As the deadline looms closer for Oracle to sunset all customer Oracle GRC support, now is the time to understand what it means for your company, your user security and how to maintain continuous security after May 2025 deadline. On July 23rd, Fastpath, now part of Delinea, experts Frank Vukovits and Pat Wadland discussed what is being affected, what your options are post sunsetting, typical internal controls challenges and what your options are moving forward to maintain strong controls inside Oracle E-Business Suite (EBS).
Oracle’s sustaining support doesn’t go beyond programme essentials, including updates, fixes, security alerts of upgrade scripts. Fundamentally, if your question is not about program updates, fixes, security alerts, or upgrade scripts from the Premier and Extended Support periods, you are responsible for your own support.
Oracle may provide updates for products and technologies, including general maintenance, selected features, and documentation. However, they are not required to make any improvements or add new functionality. As Pat remarks “good luck with software on Sustaining Support, customers!”
Now that we know what the challenge is, what are your current options to consider moving forward?
Whilst this is a viable selection for current customers, as outlined earlier, support options are extremely limited. The biggest consideration here, as Frank explains, that you could be paying the same licence fee for a product that isn’t supported. In addition, any Oracle GRC licences could be linked to Oracle EBS and as more licences get added Oracle EBS, there is a scenario where you’re paying for a product that is out of support. Wise to check your sales agreement to see exactly how your current Oracle GRC is licensed.
A far less effective option would be to run reports manually, using offline tools such as spreadsheets. This approach is extremely time-consuming, prone to errors and will reduce overall effectiveness dramatically. Reports that are run automatically in Oracle GRC will need to be pulled by IT teams, and anomalies or control issues will need to be identified manually. This labor-intensive exercise is also one auditors tend to examine closely, due to the manual nature.
There are options out there that allow you to stay with Oracle EBS, even without Oracle GRC. Frank explains, “Fastpath’s GRC module is a great option!”. Fastpath has many Oracle EBS customers who have run Fastpath’s Access Control and Change Tracking modules for a long time, to compliment Oracle EBS and provide a comprehensive GRC solution. There are strong solutions in the marketplace, including Fastpath, to help replace the functionality of Oracle GRC and work alongside Oracle EBS. Fastpath’s GRC module goes beyond traditional financial GRC, providing Separation of Duties (SoD) capabilities, user access reviews, tracking of changes to master data and monitoring of sensitive access along with elevated privileges.
Within Oracle business applications, such as Oracle EBS or Oracle Cloud Fusion specifically, strong controls are a must, if financials are to be trusted.
Control challenges specific to Oracle applications include:
Download the webinar slides to take a deeper dive into the specific Oracle Internal Control challenges. You can find out more about the importance of having a best-in-class Oracle GRC solution after sunsetting.
When it comes to replacing Oracle GRC, this question always comes up at conferences or when talking to our peers in the industry – how can you convince stakeholders to invest in new technology, like a GRC tool? What benefits move the investment needle?
Moving to a GRC is not just an IT project or finance project. Using a tool to help with automation of internal controls can help your team and your organization with operational effectiveness. Some of the benefits that can help convince internal stakeholders include:
To maximise the benefits of any GRC solution, Frank Vukovits always refers back to the compliance equation – people, process, technology. All three need to work harmoniously together, to ensure you meet compliance needs. Again, download the webinar slides and see how Frank dives deeper into the equation and maximise any internal controls solution.
With time running out fast for the sunsetting of Oracle GRC support, it’s imperative to a solution to keep your organisation compliant and to maintain strong internal controls. As Frank outlined, in most cases, Oracle GRC users have three options – stick with Oracle GRC, go offline and manual, or look for an alternative solution. Whilst there are positives and negatives for each, Fastpath’s GRC module works seamlessly with Oracle EBS, making for a stronger internal business case to stay on Oracle EBS and run an automated GRC solution.
Find out more about alternative GRC solutions available by visiting the Fastpath for Oracle EBS dedicated page.
Alternatively, if you want to learn more about Fastpath’s automated access certifications module, speak to one of our experts.