The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

Similar documents
BizTalk Server Business Activity Monitoring. Microsoft Corporation Published: April Abstract

Programmabilty. Programmability in Microsoft Dynamics AX Microsoft Dynamics AX White Paper

Enterprise Content Management with Microsoft SharePoint

Reporting Services. White Paper. Published: August 2007 Updated: July 2008

Deciding When to Deploy Microsoft Windows SharePoint Services and Microsoft Office SharePoint Portal Server White Paper

Microsoft Office System Tip Sheet

INSIGHT NAV. White Paper

SharePoint 2013 for Business Process Automation


Digital Marketplace - G-Cloud

Executive Summary WHO SHOULD READ THIS PAPER?

BUSINESS INTELLIGENCE

Windows Azure Pack Installation and Initial Configuration

Microsoft SQL Server Master Data Services Roadmap

Office SharePoint Server 2007

Netwrix Auditor for SQL Server

Logging and Alerting for the Cloud

Document Management. Document Management for the Agile Enterprise. AuraTech Pte Ltd

ORACLE PROJECT MANAGEMENT

Day 1 - Technology Introduction & Digital Asset Management

SQL Server 2005 Reporting Services (SSRS)

WHITE PAPER. Creating your Intranet Checklist

Implementing SharePoint 2010 as a Compliant Information Management Platform

Oracle Application Development Framework Overview

ElegantJ BI. White Paper. The Enterprise Option Reporting Tools vs. Business Intelligence

Enterprise Document Management

Netwrix Auditor for Active Directory

Microsoft Office Programs and SharePoint Products and Technologies Integration Fair, Good, Better, Best

Business 360 Online - Product concepts and features

Implementing Project Server 2010

Published April Executive Summary

10231B: Designing a Microsoft SharePoint 2010 Infrastructure

Writers: Joanne Hodgins, Omri Bahat, Morgan Oslake, and Matt Hollingsworth

Getting started with Microsoft SharePoint Server 2010

TeamCompanion Solution Overview. Visual Studio

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper

Oracle Data Integrator 11g: Integration and Administration

MicroStrategy Course Catalog

Laserfiche. and SharePoint Integration. Your potential, realized. Learn More Inside. Include imaged documents in collaborative processes.

Best Practices Report

Microsoft SharePoint Products & Technologies

Digital Asset Management

Netwrix Auditor for SQL Server

Implementing and Administering an Enterprise SharePoint Environment

Designing and Developing Microsoft SharePoint Server 2010 Applications (MS10232)

IT Initiatives Workflow Automation Solution

Netwrix Auditor for Exchange

EnterpriseLink Benefits

Izenda & SQL Server Reporting Services

Performance Management Platform

Experience Business Success Invest in Microsoft CRM Today

Netwrix Auditor for Windows Server

Microsoft SharePoint Server 2010: What s New and What s Changed?

CMTRAC. Application Overview APPLICATION DATASHEET

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

McAfee VirusScan and epolicy Orchestrator Administration Course

System Requirements for Microsoft Dynamics NAV 2013 R2

Microsoft Office SharePoint Designer 2007

SHAREPOINT 2016 POWER USER BETA. Duration: 4 days

Advanced SharePoint Tools to Enhance Project Management

BLUESKIES. Microsoft SharePoint and Integration with Content Management Platforms. FileHold - Providing Advanced Content Management Functionality

Guide to Automating Workflows Quickly and Easily

Work Process Management

MICROSOFT DYNAMICS CRM Roadmap. Release Preview Guide. Q Service Update. Updated: August, 2011

Microsoft SharePoint Products & Technologies

Key Benefits of Microsoft Visual Studio Team System

Oracle Data Integrator 12c: Integration and Administration

Business Intelligence

Business Intelligence

CRG Academy Course Descriptions. Corporate Renaissance Group 6 Antares Drive, Phase 1, Suite 200 Ottawa, ON K2E 8A9

