Leverage Your Financial System to Enable Sarbanes-Oxley Compliance: An Evaluator s Guide



Similar documents
Key Drivers of ERP System Adoption in the Pharmaceutical Industry

TigernixERP, one of the most used software for inventory management and purchase order system

This is a training module for Maximo Asset Management V7.1. In this module, you learn to use the E-Signature user authentication feature.

Streamline your staffing process with a vendor management system that fits your business

PROCURE-TO-PAY TRANSFORMATION FOR CFOs. Achieving Control, Visibility & Cost Savings.

Product Brief. Intacct Financials & Accounting. Intacct General Ledger

DOCUMATION S PURCHASE TO PAY (P2P) SUITE

Improve Business Efficiency by Automating Intercompany Transactions

SRM 7.0 Approver for Shopping Carts. Course Number: TV0012

Introduction. Connection security

GxP Process Management Software. White Paper: Software Automation Trends in the Medical Device Industry

Accounts Payable: Invoice Processing Signature Authority (SAS) Approval

NetSuite for Wholesale Distributors

MEAD JOHNSON NUTRITION SUPPLIER

ERP Checklist: 6 Critical Questions for Financial Leaders

A Control Framework for e-invoicing

How to Set Up and Use PeopleSoft Procurement and Supplier Contracts

Task Manager. Task Management

ERP Checklist: 6 Critical Questions for Business and IT Leaders. How to Choose a Modern Business Solution to Support Growth and Maximize Efficiency

User Guide View Invoices and Payments

Streamlining Your AP Processes with Electronic Document Management

m-hance Purchase Management

ENTERPRISE MANAGEMENT AND SUPPORT IN THE INDUSTRIAL MACHINERY AND COMPONENTS INDUSTRY

Cendec Systems Inc.

Quick Reference Guide Payment Processing: How to Use the Payment Request Form for Suppliers

Name of the system: Accura Supply Chain Name of the company offering it: Accura Software Link to website:

Total Reconciliation Solution (T-Recs ) Enterprise A Control Framework for Governance, Risk Management and Compliance

Unleash Your District s Performance and Efficiencies. K-12 Financial and Personnel Management Software and Services

Sage ERP Solutions I White Paper

Invoice Approval Using the Accounts Payable Module in the Munis ERP System

UCL FINANCE DIVISION. iexpenses EXPENSE CLAIMS SEASON TICKET LOANS. 1

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Making Automated Accounts Payable a Reality

Financial Management Modernization Initiative (FMMI)

Chapter 6: Developing a Proper Audit Trail for your EBS Environment

Harness the power of ReQlogic

Unique IP and Microsoft Dynamics NAV Add-ons from UXC Eclipse

R12 Oracle Purchasing Fundamentals

Solutions for Accounts Payable Process Optimization

INFORMATION TECHNOLOGY CONTROLS

Speed, Visibility and Control Best Practice AP Processing in Oracle E-Business Suite

MAXIMO 7 TRAINING GUIDE PURCHASING & RECEIVING FLORIDA INTERNATIONAL UNIVERSITY. P NE 1 st Ave M1008 Miami, FL 33137

Office of Contracting & Procurement and Support Service Center Desk Reference

System Administration Training Guide. S125 Document Management

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

Unique IP and Microsoft Dynamics NAV Add-ons from UXC Eclipse

User Guide QAD Security and Controls

Best Practice exensys Asset Purchases

2. A typical business process

Accounting & Finance. Guidebook

IBM Tivoli Asset Management for IT

1. Introduction to the Automated Accounts Payable Development Process Flows of Purchase Orders, Goods Receipts and Invoice Queries...

