1

Archive AccessAudit

Keys to Effective Compliance Lifecycle Management

2

About Solix Technologies, Inc. Oracle Certified Advantage Partner

Global Development Center - SEI CMM Level 5

Solix Technologies provide automated solutions for enterprise applications implementation and management.

Launched ARCHIVEjinni Suite for automation of enterprise applications life cycle compliance management addressing the following: Enterprise Transactions archiving System security and hardening Data retention Statutory reporting archiving Audit records and workflow archiving

3

Era of Compliance

The Sarbanes-Oxley Act,2002 is the most sweepinglegislation affecting corporate governance, disclosure and financial accounting in over a generation.

“Most observers would agree that the Sarbanes-Oxley Act (SOA) is the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the US securities laws of the early 1930s. It is, moreover, a law that came into being in the glare of a very bright, very hot spotlight.”

Pricewaterhouse Coopers, 2004

4

Four sections of the Sarbanes-Oxley Act (III, IV, VIII and IX) address the systems and accountability of reporting companies. 

Within these four titles it is sections 302, 401, 404, 409, 802 and 906 provide specific direction for companies working to become compliant. 

302 - Corporate Responsibility for Financial Audits

401 - Disclosures in Periodic Reports

404 - Management Assessment of Internal Business Controls

409 - Real Time Issuer Disclosures

802 - Records and Retention

906 - Reporting must Comply with the Act

Sarbanes-Oxley Act

5

The Challenge

Define, document, and test your business processes and key controls.

Test, evaluate and identify gaps within your highly complex, configurable enterprise application

Ensure that these controls, once defined, are operating throughout the reporting period.

Oracle Applications is based on pre-SOX era. Limited Data Archiving options – No simultaneous access for inquiry or reporting – No audit and internal controls

Introductions of Oracle Internal Controls Manager has addressed close to only one-thirds of the requirement.

6

Archive

7

The Compliance Lifecycle

The Compliance The Compliance LifecycleLifecycle

Establish or modify compliance procedures

Establish business rules for data retention

Implement Enterprise data archiving

Implement Enterprise data archiving

System Hardening System Security

Access to Archived Data for Query and Reporting

Compliance Reporting

Compliance Audit and Certification

8

The Data Growth ParadoxUnmanaged Application Data Growth

– Decrease in application performance and stability– Increase in infrastructure costs– Detracts resources from strategic initiatives

9

Archiving Need Beyond Compliance

Low performance Longer query and updates Longer maintenance Longer backup time Longer recovery time High data risk Increased costs for maintenance Regular upgrade of the Hardware and system for

addressing performance issues Longer time for upgrades Longer downtime for upgrades With $850/GB TCO, Hardware upgrades are not an

option beyond the ROI limits

10

ARCHIVEjinni

11

ARCHIVEjinni

ARCHIVEjinni automates the archive and purge process for Oracle eBusiness Suite for any suitable interval. ARCHIVEjinni resolves data growth issues and the complexity of both the application and storage

environment.

Monitors the data growth

Sets data retention policies

Archives the data for effective data lifecycle management

Maintains audit information for statutory compliance

12

Configure your Rules

13

Access

14

Archived Data – Simultaneous Access

15

Advantages of Archiving

Increase in performance Faster Query results Faster Inserts and updates Faster backup and recovery time Low downtime during upgrades Easy to maintain environment Data control on both production and Archived data Low cost disks for storing the History data Adherent to Sarbanes-Oxley and other international

Policies Easy data access to the Historical data

16

Audit

17

Create Controls

Leverage Oracle Internal Controls Manager

18

ARCHIVEjinni - A Compliance Tool

Historical Statutory Reports access – Reports archiving

Workflow and approval data archiving and access in form of audit trail

Online control and audit reports Reports and online inquiries with drill down across

both archived and production data – single data view across enterprise

Data masking and access control based on responsibility and user privileges

Assisting in full cycle compliance activities – control, monitoring and informational

19

3 Key Activity Supported

Control activities - approvals, authorizations, verifications, reconciliation, reviews of operating performance, security of assets and segregation of duties.

Informational activities - information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business.

Monitoring activities - assesses the quality of the system's performance over time.

Q & A