secondary Journal entries are recorded Posting errors are reviewed regularly and are Posting errors may not be Manual Detective Manual 1. General Ledger Super User: Journals / Post 1. Based on PwC Methodology, inspect a sample of the output of the Posting 1. The samples of the output of the Posting request (the Posting Execution NA
Ledger entries completely and accurately. corrected. corrected on a timely basis request (the Posting Execution Report) and ensure they have been appropriately Report) contain evidence of appropriate review.
resulting in incomplete and reviewed.
The Posting Execution report is reviewed inaccurate financial statements. X X X X X Testing Note: If the report noted in step 1 is not utilized, discuss with
monthly to ensure all posting errors are management what other reports, processes or mitigating/compensating
corrected before period close. controls are used to address the control risk.
No
75 General Process Journal GL-075 Financial Secondary Journal entries are recorded MassAllocation formulas are appropriately MassAllocation formulas may be Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the Other - MassAllocation 1. The samples of the Other - MassAllocation Formula Listing contain NA
Ledger entries completely and accurately. defined. configured incorrectly causing Requests / Submit New Request / Single Formula Listing and ensure they have been appropriately reviewed. evidence of appropriate review.
account allocations to be Request / Submit: Name - (Other -
incomplete and/or inaccurate. X X X MassAllocation Formula Listing) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No

15 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
76 General Process Journal GL-076 Financial Secondary Journal entries are approved. Journals entered are approved online, Unauthorized journal entries may Automated Detective Configurable 1. General Ledger Super User: Other / 1. Obtain the journal approval policy from client management. 1. Journal approval policy is obtained from client management. NA
Ledger entries according to policy. cause inaccurate or invalid Requests / Submit New Request / Single
financial statements. Request / Submit: Name - (Posted Journals 2. Obtain a listing (using navigation path #1) of all posted journals from the 2. A listing of all posted journals for a specified period is obtained from the
Report) Posted Journals Report for a specified period. Posted Journals Report.

3. Based on PwC Methodology, select a sample of posted journal entries and 3. The samples of the posted journal entries contain evidence of approval
X X X observe the workflow approval online to ensure they have been approved according to corporate policy.
according to policy.
Testing Note: Refer to the General Ledger Practice Aid for further guidance
on how to test the workflow behind the approval of journal entries.

No
77 General Process Journal GL-077 Operational Access to view subledger Ability to view subledger detail from GL is Drill-down capability to Automated Preventative Configurable 1. General Ledger Super User: Setup / Journal 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. The "Import Journal References" parameter is Enabled for all Oracle GATE REPORT 1: GL Journal Entry
Ledger entries details from GL is possible. maintained once subledger has been posted transaction-level detail from / Sources / (alternative region) Source - (Enter identify the value of the "Import Journal References" configuration. Application subledgers (Journal Sources). Sources
to General Ledger. account or journal inquiry in name of source)
General Ledger is not Enabled,
resulting in untimely reconciliation
during period end.

X X X X X

No
78 General Process Journal GL-078 Operational Journal entries are recorded Users are notified when processing journal Users may process transactions in Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "Journals: Enable Prior Period Notification GATE REPORT 1: ZZ System
Ledger entries completely and accurately. entries in a prior period. the incorrect accounting period Query: "Journals: Enable Prior Period identify the value of the "Journals: Enable Prior Period Notification (GL_ENABLE_PRIOR_PERIOD_NOTIFICATION)" profile option is Profile Options - Site
affecting the accuracy of the Notification" (GL_ENABLE_PRIOR_PERIOD_NOTIFICATION)" profile option. Enabled. GATE REPORT 2: ZZ System
financials. Profile Options - Application
Potential Additional Procedures: If this profile option is not enabled, discuss GATE REPORT 3: ZZ System
with the client their rationale behind the setting and any applicable Profile Options - Responsibility
mitigating/compensating controls. GATE REPORT 4: ZZ System
X X X X Profile Options - User
Testing Note: Profile options can be undefined or set at the site, GATE REPORT 5: ZZ System
application, responsibility or user level. Refer to the System Administration Profile Options - Not Defined
Practice Aid for guidance on how the profile option hierarchy affects the
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.
No
79 General Process Journal GL-079 Operational Management is monitoring Budget amounts are checked against fund Budget variances may be Automated Preventative Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) to determine the value of the 1. The "Enable Budgetary Control" option is Enabled for all defined Ledger. Not built. Update GATE REPORT 1:
Ledger entries business objectives actively. levels by the system. excessive if not closely monitored Accounting Setup Manager / Accounting "Budgetary Control" configuration for each defined Ledger. GL Set of Books Definitions 3
by automatic checks at the time of Setups / Query the Ledger Name / Update 2. The value of "Automatic Encumbrance Funds Check Level" is set up GATE REPORT 2: GL
transaction processing. Accounting Options (Pencil icon) / Update 2. Observe online (using navigation path #2) or inspect GATE REPORTS 2-3 to according to policy for each account assignment in each budget Encumbrance Types
Primary Ledger / Review (Budgetary Control) determine the value of the "Automatic Encumbrance Funds Check Level" organization. GATE REPORT 3: GL Budget
parameters for each account assignment in each budget organization. Control Options
X X 2. General Ledger Super User: Budgets /
Define / Organization / Assignments /
(alternative region) Budgetary Control

