Auditing is the last component of the AAA framework (Authentication, Authorization, and Accounting). It keeps track of all the changes performed on various objects & attributes. This involves keeping track of create\updates\corrections\deletes for business objects . Oracle Cloud HCM Auditing framework provides the option to enable auditing for specific business objects & attributes as well as configuration changes (meta data, platform security, sandbox), user access logs, and lot more.   In this article we will cover how to enable audits, review audit reports, read-only\sensitive data audits and various reports available via Oracle Cloud Customer Connect.

*As I write this article – 23B is the current release of Cloud HCM so please watch for updates in the release notes, as we continue to add more features.

Enabling Audit

By default, auditing is disabled for all business objects. You can enable or disable auditing anytime but do take proper precautions such as not enabling auditing during go-live\cutover window, etc. You also need access to Manage Audit Policies (FND_MANAGE_AUDIT_POLICIES_PRIV) function security privilege which is available as part of seeded Application Implementation Consultant job role.

Navigator>Setup and Maintenance – On the All Tasks tab, search for task Name 'Manage Audit Policies'. For Oracle Fusion Applications, set the Audit Level to Auditing and click the Configure Business Object Attributes button

Manage Audit Policies

Enabling audit for a specific business object

Let's take salary object as an example. We have the option to enable audit at object level or pick-n-choose specific fields to be audited. From the Product drop down, select Compensation and then you can select Salary object along with the child objects. 

Salary BO

You have the option to select only specific attributes to be audited

Salary BO Attributes

Sensitive Data Access

You can audit viewing of sensitive data in HCM Responsive pages. Ability to track who is reading PII information may be required for compliance or monitoring purposes. Read access to the following sensitive attributes can be audited: 
  • National Identifier Number
  • Passport Number
  • Driver License Number
  • Personal Home Address
  • Personal Email Address
  • Personal Telephone Number
  • Other Communication Account
  • Citizenship Number
  • Visa Number, Work Permit, and Residency Number

To enable auditing of sensitive data access, you need to set the Mobile-Responsive Sensitive Data View Audit Enabled profile option: Navigator>Setup and Maintenance – On the All Tasks tab, search for task Name 'Manage Administrator Profile Values'. Search for the ORA_HCM_SENSITIVE_DATA_VIEW_AUDIT_ENABLED profile option code and set the Profile Level to site and the Profile Value to Y.

Audit Reports

To access the data recorded by the audit process, you view audit reports in the Audit Reports work area. To open the Audit Reports work area, select Navigator>Tools>Audit Reports.

 Audit Reports UI

*You need Internal Auditor job role to view Audit Reports (to be specific FND_VIEW_AUDIT_REPORTS_PRIV function security privilege).

Custom Audit Reports

If you are looking to build custom reports to review audit data, please review the customer connect Report Sharing center for sample reports. You can use these reports as-is or modify them to fit your needs. Great thing about customer connect report sharing center is that we don’t need to start from scratch, simply download/upload the report you like and start using it!

  1. Sample Audit Report for Person Name, Address, and Passport objects – Customer Connect – Report Sharing Center
  2. Sample Audit Report for Payment Methods – Customer Connect – Report Sharing Center
  3. Sample Audit Dashboard for Sensitive Data – Customer Connect – Report Sharing Center
  4. Sample Report for Workforce Compensation Audit Trail– Customer Connect – Report Sharing Center
  5. Lot more… please feel free to explore Customer Connect

 

Good luck with your implementation.