reactive companies meet sarbanes-oxley standards, proactive organizations exceed them! therron...
Post on 04-Jan-2016
218 Views
Preview:
TRANSCRIPT
Reactive Companies Meet Sarbanes-Oxley Standards,
Proactive Organizations Exceed Them!
Therron HofsetzLogical Apps, Inc.
thofsetz@logicalapps.com
Agenda
Sarbanes Oxley Overview
Logical Apps Approach to Sarbannes Oxley
Question and Answer
What do these dates have in common?
December 2, 2001
July 19, 2002
August 31, 2002
Enron declares bankruptcy
MCI Worldcom declares bankruptcy
Arthur Anderson agrees to stop auditing public companies
How did this happen?
Earnings pressure
Lack of mandated disclosure of company reporting model
Minimal oversight into corporate business practices
No documented or enforced internal controls
Dependency on consulting fees
Assumed good intent of their client
Inability to continuously monitor a company’s internal controls
Unable to identify violations of internal controls
Corporate Issues Audit Firm Issues
How Did Congress Respond?
Sarbanes – Oxley Act
Sarbanes – Oxley Act
Section 103: Your auditor (and therefore, you should) maintain all audit related records, including electronic ones, for seven years.
Section 201: Firms that audit your company’s books can no longer provide you with IT related services.
Section 301: You must provide systems or procedures that allow employees to communicate effectively with the audit committee.
Highlights
Sarbanes – Oxley Act
Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financial reports. Sections 404 CEO’s, CFO’s and outside auditors must attest to the effectiveness and accuracy of financial reports. Section 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time” disclosure but is unclear on what it means.
Highlights (continued)
Sarbanes–Oxley Act
Behavior ConsequenceAny CEO or CFO who “recklessly” violates his or her certification of the company’s financial statements.
If “willfully” violates.
Fine of up to $1,000,000 and/or up to 10 years imprisonment.
Fine of up to $5 million and/or up to 20 years imprisonment.
Any person who “corruptly” alters, destroys, conceals, etc., any records or documents with the intent of impairing the integrity of the record or document or use
in an official proceeding.
Fine and/or up to 20 years imprisonment.
Sarbanes–Oxley Law
Sarbanes - Oxley Impact on
Information Systems
The 3 Cs of Sarbanes-Oxley
The jobs of the CEO, CFO & CIO got tougher on July 30, 2002 -- the day the Sarbanes-Oxley Act was signed. The legislation requires significant changes to financial practices and corporate governance, and touches all corporate areas -- including technology. For the first time ever, the CFO and CEO can look a CIO in the eye and say, 'Guess what, you're on the hook with us.'
CEO’s, CFO’s and CIO’s
What Does this Mean to CIOs?
Provide extensive Control for Oracle Applications
Continuously Monitor Identified Risks
Provide Oversight Into Creation of Financial Data
Enforce Segregation of Duties to Minimize Risk
Take Measures to Ensure Financial Data is Accurate
Ensure the Accuracy of Reporting Data
CEO’s and CFO’s will Require CIO’s to:
System Control Examples
Financial Statement GenerationReport parameter changes are documented
Data that generates financial statements is accurate
Inventory Item Creation Costing is accurately assigned
PurchasingApproved suppliers are used
Approval limits cannot be easily manipulated
Customer CreationDuplicate customers
Credit limits
Oversight of Financial Data Examples
Standard Data Entry is EnforcedAccurate reporting
Segregation of Duties Separation of functions to minimize risk of fraud
Audit changes to sensitive data
Approval processes for creation of financial data
Oversight into Financial ProcessesEnsure all month/year end activities are completed
Typical Solution to Sarbanes-Oxley
The Logical Apps Approach to
Sarbanes–Oxley
AppsRules
AppsRules for Sarbanes-Oxley Compliance
LogicalApps for Oracle Applications
Automated Enforcement of Internal Controls
for the Oracle Applications
AppsRules for Sarbanes-Oxley
AppsFormEnforce Segregation of DutiesEnforce Accuracy/Completeness of System Data
AppsFlowSystem Enforced Process Approvals Oversight into Business Processes
AppsAuditContinuous Monitoring of System ChangesBuilt in Reporting on System Changes
Automated Enforcement of System Controls
Implement & Enforce Your Company Policies
Enforce Controls in Oracle Forms
Forms Security
Data Integrity
Accountability
Increase Productivity
AppsForm for Sarbanes-Oxley Compliance
Challenge Oracle Solution AppsForm Solution
Application Security
Hide Fields or Tabs
Prevent Update/Insert
1. Define multiple Responsibilities
2. Forms Customization for required security
1. Form/Field level security by User, Group of Users, Responsibility, Operating Unit, Inventory Org, etc.
Data Integrity
Require Values
Field validation
LOVs & Default Values
1. Offline business rule
2. Forms customization
1. Required Fields
2. Validation of entered data
3. LOVS for free form data
End User Productivity
Hide Fields or Tabs
Zooms
Default Navigation
1. Forms customization 1. Configure forms for specific users
2. Tool menu entries
3. Field & tab order
Implement & Enforce Your Company Processes
Implement Process Controls Through Workflow
Automate Current Manual Processes
Enforce Systematic Approvals
System Wide Notifications
Integrated with Workflow Builder
AppsFlow for Oracle Applications
Risk/Control Oracle Solution AppsFlow Solution
Separation of Duties via
Transaction Limits and Approvals
1. Limited seeded workflow
2. Build Custom workflow processes for needed transactions
1. Configure approvals for any Oracle Apps transaction
2. Integrate to Oracle Workflow for re-usability
Enforce Data Integrity Across Process Steps
1. None 1. Configure complex process flows across steps, departments, users, responsibilities
2. Enforce process completeness and track metrics
Provide Process Details and Metrics
1. Track processes in workflow tables
1. All AppsFlow processes tracked via workflow tables
Monitor and Report on System Changes
Complete Audit Trail History
Configure Audit Rules in Minutes
Comprehensive Reporting
Key Setup Changes
Key Transaction Changes
Simplifies Oracle Audit
AppsAudit for Sarbanes-Oxley Compliance
Risk/Control Oracle Solution AppsAudit Solution
Monitor Setup Data Changes
1. Created_by and last_updated_by
2. Oracle Audit
1. Complete history, including old value, new value, user, date & time of change
Monitor Transactional Data Changes
1. Created_by and last_updated_by
2. Oracle Audit
1. Complete history, including old value, new value, user, date & time of change
Implement conditional audits based on user defined condition
1. None 1. Additional where clause on audit trigger
Pre-Built, easy to use audit reports
1. None 1. Online & hard copy reports
2. Reports user values not internal ids or foreign keys
Sarbanes Oxley Benefits
AppsRules Proactively Enforces System Controls:
Provide extensive Control for Oracle Applications Maintain oversight into creation of financial reportsEnforce data integrity and reporting accuracyAutomate processes to enforce separation of duties and appropriate levels of approval
Enforce process completeness across multiple process steps and departments (Item Setup, Month End Close)Continuously monitor changes to sensitive dataConfigure & Report on key Audit DataCentralize a repository of rules and workflows
Questions?
Therron Hofsetz
thofsetz@logicalapps.com
www.logicalapps.com
949.453.9101
top related