The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
Published byModified over 4 years ago
Presentation on theme: "The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions."— Presentation transcript:
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions
2 Year 1 = Manual Documentation Uncertainty Methodology (COSO, COBIT, etc.) Lots of manual effort What about the projects we pushed-back last year? We have to do this all over again? –Quarterly and annual sign-offs (302, 404)
3 Interesting Statistics 27 companies with Revenue $75M+ disclosed a material weakness in January 2005 (compared to 7 in January 2004) 70% of the disclosures were related to financial systems and procedures
4 Year 2 = SOX as a Sustainable Solution Automate the Process Test and monitor controls Infrastructure to support both (people / software) Adapt to your control methodology –Not all controls are the same…
5 Sarbanes-Oxley Cycles YEAR 1 Document Processes, Risks & Controls YEAR 2, 3, 4… Monitor Changes & Test Controls Applimation Integra Continuous Monitoring
6 All Controls are Not the Same Prevent Controls –STOP a transaction or change from occurring Detect Controls –Alert when a sensitive or material transaction or change occurs Monitoring Controls –Capture information for a subsequent review. This level of reporting is very effective in providing information for auditors performing quarterly tests of controls.
7 Controls – Trouble-areas General IT Controls –Access (Security) controls –Change management controls Application Controls –Embedded application controls –Embedded operation controls INTEGRA –Access, Forms –Apps, Codebase –Apps, Transaction
8 Tough Questions for Oracle Applications How do you know key controls are operating effectively throughout year? Can you report on ALL changes to key controls? How do you search for segregation of duties or evaluate user access? How do you know controls are same for each business unit? How do you document key controls within systems?
Continuous Monitoring in Oracle Applications Applimation Integra
14 Best Practices - (SOD) templates Financial Reporting and Maintenance of Accounting Records –General Ledger –Cash Management –Accounts Receivable –Accounts Payable Procure to Pay Business Process –Purchasing –Accounts Payable –Inventory –Costing Order to Cash –Order Entry –Accounts Receivables –Inventory Human Resource Management and Payroll –Human Resource Mgt. System –Payroll Application Administration (including security and configuration management) System Administration Application Object Library (AOL)
18 Examples of Setups Setup Data Application Security Document Approvals Chart of Accounts Profile Options Users Application Setups MRP rules Operational Data Customers Suppliers Employees Buyers Items Chart of Account Values Category Codes
19 Example of System Controls 3-way matching of PO, Invoice and Receipt Document spending limits (authorization of PO) Security rules – access to sensitive transactions –Employee salaries –Chart of account values –Financial statement reports (FSGs) –Price lists –Inventory attributes Action for late delivery of goods Inventory stocking rules Rules to create tax on sales orders Depreciation methods
20 Best Practices - Audit Trail Templates SOX implications (audit trail) for over 3000 objects. Affects / supports a control – change tracking provides visibility to ensure controls have been operating throughout the entire audit period Financial statement impact – could potentially impact a financial statement Operational impact – changes to business settings could be difficult to identify
21 Automated Documentation: Snapshot Point-in-time picture Run on demand or scheduled
27 Tough Questions for Oracle Applications How do you know key controls are operating effectively throughout year? Can you report on ALL changes to key controls? How do you search for segregation of duties or evaluate user access? How do you know controls are same for each business unit? How do you document key controls within systems?
29 Integra - Applied Sarbanes-Oxley compliance for Section 404 internal controls report Leading Accounting firms adopt Integra as standard tool for audits of Oracle Version control for 11i upgrade and on-going maintenance