Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc.

Published byAlaina Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc."— Presentation transcript:

1 Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc. thofsetz@logicalapps.com

2 Agenda Sarbanes Oxley Overview Logical Apps Approach to Sarbannes Oxley Question and Answer

3 What do these dates have in common? December 2, 2001 July 19, 2002 August 31, 2002 Enron declares bankruptcy MCI Worldcom declares bankruptcy Arthur Anderson agrees to stop auditing public companies

4 How did this happen? Earnings pressure Lack of mandated disclosure of company reporting model Minimal oversight into corporate business practices No documented or enforced internal controls Dependency on consulting fees Assumed good intent of their client Inability to continuously monitor a company’s internal controls Unable to identify violations of internal controls Corporate Issues Audit Firm Issues

5 How Did Congress Respond? Sarbanes – Oxley Act

6 Section 103: Your auditor (and therefore, you should) maintain all audit related records, including electronic ones, for seven years. Section 201: Firms that audit your company’s books can no longer provide you with IT related services. Section 301: You must provide systems or procedures that allow employees to communicate effectively with the audit committee. Highlights

7 Sarbanes – Oxley Act Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financial reports. Sections 404 CEO’s, CFO’s and outside auditors must attest to the effectiveness and accuracy of financial reports. Section 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time” disclosure but is unclear on what it means. Highlights (continued)

8 Sarbanes–Oxley Act BehaviorConsequence Any CEO or CFO who “recklessly” violates his or her certification of the company’s financial statements. If “willfully” violates. Fine of up to $1,000,000 and/or up to 10 years imprisonment. Fine of up to $5 million and/or up to 20 years imprisonment. Any person who “corruptly” alters, destroys, conceals, etc., any records or documents with the intent of impairing the integrity of the record or document or use in an official proceeding. Fine and/or up to 20 years imprisonment. Sarbanes–Oxley Law

9 Sarbanes - Oxley Impact on Information Systems

10 The 3 Cs of Sarbanes-Oxley The jobs of the CEO, CFO & CIO got tougher on July 30, 2002 -- the day the Sarbanes-Oxley Act was signed. The legislation requires significant changes to financial practices and corporate governance, and touches all corporate areas -- including technology. For the first time ever, the CFO and CEO can look a CIO in the eye and say, 'Guess what, you're on the hook with us.' CEO’s, CFO’s and CIO’s

11 What Does this Mean to CIOs? Provide extensive Control for Oracle Applications Continuously Monitor Identified Risks Provide Oversight Into Creation of Financial Data Enforce Segregation of Duties to Minimize Risk Take Measures to Ensure Financial Data is Accurate Ensure the Accuracy of Reporting Data CEO’s and CFO’s will Require CIO’s to:

12 System Control Examples Financial Statement Generation Report parameter changes are documented Data that generates financial statements is accurate Inventory Item Creation Costing is accurately assigned Purchasing Approved suppliers are used Approval limits cannot be easily manipulated Customer Creation Duplicate customers Credit limits

13 Oversight of Financial Data Examples Standard Data Entry is Enforced Accurate reporting Segregation of Duties Separation of functions to minimize risk of fraud Audit changes to sensitive data Approval processes for creation of financial data Oversight into Financial Processes Ensure all month/year end activities are completed

14 Typical Solution to Sarbanes-Oxley

15 The Logical Apps Approach to Sarbanes–Oxley AppsRules AppsRules for Sarbanes-Oxley Compliance

16 LogicalApps for Oracle Applications Automated Enforcement of Internal Controls for the Oracle Applications

17 AppsRules for Sarbanes-Oxley AppsForm Enforce Segregation of Duties Enforce Accuracy/Completeness of System Data AppsFlow System Enforced Process Approvals Oversight into Business Processes AppsAudit Continuous Monitoring of System Changes Built in Reporting on System Changes Automated Enforcement of System Controls

18 Implement & Enforce Your Company Policies Enforce Controls in Oracle Forms Forms Security Data Integrity Accountability Increase Productivity

19 AppsForm for Sarbanes-Oxley Compliance ChallengeOracle SolutionAppsForm Solution Application Security Hide Fields or Tabs Prevent Update/Insert 1. Define multiple Responsibilities 2. Forms Customization for required security 1. Form/Field level security by User, Group of Users, Responsibility, Operating Unit, Inventory Org, etc. Data Integrity Require Values Field validation LOVs & Default Values 1. Offline business rule 2. Forms customization 1. Required Fields 2. Validation of entered data 3. LOVS for free form data End User Productivity Hide Fields or Tabs Zooms Default Navigation 1. Forms customization 1. Configure forms for specific users 2. Tool menu entries 3. Field & tab order

