Download presentation
Presentation is loading. Please wait.
Published byFrederick Wilkins Modified over 9 years ago
1
© 2004 ERPS Sarbanes-Oxley Best Practices in an Oracle Applications Environment Jeffrey T. Hare, CPA ERP Seminars
2
© 2004 ERPS Introduction Overview: Function Security and your Control Environment Key Setups that Influence your Control Environment Tools to Help Manage your Controls Change Management Best Practices
3
© 2004 ERPS Function Security and your Control Environment
4
© 2004 ERPS Function Security and your Control Environment Responsibilities drive segregation of duties Ex. Accounts Payable Manager responsibility includes Supplier setup Menus can allow access to critical Setup screens Ex. Standard menus include access to Setup screens Request Groups drive access to reports and the information they provide Ex. Custom HR reports could be given to wrong people
5
© 2004 ERPS Function Security and your Control Environment Areas you might want to monitor: 1.Active Users, Active Responsibilities, Users of a Responsibility reports – reports you may want to monitor or have scheduled to run regularly via the Workflow Mailer. 2.Regularly review makeup of menus, request groups, responsibilities, and the users that have them. Check for segregation of duties issues and unauthorized access.
6
© 2004 ERPS Function Security and your Control Environment Users Responsibilities Request Groups Menus Profile Options
7
© 2004 ERPS Users Sample Users screen:
8
© 2004 ERPS Responsibilities Sample Responsibilities screen:
9
© 2004 ERPS Request Groups Sample Request Groups screen:
10
© 2004 ERPS Menus Sample Menus screen:
11
© 2004 ERPS Key Setups that Influence your Control Environment
12
© 2004 ERPS Key Setups that Influence your Control Environment – Profile Options Overview Profile Options: Varying levels of changes for profile options: Site Application Responsibility User Server Organization Example: ‘Printer’ Caveat: As with any change, please make sure you thoroughly test a profile option change before moving it to a production environment
13
© 2004 ERPS Key Setups that Influence your Control Environment – Profile Options Example Profile Options Example:
14
© 2004 ERPS Key Setups that Influence your Control Environment – Profile Options Example Profile Options Example:
15
© 2004 ERPS Key Setups that Influence your Control - GL General Ledger Setups: Various Approval Hierarchy setups General Ledger Profile Options: Various Approval Hierarchy Profile Options Caveat: As with any change, please make sure you thoroughly test a profile option change before moving it to a production environment
16
© 2004 ERPS Key Setups – Accounts Receivable Accounts Receivable Setups: Transaction Types – post to GL, post to subledger System Options – Allow Transaction Deletion System Options – Allow Change to Printed Transactions Bank Setups / Remittance Bank Setups – Unapplied Receipts, Unidentified Receipts, On Account Receipts Caveat: As with any change, please make sure you thoroughly test a profile option change before moving it to a production environment
17
© 2004 ERPS Key Setups – AR, Cont’d AR: Profile Options: Tax: Allow Manual Tax Lines Tax: Allow Override of Customer Exemptions Tax: Allow Override of Tax Code AR: Update Due Date AR: Allow Update of Existing Sales Credits AR: Cash – Allow Actions Sequential Numbering AR: Receipt Batch Source AR: Use Invoice Accounting For Credit Memos MO: Operating Unit MO: Top Reporting Level
18
© 2004 ERPS Accounts Payable Setups: Financial Options – GL Accounts – Prepayment Caveat: As with any change, please make sure you thoroughly test a profile option change before moving it to a production environment Key Setups – Accounts Payable
19
© 2004 ERPS Key Setups that Influence your Control Environment – AP, cont’d AP: Profile Options Tax: Allow Override of Tax Code GL: Create Interfund Entries (Public Sector) Budgetary Control Group AP: Use Invoice Batch Controls MO: Operating Unit Caveat: As with any change, please make sure you thoroughly test a profile option change before moving it to a production environment
20
© 2004 ERPS Key Setups – Cash Management Cash Management Setups: Cash Management Profile Options: CE:Bank Account Security Caveat: As with any change, please make sure you thoroughly test a profile option change before moving it to a production environment
21
© 2004 ERPS Tools to Help Manage your Controls
22
© 2004 ERPS Tools to Help Manage your Controls Using and Maintaining Security Rules Using and Maintaining Cross Validation Rules Using Suspense Accounts Developing your Financial Statements (FSGs) to Keep Them in Balance Using Request Sets to Disseminate Critical Business Information Using ADI and the Analysis Wizard to Report and Analyze Financial Data
23
© 2004 ERPS Tools to Help Manage your Controls (cont’d) Using Workflow Mailer and the Scheduling Function to Monitor Key Controls Metalink Note: 189367.1 – Best Practices for Securing the E-Business Suite
24