No
80 General Process Journal GL-080 Operational Management is monitoring Budgets are frozen once they have been Unauthorized changes may be Automated Preventative Configurable 1. General Ledger Super User: Budgets / 1. Observe online (using navigation path #1) to identify if all defined and 1. All defined budgets have the "Frozen" status. Not Built
Ledger entries business objectives actively. approved. made to approved budgets. X X X Define / Budget / Freeze approved budgets are frozen.
No
81 General Process Journal GL-081 Operational Management is monitoring MassBudgets are used to allocate budgets. Budgets may be allocated Automated Preventative Configurable 1. General Ledger Super User: Budgets / 1. Observe online (using navigation path #1) a sample of MassBudgets and 1. The formula, Account definitions, Currency, Amount Type, and Relative Not Built
Ledger entries business objectives actively. incorrectly. Define / MassBudget / (alternative region) verify that the formula, Account definitions, Currency, Amount Type, and Relative Period parameters for these MassBudgets have been defined in line with
X X Formulas Period parameters for these MassBudgets have been defined in line with client client requirements.
requirements.
No
82 General Run Reports/ Close GL-082 Financial Primary Journal entries are recorded All prior and future periods are closed. Journal entries are processed in Automated Detective Configurable 1. General Ledger Super User: Setup / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1 to 1. All prior and future accounting periods (except the current period) should GATE REPORT 1: GL Period Status
Ledger Period in the appropriate period. the incorrect period resulting in Open/Close identify the value of the "Period Status" configuration for each defined period. have a status of Closed.
misstatement of accounts. X X X X X
No
83 General Run Reports/ Close GL-083 Financial Primary Period-end closing Balance sheet closing journal entries are Balance Sheet Closing journal Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the Close Process - Create 1. The samples of the Close Process - Create Balance Sheet Closing NA
Ledger Period adjustments are recorded accurately created and transferred by the entries may be incomplete and Requests / Submit New Request / Single Balance Sheet Closing Journals GATE reports and ensure they have been Journals reports contain evidence of appropriate review.
completely and accurately. system. incorrect resulting in incorrect Request / Submit: Name - (Close Process - appropriately reviewed.
financials statements. X X X X X X Create Balance Sheet Closing Journals) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No
84 General Run Reports/ Close GL-084 Financial Primary Journal entries are recorded Income statement closing journal entries are Income Statement Closing journal Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the Close Process - Create 1. The samples of the Close Process - Create Income Statement Closing NA
Ledger Period completely and accurately. accurately created and transferred by the entries may be incomplete and Requests / Submit New Request / Single Income Statement Closing Journals reports and ensure they have been Journals reports contain evidence of appropriate review.
system. incorrect resulting in incorrect Request / Submit: Name - (Close Process - appropriately reviewed.
financials statements. X X X X X X Create Income Statement Closing Journals) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No
85 General Run Reports/ Close GL-085 Financial Secondary Balances and details are The expanded trial balance report is reviewed Transactions might be posted to Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the Trial Balance - 1. The samples of the Trial Balance - Expanded reports contain evidence of NA
Ledger Period included in the Financial regularly to ensure that account balances are incorrect accounts resulting in Requests / Submit New Request / Single Expanded reports and ensure they have been appropriately reviewed. appropriate review.
statements completely and accurate. misstatements of financial Request / Submit: Name - (Trial Balance -
accurately. accounts. X X X X X X Expanded) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No
86 General Run Reports/ Close GL-086 Financial Secondary Balances and details are The income statement is reviewed regularly to Income statement reports may be Manual Detective Manual 1. General Ledger Super User: Reports / 1. Based on PwC Methodology, inspect a sample of the Income Statement 1. The samples of the Income Statement report contain evidence of NA
Ledger Period included in the Financial ensure that account balances are accurate. incomplete and inaccurate Requests / Financial / Individual Reports / Report and ensure they have been appropriately reviewed. appropriate review.
statements completely and resulting in misstatement of Submit: Report - (Income Statement)
accurately. financial statements. X X X X X X Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
No