How To Create A Help Desk For A System Center System Manager

A brief introduction on SharePoint

Skynax. Mobility Management System. System Manual

Workflow and Forms Services for People-Driven Process Management

Installation Guide. Tech Excel January 2009

Regulated Documents. A concept solution for SharePoint that enables FDA 21CFR part 11 compliance when working with digital documents

Integrating SharePoint Sites within WebSphere Portal

MS 50547B Microsoft SharePoint 2010 Collection and Site Administration

Statement of Direction

Developing Microsoft SharePoint Server 2013 Advanced Solutions

FORMS & WORKFLOW SHAREPOINT Practical Discussion

Datacenter Management and Virtualization. Microsoft Corporation

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1

DocAve for Office 365 Sustainable Adoption

IBM Unstructured Data Identification and Management

CorHousing. CorHousing provides performance indicator, risk and project management templates for the UK Social Housing sector including:

NETWRIX EVENT LOG MANAGER

The Clear Path to Business Intelligence

Microsoft Windows SharePoint

Understanding Business Process Management

Course 20489B: Developing Microsoft SharePoint Server 2013 Advanced Solutions OVERVIEW

Course MS55003A Microsoft SharePoint 2010 Business Intelligence Services

Key Benefits of Microsoft Visual Studio 2008

Product Life Cycle Management

Transcription:

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform Technical Discussion David Churchill CEO DraftPoint Inc.

The information contained in this document represents the current view of DraftPoint Inc. on the issues discussed as of the date of publication. Because DraftPoint must respond to changing market conditions, it should not be interpreted to be a commitment on the part of DraftPoint, and DraftPoint cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. DRAFTPOINT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of DraftPoint Inc.. 2012 DraftPoint Inc. All rights reserved. Microsoft, InfoPath, SharePoint, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. 2

Contents 1. Introduction... 4 Purpose of this Paper... 5 2. Compliance Challenges and Solutions... 5 Compliance Business Challenges... 5 Addressing the Challenges... 6 Creating the Recipe for a SOX Solution using SharePoint 2010, Nintex, and DraftPoint... 6 Using SharePoint as a Base Platform... 7 Introducing Nintex Workflow 2010 for Process Control... 7 Mixing in Templates and Services from DraftPoint... 8 3. Solution Architecture... 8 Application Structure... 9 Site Structure... 10 Workflow Structure and Features... 11 Security Considerations... 12 A Sample SOX Management Site... 12 Collecting Data using InfoPath... 13 Reporting... 14 4. Benefits of this Recipe... 15 5. Gather the Ingredients and Start Cooking... 16 Skill Sets and Resources... 16 Software and Hardware Considerations... 18 Scalability Consideration... 18 Developer Resources... 18 3

1. Introduction Since its adoption in 2002, the Sarbanes-Oxley Act (SOX) has introduced a set of legislation that requires businesses operating in the financial industry to maintain documentation through a set of internal controls, proving the effectiveness of its reporting systems. The Act creates new challenges every year for financial businesses adopting new technologies and processes. The burden of proof is placed squarely on the organization s financial and compliance officers to prove and attest to the efficacy of their internal controls. To gain a strong, confident, and cost effective method of managing this burden of proof many organizations are turning to automated system to help manage compliance processes. However, while the choice to go automated can provide a number of benefits and can show a high return on investment, the decision is often not a simple one. Inevitably a single critical question is always asked: Do we build or buy? The choice to build an application from scratch or to buy a completely off the shelf solution can have great repercussions on the overall success and return on investment of the endeavor to go SOX automated. Building a solution completely in house can often prove a difficult and length process that tends to drag the release time out over a much longer period of time than what may have been intended. Internal resources are often strained under other commitments with a SOX automation project, making up only one portion of that resources allotted time. This model can initially appear cost effective when considering using internal muscle, but in the end, with a lack of dedicated focus, the project can end up costing much more than projected. On the other hand, buying an off the shelf solution can get you out of the gate and moving quickly without having a deep internal resource pull. However, this model can also prove to be difficult to adopt since these type of solutions are not specifically tailored to a particular company s practices and may need to be heavily customized once brought in house. Often an off the shelf solution can be very expensive initially and often come with hidden costs should the application need to be configured or customized to suit your needs. There is, however, a middle ground that can provide the flexibility of the in house solution but the reliability and quick deployment of an off-the-shelf solution. This paper aims to show how starting with the Microsoft SharePoint 2010 platform and mixing in templates and partner resources can produce a recipe for a dynamic and cost effective SOX Management Solution, that combines an in house build approach with off the shelf templates and expertise. This solution is a hybrid model between the extreme of the build or buy approach which combines only the best attributes of both. This model can provide the flexibility of the build solution while also providing the rapid deployment and reliability of the buy option. The following discussion will highlight this hybrid approach and will provide a path to success for building an automated SOX Management system. 4