© 2004 ERPS Using and Maintaining Security Rules Security Rules “secure” your chart of accounts from entries being made to certain accounts AR, AP, PO Accrual, Prepayments, Unapplied Receipts, On Account Receipts, and Inventory Control Accounts Owners’ Equity Accounts Are applied to responsibilities – can set up different security rules to apply to different levels of the organization. For example, you may want to allow entries to owners’ equity accounts to your GL Manager responsibility, but not your GL User responsibility
25
© 2004 ERPS Using and Maintaining Cross Validation Rules Cross Validation Rules restrict the CREATION of certain combinations that are not desired. Example: Company.Cost Center.Account Values for Company are 01 and 02 Values for Cost Center include 000 (no department) and 500 Sales Department Values for Account include 1000 Cash, 5000 Sales, and 7000 Salary Expense In this example, you may want to prevent the creation of the following account string 01.0000.7000 because you always want a department associated with Salary Expense and 01.500.1000 because you don’t want a cost center associated with a Balance Sheet account
26
© 2004 ERPS Using Suspense Accounts Use of Suspense Accounts: A suspense account is an account that you expect to have a $0 balance at period end and is used to be certain both sides of a transaction are completed when transactions are made across modules. For example, AR Refunds would want to use a suspense account as follows: AR Entry when writing off credit balance Dr. Accounts Receivable Cr. Suspense Account AP Entry when entering Invoice so that a payment can be made: Dr. Suspense Account Cr. Accounts Payable
27
© 2004 ERPS Developing your Financial Statements (FSGs) to Keep Them in Balance Total Assets $ 1,000 Liabilities 500 Retained Earnings 500 Total Liab’s / OE$ 1,000 Total Assets $ 1,000 Liabilities 500 Retained Earnings 465 YTD P&L 35 Total Liab’s / OE $ 1,000 Sample Balance Sheets
28
© 2004 ERPS Using Request Sets to Disseminate Critical Business Information What are Request Sets? A grouping of concurrent requests that a user can submit all at once Advantages of Request Sets: Parameters can be shared or defaulted Many reports can be run with one submission
29
© 2004 ERPS Examples: Dissemination of Aging by Salesperson – queue it to run nightly or weekly for various salespersons (default salesperson for each request in the set), combine with scheduling function and deliver via workflow mailer so salespeople don’t need access to the AR system Dissemination of expense information via Account Analysis Report with Payables Detail (using shared parameter for period, but defaulting cost center for each request in the set) Examples of Using Request Sets
30
© 2004 ERPS Using ADI and Analysis Wizard to Report and Analyze Financial Data Harness the power of ADI… Publish a budget to actual P&L in ADI Use themes and conditional formatting to highlight categories greater than budget by a certain amount or percent Double click on cells of actuals where they exceed budget figures to drill into the GL Use 11i’s new architecture in Payables to drill from the GL back into Payables detail information (supplier, invoice, etc.)
31
© 2004 ERPS Using Workflow Mailer and the Scheduling Function to Monitor Key Controls Sample workflow generated e-mail:
32
© 2004 ERPS Using Workflow Mailer and the Scheduling Function to Monitor Key Controls In the Options tab when submitting a concurrent request, choose Name
33
© 2004 ERPS Change Management Best Practices
34
© 2004 ERPS Change Management Best Practices Why Change Management? This isn’t your father’s Oldsmobile… Your system is as stake Sarbanes Oxley adding complexity Additional modules, international rollouts, patches, family packs, new functionality, etc. Sarbanes Oxley adding complexity
35
© 2004 ERPS What is Change Management? Managing change in your applications What does it include? Much more than just technical changes in your applications Change Management Best Practices
36
© 2004 ERPS Implementing a Change Management Plan Sample Change Management documentation:
37
© 2004 ERPS Implementing a Change Management Plan Elements of a change management document: Document Control section Reviewers section Recap of issue Nature of the change Technical Analysis of Change (DBA/Developer) Development Plan Training Plan Testing Plan Communication Plan Documentation Plan Controls/SarbOx Documentation and Testing Plan System Security Plan Transition Plan Contingency Plan Section to allow Reviewers to sign off on the document
38
© 2004 ERPS Q&A’s
39
Contact Information Jeffrey T. Hare, CPA Cell 602-769-9049 E-mail: jhare@erpseminars.comjhare@erpseminars.com www.erpseminars.com Request full white paper “Sarbanes-Oxley Best Practices in an Oracle Applications Environment” at www.erpseminars.com/whitepapers.html
40
© 2004 ERPS Partners of ERP Seminars kbace.combluepuppysolutions.comdotsolved.com Please support the partners of ERP Seminars: top-team.cominternext-group.com
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.