Documenting Distribution Operations: FDA Validation Beyond the Laboratory and Manufacturing Facility

Distribution Training Guide. D110 Sales Order Management: Basic

Dell E-Commerce guide for Skyward Users 1

White Paper. Streamlining Your AP Processes with Electronic Document Management ABSTRACT. Command Your Content

Day to Day Operations Guide

ENTERPRISE MANAGEMENT AND SUPPORT IN THE AUTOMOTIVE INDUSTRY

REQUEST FOR EXPRESSIONS OF INTEREST 4643 EOI

HEDCO Total Management Solution

M-Files QMS. Out-of-the-Box Solution for Daily Quality Management

Internal Controls, Fraud Detection and ERP

Accounts Receivable. Order-to-Cash Best Practices for Billing Documents. Automated Access and Delivery. DELIVERYWARE

Application Programming Interface (API)

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

SAP Business One Integration with Radley icaras EDI. Mascidon, LLC March, 2011 Dr. Don Maes

MICROSOFT DYNAMICS GP. Product Capabilities and Business Ready Licensing Module Guide. Solutions

Supply Chain Finance WinFinance

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

Accounting information systems and business process : part 1

NetSuite SuiteFoundation Study Guide: July 2016

Infor CloudSuite Business

PEOPLESOFT ENTERPRISE PAYABLES

Expense Module Security

Ross Systems Inventory Control Module

Microsoft Dynamics GP. Electronic Signatures

ATTACHMENT III Tender No HD Laboratory Information Management System (LIMS)

Expense Reports Training Document. Oracle iexpense

IFAS 7i Department Accounts Payable

Requisitioner User Guide

SC121 Umoja Contractor & Consultant Services Overview. Umoja Contractor & Consultant Services Overview Version 7

<Insert Picture Here> Looking to Reduce Operating Costs? Automate Your Expense Processing with PeopleSoft Travel and Expenses 9.1

SEPTA eps FREQUENTLY ASKED QUESTIONS

CRAFT ERP modules. Introduction

ERP Systems. Generic ERP system. Categories of ERP systems. December 4, 2014

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

ORACLE QUALITY ORACLE DATA SHEET KEY FEATURES

Enterprise Asset Management

MD AOC Project Introduction to PeopleSoft

TIBCO Spotfire and S+ Product Family

Introduction. Editions

UNIVERSITY OF OTTAWA Financial Resources. UO - SMARTStream System Theory - Purchasing and Accounts Payable

Sage ERP X3 I White Paper

Automate Key Network Compliance Tasks

Inform Upgrade Version New Features Improved Google Calendar Synchronization

Transcription:

Leverage Your Financial System to Enable Sarbanes-Oxley Compliance: An Evaluator s Guide W H I T E P A P E R Summary This document provides an overview on how financial systems can provide companies with the foundation and best practices necessary for creating a secure, auditable and controlled environment to ensure Sarbanes-Oxley (SOX) compliance.

Introduction When it comes to Sarbanes-Oxley (SOX), the role of financial information systems in enabling compliance simply cannot be overlooked. This point was recently underscored by a study which named financial systems and procedures as the most common problem among companies disclosing material weaknesses. A weakness, in fact, that has directly led to replacing numerous CFOs over the last year, and has prompted organizations to take a deeper look at their business processes as well as the financial systems that support them. WHERE THE PROBLEMS WERE Classification of 899 companies disclosing material weaknesses in 2004-2005 5.8% 9.8% 8.2% 9.3% 7.4% 36.3% 23.2% Key Controls Processes Financial systems and procedures Personnel issues* Documentation Revenue recognition Lease accounting Tax accounting How can financial system successfully enable and enforce SOX compliance? Most auditing firms point to six specific areas to carefully consider when evaluating a financial system s ability to support SOX compliance efforts. These are: Other * Personnel issues refers to lack of competent finance/accounting staff or insufficient staffing levels. Source: Glass, Lewis & Co.; company filings Audit controls and e-signatures From a business controls perspective, all material and inventory transactions recorded in irenaissance have a complete audit trail. For example, the audit trail includes who, when, what lot, from what location or quality status, final movement location, to where even information that indicates what facility or screen the user was in when they performed the transaction. In addition, every field or table in the system has a configurable control that can be turned on to create an audit trail. (During implementation, Ross Systems consultants provide the known sensitive tables and fields to be audited for SOX and Good Manufacturing Practices - GMP). Furthermore, the system can be made to enforce single or double electronic signatures on any transaction functionality originally designed for compliance with CFR 21 Part 11 (the FDA regulation for electronic records and signatures). In addition to double or single electronic signatures for quality and inventory movements, electronic signatures can also be enabled for sensitive sales, procurement, and financial transactions. These signatures record the same information as the audit trail, along with assignment of reason codes, saving of the data before the change, and recording of failure attempts for further investigation. E-signatures verify that the person signing the first signature is the person logged into the system, while re-authenticating with the system security manager. The second signatory is also verified in order to ensure the individual has the authority to authenticate the authentication level. Audit controls and e-signatures Security administration Division of duties Audit and program change control Documented processes Workflow and document control Ross Enterprise s ERP Application addresses each of these key areas, helping to facilitate full compliance with all key provisions of the Sarbanes-Oxley Act including Section 302, Section 404, and Section 409.

