Authored By: Sarah Mack, Source of Information: ERP-One

The business environment is becoming more complex and is changing rapidly. Business processes are intricate in order to gain an upper hand over competition. New technologies are changing the way we do business. How does security keep up with the speed and complexity of today, especially when it comes to your financials and auditing?

What Works For One Company Doesn't Work For Another

Many organizations adopt unique processes and ways to complete accounting tasks but this can become harder to track for compliance. What works for one company doesn't work for another and audit regulations differ depending on the location of the business. This can also be difficult for companies on a global scale. What businesses need is a tailored solution that can be configured to the right environment as well as an implementation of strategies to guarantee that it can pass a SOX audit.

The U.S. federal law, SOX, commencing in July 2002, set superior standards for all U.S. public company boards, management and public accounting firms. It was created as a reaction to a number of major corporate and accounting scandals which cost investors billions of dollars and affected the public confidence in the American securities markets.  It includes 11 titles that describe specific mandates and requirements for financial reporting.

Transactional Analysis

In order to make sure that your company can pass a SOX audit, you can enact a number of strategies and approaches. The first is transactional analysis which basically looks at how you can ensure system compliance and impacts organization both financially and legally. With transactional analysis you can create some form of database auditing that can audit transaction from specific users. You can also use the Financial Management Compliance Console that came out with EnterpriseOne 8.11, a tool that resides in EnterpriseOne that doesn’t require extra database overload and offers a graphical representation of what things look like.

Segregation Of Duties

A second strategy is to look at the segregation of duties and analyze the different areas where users might have access to processes within the system. You can flag these areas in an audit. You can also review process definition and reviewing access points. If you were to look at voucher entry, you would identify certain aspects in EnterpriseOne that make up couched entry and who has access to what when it comes to voucher entry. If you’re proactive with real-time analysis, and not waiting until after access has been granted or after a transaction has gone through, you can be confident that your system is ready for an audit, should one come up.

Compliance Audit

A third strategy is to perform a compliance audit. The audit process can be long and tedious but by having a compliance audit already complete, you are proving to an outside audit group that there is no need to dig down into the transactional level because you’ve already reviewed it. In order to complete a compliance audit, you can use third party bolt on applications that integrate evaluation with security management.

For more on passing a SOX audit, check out our partner, ERP-One’s EnterpriseOne Security Solution Webinar Series.