16 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
87 General Run Reports/ Close GL-087 Operational Restricted Access to financial Users can generate financial reports that only Users may observe financial data Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The "FSG: Enforce Segment Value Security GATE REPORT 1: ZZ System
Ledger Period Data. include specific account segments for which and create financial reports for Query: "FSG: Enforce Segment Value identify the value of the "FSG: Enforce Segment Value Security (RG_ENFORCE_SEGMENT_SECURITY)" profile option is set to "Yes". Profile Options - Site
they have been granted valid access. which they are not authorized. Security" (RG_ENFORCE_SEGMENT_SECURITY)" profile option. GATE REPORT 2: ZZ System
Potential Additional Procedures: If this profile option is not set to Yes, Profile Options - Application
discuss with the client their rationale behind the setting and any applicable GATE REPORT 3: ZZ System
mitigating/compensating controls. Profile Options - Responsibility
GATE REPORT 4: ZZ System
X X Testing Note: Profile options can be undefined or set at the site, Profile Options - User
application, responsibility or user level. Refer to the System Administration GATE REPORT 5: ZZ System
Practice Aid for guidance on how the profile option hierarchy affects the Profile Options - Not Defined
control environment. Refer to Oracle Corporation's General Ledger User
Guide for a listing of profile options, their descriptions, and their
configuration options.

No
88 General Run Reports/ Close GL-088 Operational Journal entries are recorded Segment and account rules related to a Inappropriate segment and Automated Preventative Configurable 1. General Ledger Super User: Other / 1. Through the test instance, generate (using navigation path #1) the Chart of 1-2. The samples of the Chart of Accounts - Mapping Rules Report contain NA
Ledger Period completely and accurately. specific chart of accounts are appropriately account rules may result in Requests / Submit New Request / single Accounts - Mapping Rules report. evidence that they are appropriately defined.
defined. incorrect journals being posted Request / Submit: Name (Chart of Accounts -
which may affect the account X X X X X Mapping Rules) 2. Inspect samples (based on PwC Methodology) of the segment and account Testing Note: If the report noted in step 1 is not utilized, discuss with
balances. rules listed in the report and ensure they have been appropriately defined. management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
Yes
89 General Run Reports/ Close GL-089 Operational Journal entries are recorded Manual journals are entered appropriately. Unauthorized or invalid journals Manual Preventative Configurable 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect samples of manual journals in the 1. The samples of the Journals - Check Report contain evidence that NA
Ledger Period completely and accurately. may be posted, resulting in Requests / Submit New Request / single Journals - Check report and ensure they have been appropriately entered. manual journals are appropriately entered.
misstatements of accounts. Request / Submit: Name (Journals - Check)
X X X X X Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.
Yes
90 General Run Reports/ Close GL-090 Operational Journal entries are recorded Only authorized journal creators and Incorrect provision of approval Manual Preventative Configurable 1. General Ledger Super User: Other / 1.Inspect Program - Maintain Authorized Users for Journal Approval 1. The samples of the Program - Maintain Authorized Users for Journal NA
Ledger Period completely and accurately. approvers have defined approval limits. limits to unauthorized user result Requests / Submit New Request / single Reassignment report to ensure that only authorized employees are defined as Approval Reassignment Report contain evidence that employee approval
to invalid journal entries to be Request / Submit: Name (Program - Maintain journal creators and approvers and the approval amounts assigned to each of limits are appropriately defined.
entered and posted. Authorized Users for Journal Approval them are correct based on the company's approval hierarchy (policy).
Reassignment) Testing Note: If the report noted in step 1 is not utilized, discuss with
management what other reports, processes or mitigating/compensating
controls are used to address the control risk.