Purpose of this Paper This paper is designed to provide key decision makers with technical information on complying with the Sarbanes-Oxley Act when choosing a software solution. This paper discusses how combining Microsoft s SharePoint 2010 platform with other Third Party templates can address the challenges of meeting SOX requirements, while additionally providing a streamlined automated process. These suggestions not only help to meet SOX compliance requirements but also streamline the creation of documentation and collection of control evidence through automated workflow. Topics covered in this paper include: Technical discussion around architecture, software, and hardware considerations. Considerations on security and scalability Required skills needed to implement a solution of this type Additional resources around the Software discussed in this paper 2. Compliance Challenges and Solutions The SOX Act creates several challenges for businesses where their activities are required to comply with its regulations. This chapter will address those challenges and show how a solution built using SharePoint 2010, the Nintex Workflow engine, and the DraftPoint compliance template and tool set can address these challenges. Compliance Business Challenges The SOX Act requires that business owners and executives sign off on internal controls as defined by Standard Operating Procedures (SOP). These SOPs define the controls their business put in place to meet the requirements of the Act and therefore provide the confidence in that business financial reporting. Two key sections of the Act help to define these requirements: Section 302 o Requires that executives sign off directly on financial statements. This requires a signature from the executive. Section 404 o Requires that all internal controls and SOPs are documented along with evidence of the assertions made in the SOP. It requires that the documentation be adequately audited and reviewed. These sections present a large challenge to businesses in regards to documentation and information authenticity. To meet these requirements businesses and internal auditors need to organize and 5

manage these records securely. Each SOP and the controls defined therein, represent a workflow process in which signatures need to be collected, often periodically. This challenge becomes more oppressive as an organization grows and adds additional software processes that fall under SOX compliance. In this increasingly mobile and online financial world, collecting live signatures can be complex. Addressing the Challenges A SharePoint based system combining automated workflow features and functionality specifically built to address the challenges created by SOX compliance can replace and eliminate labor intensive processes and network folder style storage. This type of automated system will be more reliable than a manual process, allowing better control and tracking of the large volume of documents that financial service organizations must maintain to meet compliance requirements. Internal and external auditors can easily locate and examine the workflow and version history of every artifact recorded in the system. Combining SharePoint 2010 with workflows, features, and site templates from Nintex and DraftPoint specifically built to manage SOX compliance needs can deliver a powerful automated system. This combination of technologies can not only ease the burden of compliance management but can also be widely configurable to allow the solution to be tailored to any firm s needs. Creating the Recipe for a SOX Solution using SharePoint 2010, Nintex, and DraftPoint Over the years, Microsoft s SharePoint platform has become widely used for content management portals including informational sites, such as company intranets or extranets. However, SharePoint has gained considerable ground in many industries as not only a content portal but a business process management suite. Products like Nintex Workflow 2010 have entered the market space providing powerful workflow tools on the SharePoint platform, which can turn a SharePoint content repository into a workflow center that can integrate with many other systems. While these two tools together provide the building blocks for a workflow solution for any industry, they are not initially tailored for a SOX solution out of the box. Services companies, such as DraftPoint Inc., can provide the site and workflow templates along with business knowledge of the platform to quickly deploy a powerful SOX Management system in an accelerated time frame. The following section s discussion will highlight how a solution designed with these tools can be used to manage the large number of documents generated to support internal controls and SOPs of a financial firm. 6