20 Implement & Enforce Your Company Processes Implement Process Controls Through Workflow Automate Current Manual Processes Enforce Systematic Approvals System Wide Notifications Integrated with Workflow Builder

21 AppsFlow for Oracle Applications Risk/ControlOracle SolutionAppsFlow Solution Separation of Duties via Transaction Limits and Approvals 1. Limited seeded workflow 2. Build Custom workflow processes for needed transactions 1. Configure approvals for any Oracle Apps transaction 2. Integrate to Oracle Workflow for re- usability Enforce Data Integrity Across Process Steps 1. None 1. Configure complex process flows across steps, departments, users, responsibilities 2. Enforce process completeness and track metrics Provide Process Details and Metrics 1. Track processes in workflow tables 1. All AppsFlow processes tracked via workflow tables

22 Monitor and Report on System Changes Complete Audit Trail History Configure Audit Rules in Minutes Comprehensive Reporting Key Setup Changes Key Transaction Changes Simplifies Oracle Audit

23 AppsAudit for Sarbanes-Oxley Compliance Risk/ControlOracle SolutionAppsAudit Solution Monitor Setup Data Changes 1. Created_by and last_updated_by 2. Oracle Audit 1. Complete history, including old value, new value, user, date & time of change Monitor Transactional Data Changes 1.Created_by and last_updated_by 2.Oracle Audit 1. Complete history, including old value, new value, user, date & time of change Implement conditional audits based on user defined condition 1. None 1. Additional where clause on audit trigger Pre-Built, easy to use audit reports 1. None 1. Online & hard copy reports 2. Reports user values not internal ids or foreign keys

24 Sarbanes Oxley Benefits AppsRules Proactively Enforces System Controls: Provide extensive Control for Oracle Applications Maintain oversight into creation of financial reports Enforce data integrity and reporting accuracy Automate processes to enforce separation of duties and appropriate levels of approval Enforce process completeness across multiple process steps and departments (Item Setup, Month End Close) Continuously monitor changes to sensitive data Configure & Report on key Audit Data Centralize a repository of rules and workflows

25 Questions? Therron Hofsetz thofsetz@logicalapps.com www.logicalapps.com 949.453.9101

Download ppt "Reactive Companies Meet Sarbanes-Oxley Standards, Proactive Organizations Exceed Them! Therron Hofsetz Logical Apps, Inc."

Similar presentations

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Case Study By: Susan Gulick Principal Consultant – Solutions Partners, Inc. May 18, 2005 Oracle Self-Service HR.

Case Study By: Susan Gulick Principal Consultant – Solutions Partners, Inc. May 18, 2005 Oracle Self-Service HR.
Sarbanes-Oxley Act of 2002 Implements Sweeping Changes Affecting Corporate Governance and Disclosure, the Accounting Industry and Penalties for Securities.

Sarbanes-Oxley Act of 2002 Implements Sweeping Changes Affecting Corporate Governance and Disclosure, the Accounting Industry and Penalties for Securities.
Introduction to the Oracle GRC Platform

Introduction to the Oracle GRC Platform
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
The Islamic University of Gaza

The Islamic University of Gaza
1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.

1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
SOX Compliance: A Practical Look at Application Auditor Presented By Sunita Sarathy Product Manager Absolute Technologies, Inc.

SOX Compliance: A Practical Look at Application Auditor Presented By Sunita Sarathy Product Manager Absolute Technologies, Inc.
Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset.

Adam Bearhalter Kristy Kelly Julie Bland Alex Tiset.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Sarbanes-Oxley IT Audits. 2 Sarbanes-Oxley 2002 Recommended “audit firms place a high priority on enhancing the overall effectiveness of auditors’ work.

1 Sarbanes-Oxley IT Audits. 2 Sarbanes-Oxley 2002 Recommended “audit firms place a high priority on enhancing the overall effectiveness of auditors’ work.
Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.

Audit considerations for your 11i implementation Richard Byrom Oracle Applications Consultant EOUG October 2003.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
SOX Compliance with Application Auditor

SOX Compliance with Application Auditor

Similar presentations

Ads by Google