X X X X X

Yes
91 General Consolidation GL-091 Financial Primary Consolidation entries are Unmapped subsidiary accounts are reviewed Consolidation may be incomplete Manual Detective Manual 1. General Ledger Super User: Other / 1. Based on PwC Methodology, inspect a sample of the Consolidation - 1. The samples of the Consolidation - Unmapped Subsidiary Accounts NA
Ledger recorded completely. during consolidation. resulting in misstatements of Requests / Submit New Request / Single Unmapped Subsidiary Accounts reports and ensure they have been reports contain evidence of appropriate review.
financial statements. Request / Submit: Name - (Consolidation - appropriately reviewed.
Subsidiary accounts are appropriately X X X X X Unmapped Subsidiary Accounts)
mapped to the Consolidation Ledger.
No
92 General Consolidation GL-092 Financial Primary Consolidation entries are Consolidation Segment Rules and Mapping Consolidation may be incomplete Automated Preventative Configurable 1. General Ledger Super User: Consolidation / 1. Observe online (using navigation path #1) to ensure that Segment Rules and 1. Segment Rules and Mapping Sets are set up according to policy. Not Built
Ledger recorded completely and Sets are appropriately defined. resulting in misstatements of Define / Consolidation / Query: Consolidation Mapping Sets are set up according to policy.
accurately. financial statements. X X X X X Name / Mapping (alternative region) Segment
Rules
No
93 General Consolidation GL-093 Financial Primary Consolidation entries are System Profile Options related to effective Consolidation may be incomplete Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The system profiles, "GL Consolidation: Preserve Journal Effective Date" Not Built
Ledger recorded completely. date of Consolidation Journal Entries are which may result in misstatements Query: "GL Consolidation: Preserve Journal ensure that the profile option, "GL Consolidation: Preserve Journal Effective and "GL Consolidation: Preserve Journal Batching", are set to Yes.
appropriately defined. of financial statements. Effective Date" Date", is set to Yes. Update the ff to include new system
profiles:
2. System Administrator: Profile / System / 2. If the profile option in #1 is set to Yes, observe online (using navigation path GATE REPORT 1: ZZ System
Query: "GL Consolidation: Preserve Journal #2) or inspect GATE REPORTS 1-5 to ensure that the profile option "GL Profile Options - Site
Batching" Consolidation: Preserve Journal Batching" must also be set to Yes. GATE REPORT 2: ZZ System
Profile Options - Application
X X X X X GATE REPORT 3: ZZ System
Profile Options - Responsibility
GATE REPORT 4: ZZ System
Profile Options - User
GATE REPORT 5: ZZ System
Profile Options - Not Defined Not
Built
Yes
94 General Consolidation GL-094 Financial Secondary Consolidation entries are System Profile Options related to Consolidation may be incomplete Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORTS 1-5 to 1. The system profiles, "GL Consolidation: Separate rows for debit and Not Built
Ledger recorded completely. Consolidation elimination entries is which may result in misstatements Query: "GL Consolidation: Separate rows for ensure that the profile option, "GL Consolidation: Separate rows for debit and credit account balances in consolidation journal", is set to Yes.
appropriately defined. of financial statements. debit and credit account balances in credit account balances in consolidation journal", is set to Yes. Update the ff to include new system
consolidation journal" profiles:
GATE REPORT 1: ZZ System
Profile Options - Site
GATE REPORT 2: ZZ System
Profile Options - Application
X X X X X GATE REPORT 3: ZZ System
Profile Options - Responsibility
GATE REPORT 4: ZZ System
Profile Options - User
GATE REPORT 5: ZZ System
Profile Options - Not Defined Not
Built
Yes