Using SharePoint as a Base Platform Out of the box, a SharePoint 2010 site can provide a repository with key compliance features for storing SOX control documents, SOPs, and evidence. These features include an integrated security model with Active Directory that is configurable down to the document level. This allows granular control of compliance documents and evidence, which can secure materials from unintended alteration and can provide a rich audit control. Also, SharePoint provides deep version control that tracks the date and time users alter documents or data, including capturing the original content for reuse or complete restoration. SharePoint also provides a rich environment for document properties or metadata. This metadata allows documents and evidence to be tagged for easy searching, sorting, and filtering. Internal auditors can easily locate records of a control using document metadata, decreasing the amount of time required to sift through a traditional file system. SharePoint also allows direct integration with the entire office product suite. For example, working with Microsoft Word document through SharePoint is as simple as opening the document from the web site directly into the client Word application, as if navigating a file share. The integration between the Office System with SharePoint provides a familiar work environment for members of the compliance team. Introducing Nintex Workflow 2010 for Process Control With a base platform up and running in SharePoint, the introduction of Nintex Workflow 2010 can transform a site designated as a repository into a full workflow and process center. Nintex allows workflows to be designed using a drag and drop visual style editor that lets designers see the basic flow of the workflow they are developing. Workflow designers can quickly create processes that route documents or evidence for review or approval to either static recipients or dynamic recipients based on document metadata. This process captures workflow history and electronic approvals in the system which can be quickly retrieved to support a financial firm s SOPs and evidence. Nintex Workflow 2010 comes out of the box with powerful workflow actions to accommodate a wide range of business needs. Nintex allows the manipulation and creation of any type of SharePoint based document or data item. Workflows can dynamically query for SharePoint values and can also create new libraries, lists, and entire sites. Nintex workflows can also help automate the management of site permissions, allowing a range of actions for provisioning user access to a site all the way down to controlling permissions on individual documents. The workflow engine also allows integration with other systems via web services for direct database calls. This integration can be a critical feature when fitting a SharePoint solution into the dynamically changing IT infrastructure of a financial firm. Nintex is highly extensible through their SDK, allowing custom workflow actions to integrate into their workflow designer 7

Mixing in Templates and Services from DraftPoint The final ingredient in this recipe to combine the repository power of SharePoint and leverage the Nintex workflow engine to support a financial firm s SOX compliance effort is to add in site and workflow templates from DraftPoint. These templates will provide the basic site structure, lists, libraries, and workflows that allow an organization to make quick use of this platform to manage SOX documents and evidence. DraftPoint templates also include commonly used metadata that will help organize documents out of the box. Having implemented solutions that support financial firms SOX compliance efforts, DraftPoint can also bring a cost effective package of services that can help any organization make the most out of this recipe. This final ingredient will help emulsify SharePoint and Nintex into a solution that financial firms can rely on to house their critical SOX complaint material. In addition to site and workflow templates, DraftPoint employs InfoPath form templates which provide data collection vehicles for internal controls and submission of evidence. InfoPath forms integrate directly with SharePoint and allow for quick deployment of a web based data collection module. These forms out of the box will provide a solid method for users to upload and add supporting metadata about the financial firms control documents. 3. Solution Architecture This section describes the technical application level architecture as well as the site and solution level architecture. This section is designed to provide the high level structures and features needed to accomplish the goal of creating an application designed to support the SOX compliance management of any financial firm. 8

Application Structure Figure 1 below highlights the application and server level structure to be considered for a SOX solution. Figure 1 Suggested Application Structure This structure is the most basic suggested architecture for a SharePoint based solution when considering a SOX solution. This structure consists of the three main layers of data storage, web, and interface. The true key to this structure is the web layer consisting of SharePoint and its installed components. This layer provides the data access and business logic for the application. The web accessibility of the system really opens the application up to a wide range of interfaces, including mobile devices. 9

