jd edwards enterpriseone audit

Enhanced Auditing for JD Edwards EnterpriseOne

Every company is accountable for the data it stores. Any modification that is done to the data impacting the company financially or legally should be traceable to its source.

The standard EnterpriseOne Audit Trail records the user, program, workstation, date, and time for only the last event that occurred.Enhanced Auditing provides for detailed table and transaction level auditing via the EnterpriseOne auditing tools. These tools provide the functionality necessary to help organizations meet regulatory and compliance obligations.

Originally designed for JD Edwards EnterpriseOne customers required to comply with the Food and Drug Administration’s (FDA) 21CFR part 11 regulation for tracking changes to key business data, the auditing tool is actually a general purpose tool used by customers in all industries.

Enhanced auditing provides an audit trail that includes:

  • User, address book number, full name
  • Unique transaction ID to link all table changes
  • Time stamp
  • Before and after images (captured as separate records)
  • Identification of source of change (machine, user, Application, version)

Pre-Implementation Considerations:

When implementing Enhanced Auditing, customers should consider: (1) Data Size and (2) System Performance.

The more tables where auditing is activated, the greater the amount of storage that is needed to capture the auditing data. However, the auditing data is easy to archive since no end-user application modules access the data.

The impact on system performance is minimized by the use of native database triggers, but as storage increases I/O may decrease. Performance on batch updates on any audited tables is also more deeply impacted than interactive performance.

Limitations:

A small number of “boot strap” tables (less than 1.5% of all tables) cannot be audited.

Change Management Considerations:

Certain software change management activities require that auditing is disabled on an activated component, but only if auditing were activated on a component that is undergoing change management. Examples include: release upgrades, electronic software updates (ESUs) and application software updates (ASUs).

Additionally, system administrators must manually confirm if software updates contain changes that impact audited tables.

The activation or deactivation of auditing is an offline (quiet) activity, done when no one is on the system, and the tables are not locked by any processes.

Administration Considerations:

Enhanced auditing can be applied to multiple “path codes”, however all environments that share a path code are also enabled for auditing in case.

Data Refreshes may require custom “post” refresh scripts if refreshing data from an environment with auditing activated on the “path code” to an environment without auditing activated on the “path code”.

Audit Recommendations:

Each organization may have different requirements for detailed auditing, however in Syntax’s experience, tracking of certain tables delivers benefits to virtually all customers.

  • Business Unit Master (F0006)
  • Company Constants (F0010)
  • Address Book Master (F0101)
  • Customer Master (F03B012)
  • Supplier Master (F0401)
  • Employee Master Information (F060116)
  • Account Master (F0901)
  • Asset Master File (F1201)
  • Default Accounting Constants (F12002)
  • Default Depreciation Constants (F12003)
  • Depreciation Rules (F12851)
  • Depreciation Formulas (F12853)
  • Equipment Rates (F1301)
  • Work Order Parts List (F3111)
  • Item Cross Reference File (F4104)
  • Item Branch File (F4102)
  • Work Order Master File (F4801)

Summary:

EnterpriseOne enhanced auditing provides detailed traceability and a strong internal control to allow organizations to achieve regulatory and compliance obligations.

EnterpriseOne auditing tools require minimal implementation time and limited ongoing maintenance and should be deployed for the vast majority of EnterpriseOne customers.

Syntax’s team of expert Functional consultants can provide advice and guidance regarding where enhanced auditing may be applicable, while our Technical Consultants (CNC) can implement, configure and maintain the auditing technology.