My Company has been getting beat up by PwC for over a year. They keep screaming how do you track program changes at the database level. Our Company didn't use FGA because in theroy the dba could turn off this function if he wanted to be dishonest etc.. We script off the Log miner for any activity (deletion, changes etc)for dba super users etc. Then script off users that might be added, deleted because in theroy a new user could be created etc and then the script wouldn't extract any data. You need to create a secure location to spool the data results so the dba cannot manipulate the outcome. There are some short comings with this solution but it gets you closer to where they would like your controls to be at and get off your A$$. Also, you need to look at the Company's control environment as a whole along wiht these procedures. -----Original Message----- From: Denham Eva [mailto:EVAD@xxxxxxxxxx] Sent: Wednesday, August 10, 2005 8:50 AM To: oracle-l@xxxxxxxxxxxxx Subject: Auditing Oracle business processes? Hello Group I have had an unusual request (at least it is for me). I have been asked if there is some way to audit the Oracle Processes within the Database. Some thing along the line of, how can I prove that when the user enters data into the database that all the relevant triggers kick off and all the relevant procedures/packages etc are accessed, also the application is operating correctly at db level. Now my logic says that checking that garbage IN and checking Garbage OUT and the correctness of the garbage would be an indication of "correct procedural execution"; does not seem to excite Management quite as I had hoped. Also Management seems to have the impression that databases have an internal system of being able to do this?? Is this so? Beyond the obvious Auditing functions of who did what when etc (Tried explaining that, got the glazed look). Does anyone have (Know of) some other method? TIA Best Regards Denham -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l