Auditing ERP system security can be very time-consuming, with technical staff producing SQL scripts and complex spreadsheets. It can be very difficult to get accurate answers to key questions, such as who can access what, and how SoD issues are adequately controlled. Inadequate planning and a lack of process documentation can lead to cost overruns, and even unqualified audits. Business fraud is real, and studies show that 50% of all frauds are committed by insiders. IT audits exist to ensure that proper controls are in place, and that financial statements can be trusted. Many companies often fail to properly invest in long term solutions to these problems, only addressing them when an issue arises. This presentation will focus on understanding the Audit & Security Management Lifecycle and how to plan for a successful audit. We will cover key controls, change management, and audit preparation. We will introduce tools that enable you to audit security with very little effort, enabling simple control over SoD, User Provisioning, and Periodic Access Review encompassing the security services for Oracle eBusiness Suite. Do you want to avoid costly fraud, and offer better auditing value to your company? Let us give you some clues on how to solve this mystery.