17 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only
Information
Reference Business Primary/ Processing Financial Statement Control Control New in
# Module Sub Process Number Impact Secondary Control Objective Control Description Business Risk Objectives Assertions Method Category Control Type
Inherent, Oracle Navigation Path Potential PwC Testing Procedures Expected Result GATE REPORT R12
C A V R A C CO E/ PD RO V (Preventativ Access,
O
Financial (Automated e or Configurable
Operational or Manual) Detective) , or Manual
95 General Restricted Access GL-095 Financial Primary Segregation of Duties exists Access to General Ledger functions, menus Lack of segregation of duties may Automated Preventative Access For guidance on assessing and testing SOD Testing Methodology: For guidance on assessing and testing segregation of duties, please refer NA
Ledger within the application. and responsibilities are appropriately result in improper or unauthorized segregation of duties, please refer to this to this module's Practice Aid and PwC Oracle GATE.
segregated. transactions being entered, module's Practice Aid and PwC Oracle GATE. 1) Understand the business process risks of the client
compromising the integrity of the 2) Understand the client's approach on responsibility/role design and
financial statements. development
3) Inquire the client if SOD risks was formally considered when developing user
access
4) Inquire the client on how SOD rules are controlled and monitored after go-live.
5) Inquire the client if there are mitigating controls outside of Oracle to reduce
the risks caused by SOD violations
6) Inquire the client if SOX rules are defined for SOD. If so, highlight the client
X X X X X X X X SOX rules in testing.
7) Perform online validation and engage in discussions with client to validate
SOD testing results
- Inquire from the client whether Forms Personalization or the Custom.Pll are
used to further restrict access to forms and functions.

For guidance on assessing and testing segregation of duties, please refer to this
module's Practice Aid and PwC Oracle GATE. For guidance on form
personalization and custom.plls, please refer to the SA Practice Aid.

No
96 General Restricted Access GL-096 Financial Primary Access is appropriately Access to General Ledger responsibilities is Lack of appropriate restricted Automated Preventative Access For guidance on assessing and testing Restricted Access Testing Methodology: For guidance on assessing and testing key single points of access, please NA
Ledger restricted. restricted to appropriate personnel. access to General Ledger access segregation of duties, please refer to this refer to this module's Practice Aid and PwC Oracle GATE.
rights may result in posting of module's Practice Aid and PwC Oracle GATE. 1) Understand the business process risks of the client
unauthorized journals which may 2) Understand the client's approach on identifying highly sensitive access that
result in financial misstatements. should be restricted
3) Inquire the client if restricted access risks was formally considered when
assigning users to responsibilities/roles
4) Inquire the client on how restricted access is controlled and monitored after
go-live
5) Inquire the client if there are mitigating controls outside of Oracle to reduce
restricted access risks
X X X X X X X X 6) Inquire the client if SOX rules are defined for restricted access. If so, highlight
the client SOX rules in testing.
7) Perform online validation and engage in discussions with client to validate
restricted access testing results
- Inquire from the client whether Forms Personalization or the Custom.Pll are
used to further restrict access to forms and functions.
8) Inquire the client if there are any customized responsibilities that give
sensitive access.
9) Powerful Oracle seeded responsibilities should be tested for restricted
access. Examples of such responsibilities in the General Ledger module is
General Ledger Super User No
97 General Restricted Access GL-097 Financial NA Access is appropriately Users with sub-ledger level access is Unauthorized users having access Automated Preventative Configurable 1. System Administrator: Profile / System / 1. Observe online (using navigation path #1) or inspect GATE REPORT 1-5 to 1. SLA: Enable Data Access Set Security in Subledger profile option should GATE REPORT 1: ZZ System
Ledger restricted. restricted to only appropriate ledgers to ledgers may inappropriately SLA: Enable Data Access Set Security in identify the value of the SLA: Enable Data Access Set Security in Subledger be Enabled. Profile Options - Site
according to company policy. modify financial data through their Subledger profile option. GATE REPORT 2: ZZ System
sub-ledger access. Profile Options - Application
GATE REPORT 3: ZZ System
X X X X X X X X Profile Options - Responsibility
GATE REPORT 4: ZZ System
Profile Options - User
GATE REPORT 5: ZZ System
Profile Options - Not Defined
Yes

18 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only
019963:
Did you add this or was this
in existence?

19 368766701.xls 10/15/201718:12:47
Internal use only -- U. S. Firm use only