Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xilinx: SOX slides for NorCal OAUG

Published byNelson Wells Modified over 5 years ago

Similar presentations

Presentation on theme: "Xilinx: SOX slides for NorCal OAUG"— Presentation transcript:

1 Xilinx: SOX slides for NorCal OAUG
Kavita Khatwani Jan 24th 2006 Xilinx Confidential

2 Company background Name of Company: Xilinx Inc. Size (numbers): 3100
IT: Size: 200 Distribution: Application version: Modules: Financials (AP, AR, FA, GL, PO), Order Management, Mfg, Planning, Inventory, HR, CRM, Installed Base, Contracts Consulting Company used to assist with the  SOX compliance project: PwC (Price Waterhouse Coopers) Xilinx Confidential

3 SOD in Year1 How did you resolve issues of Segregation of Duties?
Before the 404 requirement ERP audit/s driven by IA (partnership with external consulting group) post upgrade to 11i identified a few Sod issues which were addressed Negligible work done on an ongoing basis to identify and fix Sod issues After 5 person team (~3 full time equivalent) in year1 to drive the SoD piece of evaluation, analysis and remediation PwC assistance taken to identify all Sod conflicts 4 month extensive effort Driver: Business SOX Program manager Pain shared by: IT Xilinx Confidential

4 SOD challenges Where were the most challenging moments in this task?
Smaller sites had people performing roles that were strong SOD issues Big list of super users within the application IT individuals to business support functions with Admin responsibilities (update) were identified as SOD issue Late scramble on SOD remediation as the issues flooded to IT very late in the fiscal year Test plans and testing for SOD issues from business, required a lot of hand holding from IT Xilinx Confidential

5 Suggestions to reduce effort
What would you suggest for the people/users who are still struggling at this task? Get to know your environment!! Develop your own matrix of SoD and use it Be aware of the ‘Processes’ tab issue (AZN_PR_XXX submenus in Inv, GL, AP, PO & AR) Build a process to catch SoD issues prior to them being created in your environment Plan for moving from People dependent detective controls to System dependent Preventive controls Xilinx Confidential

6 SOD approach Mid -Long term Short term Identify sec404 relevant
IT applications in scope for SOD Develop SOD matrix/mapping across applications Identify SOD issues in your environment Rationalize the risk (H,M,L) on SOD issues Develop processes to PREVENT more SOD creation Remediate them based on risk profile Short term Mid -Long term Xilinx Confidential

7 Automation of Controls
System Based Detective Control System Based Preventive Control Reliable People Based Detective Control People Based Preventive Control Desirable Xilinx Confidential

Download ppt "Xilinx: SOX slides for NorCal OAUG"

Similar presentations

Enterprise Resource Planning It is not the end, it is just the beginning Mary Avery Finance Manager Nebraska Auditor of Public Accounts 2006 Joint NSAA/NASC.

Enterprise Resource Planning It is not the end, it is just the beginning Mary Avery Finance Manager Nebraska Auditor of Public Accounts 2006 Joint NSAA/NASC.
Barbara Wheeler – IT Manager, ERP Solutions September 21, 2007 Arbys Restaurant Group Oracle E-Business Implementation.

Barbara Wheeler – IT Manager, ERP Solutions September 21, 2007 Arbys Restaurant Group Oracle E-Business Implementation.
CONTROLLER/ BACK OFFICE Roles Qualifications Success Metrics 10-20 years working experience in similar positions CPA or equivalent Knowledge of BPO industry.

CONTROLLER/ BACK OFFICE Roles Qualifications Success Metrics years working experience in similar positions CPA or equivalent Knowledge of BPO industry.
Upgrading the Oracle Applications: Going Beyond the Technical Upgrade Atlanta OAUG March 19, 1999 Robert Cooney.

Upgrading the Oracle Applications: Going Beyond the Technical Upgrade Atlanta OAUG March 19, 1999 Robert Cooney.
Steps For A Successful Month End Close Presented by: Nancy Ross.

Steps For A Successful Month End Close Presented by: Nancy Ross.
How to Audit an ERP System via the Risk Management Route Presented by: Gabriel Lung ISACA London Chapter Events 2003/2004 ABN-AMRO, 250 Bishopsgate, London.

How to Audit an ERP System via the Risk Management Route Presented by: Gabriel Lung ISACA London Chapter Events 2003/2004 ABN-AMRO, 250 Bishopsgate, London.
An Introduction to Spend Analysis and Spend Management Optimizing Your Spend.

An Introduction to Spend Analysis and Spend Management Optimizing Your Spend.
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.

OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Tech Indira IT Solutions Pvt Ltd

Tech Indira IT Solutions Pvt Ltd
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Quality Representative Training Version 1.0 2014.

Quality Representative Training Version
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.

Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
© 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed.

© 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed.

Similar presentations

Ads by Google