Site Structure While the above example of a server and application structure is sound, it really is applicable to many SharePoint based solutions. The following slide, Figure 2, describes more of the nuts and bolts of how a true SOX management site could be structured. Figure 2: Possible structure for a SOX management site Figure 2 shows the common libraries that would be needed as part of the solution and shows how InfoPath can be integrated into the site. This site uses InfoPath forms for collecting data about new documents or controls being added to the system. InfoPath can facilitate collecting and logging control evidence into the system by providing a web based file upload portal that can be used by any team member who needs to submit periodic evidence. The site also shows libraries that would be used to store SOPs and Control evidence and the metadata that can link these items together for powerful searching and sorting capabilities. At each level a workflow is installed that can manage the data stored within each library. In some cases workflow is used to process forms and can allow complex automation, as in the example above which indicates a workflow can process data collected by an InfoPath form. Also, workflow can be used to process and send reminders and alerts when periodic control evidence needs to be collected. Workflow can be scheduled to run based on metadata of an SOP or control. 10

Workflow Structure and Features The site structure above defines the SOX management site platform which can then be exploited by the processing power of automated workflows. Figure 3 shows a simplified version of the logical flow that might be facilitated by a workflow. Figure 3: Sample workflow logic of a new SOP or Control The workflow described in the diagram above gives an outline of how a possible workflow process may link all artifacts of a SOX Management site together. This workflow shows how a new SOP which defines a financial Control can be created and sent through a lifecycle automatically managed by the system. The lifecycle of a document is the gated approach to that documents effectiveness. The lifecycle defines how the document will move from a draft state to an approved an effective state. Within each state of the document, the workflow determines the actions required at that state. For example, if reviews are required during a review state the workflow prompts the user for reviewers or selects them automatically. The workflow brings this new SOP into active life as an effective document which an evidence collection schedule can be created against. Once the SOP is effective, the assignment of a periodic schedule when evidence needs to be collected can be made through the workflow scheduling model. The system can then, through workflow automation, send collection notices to the appropriate users who can then be directed to collect that evidence and will be provided with the control reverence. Additionally, the system can be directed to provide links to previously collected evidence for easy reference of the targeted sample. 11

Security Considerations Managing security in a SOX Management site can also be made simple by automation of corporate security policies. Because SharePoint allows security management at the document level and Nintex workflow allows for the manipulation of security at that level, the system can handle security concerns at all points of the process. For example, the workflow process above would be configured to allow editing of a new Control SOP only at the time of its creation and through its review lifecycle. Once the document has passed into approval or has become effective, the document is locked for editing even by the original author. This control ensures that each document must pass through the proper steps before a user can edit the document content. In this example, if a document needs to be edited once it enters the approval stage, it would need to be rejected. This process then logs this event with comments given and adds to the full audit trail of the document for full accountability. While these changers happen in process, the site should initially be set up with a base set of security for all users. Using SharePoint groups, a quick and easy gating approach can be designed to allow flexibility and easy management of the security model. A Sample SOX Management Site Drawing upon the concepts discussed above, the below Figure 4 shows the dashboard of a SOX Management site in action. Figure 4: SOX Management Site in Action In the above site example, when we log onto the site we are immediately drawn to the dashboard page. This page contains a high level view of the day in the life of a member of the SOP Compliance 12

team. The most relevant data pulled in front and center: My Tasks and Documents I ve been working on. This page is designed to give the user logging into the site a quick overview of what they have been doing and what may need their attention. From there, users can directly launch into their primary tasks. Additionally, the home page has a general navigation pane on the left hand side that will allow the user to navigate directly into the repository and browse the system contents. More importantly, on the right hand side of dashboard are several business logic links that allow a user quick access to creating a new SOP or submitting control evidence via InfoPath forms. Collecting Data using InfoPath InfoPath as a web based tool can be very effective in quickly producing and collecting necessary data points about various aspects of SOX compliance. As show in the dashboard screen above the left hand action links launch the appropriate InfoPath form to collect the necessary data for the intended action. Below, in Figure 5, is an example of form used in this system to submit control evidence such as screen shots or excel files via upload. Figure 5: InfoPath form used for control evidence collection 13

