Xilinx: SOX slides for NorCal OAUG

Slides:



Advertisements
Similar presentations
Enterprise Resource Planning It is not the end, it is just the beginning Mary Avery Finance Manager Nebraska Auditor of Public Accounts 2006 Joint NSAA/NASC.
Advertisements

Barbara Wheeler – IT Manager, ERP Solutions September 21, 2007 Arbys Restaurant Group Oracle E-Business Implementation.
CONTROLLER/ BACK OFFICE Roles Qualifications Success Metrics years working experience in similar positions CPA or equivalent Knowledge of BPO industry.
Upgrading the Oracle Applications: Going Beyond the Technical Upgrade Atlanta OAUG March 19, 1999 Robert Cooney.
Steps For A Successful Month End Close Presented by: Nancy Ross.
How to Audit an ERP System via the Risk Management Route Presented by: Gabriel Lung ISACA London Chapter Events 2003/2004 ABN-AMRO, 250 Bishopsgate, London.
An Introduction to Spend Analysis and Spend Management Optimizing Your Spend.
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Tech Indira IT Solutions Pvt Ltd
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Quality Representative Training Version
Information Systems Controls for System Reliability -Information Security-
Best Practices for User Access Controls and Segregation of Duties Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
© 2014 Protiviti Inc. An Equal Opportunity Employer. Confidential: This document is for your company’s internal use only and may not be copied nor distributed.
Sage User Network Thursday 17 th September 2009 Amanda Turvill ERP Product Manager.
Blue Coat Systems, Inc. Oracle Enterprise, Planning & Budgeting (EPB) April 8, 2005 Bob Verheecke Chief Financial Officer.
NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.
Collaborative SIG Presentation: Projects to Profit Fundamentals
SAP GRC access ULg Pierre Blauwart – Project Manager HERUG BvD-it Confidential.
The TaiRox Roadmap for Sage 300 ERP Don Thomson, CEO.
Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark,
Chapter 05 Audit Evidence and Documentation McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Changes in the International Standards for the Professional Practice of Internal Auditing & Implications for Healthcare Organizations AHIA Northwest Regional.
Presented and hosted by Smooth Sailing: How to Upgrade Sage 300.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Best Practices for Implementing Third Party Software to Monitor SOD and User Access Controls Presented by: Jeffrey T. Hare, CPA CISA CIA ERP Seminars.
Serena Project Case Study Sapphire, Atlanta April 23, 2007.
Consultants: How to Make Sure You Get Paid for Your Work Nathan O. Sokal Design Automation, Inc. 4 Tyler Road Lexington, MA Tel. (781)
TROPICAL AGILE Johannes Brodwall. “How long will it take to drive to Chicago”
Put your company logo here Confidential Data Upgrade from 8.x to 9.0.
ERP Project Update JAN, | Ganda ERP Project | 0.
Release Management at Xilinx Dilip Deshpande January 24 th, 2006.
1 Oracle Cash Management & Treasury Update June 21, 2007.
Oracle Internal Controls Manager Krista Ladd. Silicon Image Confidential2 Silicon Image, Inc. Semiconductor company located in Sunnyvale – A leader in.
Arbela Technologies Confidential arbelatech.com Best Practice for Month End & Year End Close.
Microsoft Dynamics NAV: Tips and tricks for security methodologies Andy Snook and Nate Boettcher Fastpath, Inc.
ISIS Project Status Report May 18, 2006 Prepared by MAXIMUS, Inc Education Systems Division for the ABT Committee.
ONLINE KNOWLEDGE PRODUCT OF SAP GRC Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA
What is Internal Audit University of Date. What/Who is Internal Audit? A University department that reports directly to the Board of Regents (BOR) through.
Security. Audit. Compliance.
Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.
Network General Corporation Ken Boyd – VP IT & CIO Dan Brann – Director, IT Applications.
1  Tata Consultancy Services Closing & Reporting FI - Closing Cycle.
PeopleSoft Test Framework 9.2 Upgrade Benefit at Astute.
Building a Better Way: The Weitz Company Security Model
Presented by Sheri Carney – The Resource Group
Security. Audit. Compliance.
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
Presented by: Andy Vitullo Principle, Logan Consulting
Best Practices for Managing Security in Dynamics AX
From Design to Cross Application Reporting
Enterprise Content Management Owners Representative Contract Approval
QAD Enterprise Edition Segregation of Duties
Insight Balancing. Insight Balancing Intro To paraphrase Shakespeare, “to balance, or not to balance: that is the question.” There is only 1 correct.
Very Simple SoD & Audit Reporting Oracle ERP Cloud & EBS
Oracle Open World 2018 CAS5818 Streamline SOX compliance and segregation of duties using Oracle ERP cloud Didier Chabrerie.
OAUG SOX Panel Scott Tang, Project Manager
Sarbanes-Oxley Act (404) An IT Viewpoint
Supporting Processes with ERP Systems
Preparing for an Audit. Preparing for an Audit.
SAP GRC EOH GRC Solutions Divisional divider Option 1.
Mr Mirco Barbero European Commission, IAS.C1
Supporting Processes with ERP Systems
Presentation transcript:

Xilinx: SOX slides for NorCal OAUG Kavita Khatwani Jan 24th 2006 Xilinx Confidential

Company background Name of Company: Xilinx Inc. Size (numbers): 3100 IT: Size: 200 Distribution: Application version: 11.5.9 Modules: Financials (AP, AR, FA, GL, PO), Order Management, Mfg, Planning, Inventory, HR, CRM, Installed Base, Contracts Consulting Company used to assist with the  SOX compliance project: PwC (Price Waterhouse Coopers) Xilinx Confidential

SOD in Year1 How did you resolve issues of Segregation of Duties? Before the 404 requirement ERP audit/s driven by IA (partnership with external consulting group) post upgrade to 11i identified a few Sod issues which were addressed Negligible work done on an ongoing basis to identify and fix Sod issues After 5 person team (~3 full time equivalent) in year1 to drive the SoD piece of evaluation, analysis and remediation PwC assistance taken to identify all Sod conflicts 4 month extensive effort Driver: Business SOX Program manager Pain shared by: IT Xilinx Confidential

SOD challenges Where were the most challenging moments in this task? Smaller sites had people performing roles that were strong SOD issues Big list of super users within the application IT individuals to business support functions with Admin responsibilities (update) were identified as SOD issue Late scramble on SOD remediation as the issues flooded to IT very late in the fiscal year Test plans and testing for SOD issues from business, required a lot of hand holding from IT Xilinx Confidential

Suggestions to reduce effort What would you suggest for the people/users who are still struggling at this task? Get to know your environment!! Develop your own matrix of SoD and use it Be aware of the ‘Processes’ tab issue (AZN_PR_XXX submenus in Inv, GL, AP, PO & AR) Build a process to catch SoD issues prior to them being created in your environment Plan for moving from People dependent detective controls to System dependent Preventive controls Xilinx Confidential

SOD approach Mid -Long term Short term Identify sec404 relevant IT applications in scope for SOD Develop SOD matrix/mapping across applications Identify SOD issues in your environment Rationalize the risk (H,M,L) on SOD issues Develop processes to PREVENT more SOD creation Remediate them based on risk profile Short term Mid -Long term Xilinx Confidential

Automation of Controls System Based Detective Control System Based Preventive Control Reliable People Based Detective Control People Based Preventive Control Desirable Xilinx Confidential

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.