The data fields provide an easy method for users responsible for collecting control evidence to upload the evidence as any file type. Additionally, the system is designed to send this control evidence through a review and approval process which is logged on the form so that anyone reviewing the form can see the history directly with the control evidence. Using this InfoPath in this way allows a business to quickly produce forms that can be integrated with SharePoint very quickly using the InfoPath 2010 designer. Forms can be rapidly generated using a drag and drop style design tool and when published to SharePoint all exposed fields can be connected to metadata in the site. All of the piping is done for the user in the background when publishing the form. Reporting Reporting in this system is simply mixing one part verbose document metadata structure and one part SharePoint out of the box views. Figure 6 below highlights what one view into the Control Evidence library might look like. Figure 6: View into the control evidence library Since we are capturing all relevant data, we can quickly see that our systems are audit ready or not. Using this type of report we can see, based on submission data, what evidence is missing. This view can be manipulated even further with a deeper metadata structure defined toward a specific client or environment. Data points more specific to a unique scenario can be easily added and captured in InfoPath to be used as a reporting tool here. In addition to the standard views, SharePoint also allows the data to be exported into Excel for more complex and graph centered reporting. This feature ports the data to a very familiar environment of Microsoft Excel for even deeper data manipulation and reporting. Figure 7 shows exported data in Excel. 14

Figure 7: Excel Export of Control Data 4. Benefits of this Recipe Throughout this paper we have been discussing the benefits of a SOX Management system built using SharePoint as a foundation, Nintex Workflow for processing power, and DraftPoint templates for rapid deployment. Here we will delve a little deeper into the benefits of this structure. 1. Advanced documentation and information management a. Richly configurable and auditable repository with SQL Server as a back end and SharePoint Foundation as the front end b. The SharePoint portal provides advanced features around version history and version control c. Granular security model can ensure that critical documents and evidence are secured within the repository d. Check-in and Check-out feature allows for strict content control and tractability e. Advance metadata structures allow for out of the box reporting and searching 2. Workflow and Process Templates a. Automated workflow drives and tracks control process flow and status b. DraftPoint template Workflows provide a starting point for the most common compliance actions and processes for rapid deployment and configuration of a custom solution 15

c. Workflows can be configured to handle complex requirements including integration with other technologies d. Rich graphical drag and drop workflow allows for quick process design with Nintex Workflow 3. InfoPath Forms a. Direct integration with SharePoint libraries allow for accurate data collection and organization through SharePoint columns b. Completely web based solution, only form designers need the client application to design forms c. Dynamic data storage with an XML backbone that allows for integration with web services and programmatic browsing and manipulation of the data d. Easy to use form designer featuring drag and drop controls and wizard based integrations with SharePoint data 4. Monitoring and Reporting a. Out of the box SharePoint views allow for quick web based reporting b. Exporting to Excel allows for deeper client based reporting integrating graphing and charting c. Integration with other reporting applications such as Microsoft s Report Builder 5. Gather the Ingredients and Start Cooking This chapter will give you the tactical information you ll need to start a SOX Management implementation in your organization. We will highlight some need-to-know technical information about SharePoint and some of the skill sets needed to help a project of this nature succeed. Making the right decisions about starting such a project up front can make the difference between taking advantage of the ideals of this paper and losing focus on this quickly developed solution. Skill Sets and Resources Selecting the right resources or vendor at the initial stages is a critical decision and is extremely important when considering the complexity of your organization s processes. Partnering with a company like DraftPoint to deploy a solution for your business can take some of the guess work and management out of mapping your processes to the technical aspects of the system. The following list describes the key resources needed to develop and deploy a SOX Management application. Business Analyst o Role on the project: This person will be the liaison between the development team and the business owners. Responsibilities should include organizing the business owner s requirements into clear and concise documents that can be used to map 16

o o requirements to test cases. Developing test cases and overseeing the testing process. Guiding demo s with the business users and developing training materials. Skill Set: This person should have a deep understanding of SOX compliance and should also understand how business requirements can translate into the SharePoint platform. How DraftPoint Can Help: This is an ideal role for a resource from DraftPoint. Having deep technical understanding of SharePoint and Nintex as well as experience in developing SOX compliance applications on this software stack, a resource from DraftPoint can strike that balance between the business needs and the limits of the application. Developer o Role on the project: This person s responsibilities should include translating the business requirements into SharePoint configurations, Nintex workflows, and InfoPath forms. This person should have a good understanding of SOX compliance but should be more focused on the technical aspects of the solution. o Skill Set: This person should have a deep understanding of the SharePoint architecture and depth of configuration available through the platform and should be able to develop custom code on the.net platform. This person should also be familiar with building and integrating InfoPath forms with SharePoint. A good understanding of building Nintex Workflows is also recommended here as well. o How DraftPoint Can Help: Having developed several SOX compliant applications using SharePoint and Nintex as the base platform, DraftPoint can offer developer resources who have the deep technical knowledge and experience of integrating SOX compliance requirements into this software stack. System Administrator o Role on the project: This person ideally should be a member of the Infrastructure team and should have administrative access to systems and servers. This person s role on the project will be coordinating the deployment schedule with the project team as well as ensuring all server and base software requirements have been met. o Skill Set: This person should have a good understanding of maintaining and installing Microsoft Server 2008 and SQL Server 2008. Business Owner o Role on the project: This person should also be a member of the business team and should own the system from that perspective after the application has gone live. This person s active role on the project will be to work with the Business Analyst to help gather requirements and ultimately approve them. This person should be present during all system demos and should help to validate the project efforts. o Skill Set: A deep understanding of the business requirements and of SOX compliance and how it is currently implemented within the business. 17

Software and Hardware Considerations Because our solution sits atop the Microsoft stack of products including SharePoint, SQL Server, and Windows Server, strong considerations should be made toward Microsoft s standard requirements: SharePoint Server 2010 hardware and software recommendations: o http://technet.microsoft.com/en-us/library/cc262485.aspx SQL Server hardware and software recommendations: o http://technet.microsoft.com/en-us/library/ms143506(v=sql.100).aspx Planning for client browser support: o http://technet.microsoft.com/en-us/library/cc263526.aspx Scalability Consideration Developing a SOX Management solution on SharePoint can come in many flavors. Since SharePoint is such a dynamic platform, some thought should be placed into the overall SharePoint strategy within your organization. Not only can SharePoint provide a solution for SOX Management but can also provide other services within the business. Some other possibilities include: Security access system Organization intranet General content repository Business process management platform (general workflow) Internal social networking platform Having a wider strategy for SharePoint should be considered when setting up the platform within your organization. The following resources can help plan SharePoint limitations and scalability: SharePoint Server 2010 Limitations o http://technet.microsoft.com/en-us/library/cc262787.aspx SharePoint Implementation Planning o http://technet.microsoft.com/en-us/library/cc261834.aspx Developer Resources A SOX Management application built on SharePoint and Nintex not only can be richly configured using out of the box features but also has deep roots in the.net architecture and therefore infinite possibilities for customizations. From custom web services to Nintex Workflow Actions, the system can be customized using code to meet any requirements. Some recommended resources for developers are listed below: 18

Nintex Workflow 2010 SDK: o http://connect.nintex.com/files/folders/sdk_nw2010/entry11986.aspx SharePoint Web Services: o http://msdn.microsoft.com/en-us/library/ee705814.aspx InfoPath Developer Center: o http://msdn.microsoft.com/en-us/office/aa905434 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information