Security Administration The Security Manager within Ross Enterprise s ERP Application provides advanced role-based security administration facilities. Roles are created such as requisitioner, receiving, payables processing, purchasing manager, controller, etc. and users are assigned to one or multiple roles. Then, in order to use any of the transactions within Ross Enterprise s ERP Application, the user must go through a number of security layers. The first level of security is the company, division and warehouse level, which allows only valid users to pass through the network and Ross Enterprise s ERP Application security and to obtain access to the appropriate work areas. To streamline administration, all user-names and passwords are inherited from the operating system (Windows Active Directory). If a network policy requires users to change their password (every 30 days, for example) the policy automatically flows through to the Ross Enterprise s ERP Application security model. Next, the facility level security allows administrators to manage what areas of the system different users, based on their roles, can access. Finally, the transactional level security allows administrators to specify what transaction types such as sales order entry, QC inventory movement, GL Journal, Manufacturing Issue, etc. the users can access, and what dollar limit, if any, is to be applied to the transaction. Division of Duties A key area of concern to auditors is a financial system s provision for division of duties. While non-financial system operating procedures address the majority of these controls, the ability to notify one or multiple individuals of critical changes to the system code, metadata, or configuration is critical. Ross Enterprise s ERP Applications enable change control security and notification, while ensuring appropriate approvals are in place prior to a change. Audit and Program Change Control Like a GMP system, a financial system regulated by SOX must have change control policies and procedures in place once it s in production mode. Whether operations require a system configuration change (turning on multi currency), or a service pack becomes available (new fixed asset depreciation law update), or a module needs to be implemented (phase 2 sales order processing), the system managers need to know how the system will be impacted. Change control is commonplace in a GMP environment. And with its vast experience in regulated industries, Ross Enterprise can help customers review, implement, test, and ensure system change is implemented as required and all results are known and documented. Ross Enterprise s ERP Applications also provide complete data entity diagrams that map the data relationships, along with best practice change-control policies that ensure a controlled system. Documented Processes Ross Enterprise can provide detailed standard procedures and customizable process flows to document system processes, which can be ideal for new employee or refresher training. These standard operating procedure documents are created with swim-lane diagrams and test scripts to facilitate user acceptance and system regression testing. Flow diagrams can also be interactive to allow users to follow a flow and click to a screen within the application, thus improving the ease of navigation. This means mater tables become a critical component in enabling compliance. These tables define the items, vendors, payees, and customers held in the system. The ability to notify one or more individuals that a payee address or name has been added or modified is a classic example of system control related to SOX compliance. And the ability to enforce an e-signature to the change before it goes into effect further aids the compliance effort.

Requisition to PO VENDOR BUYER APPROVER REQUISITIONER Create Requisition and Submit Submit triggers Approval Request Workflow Review Requisition Note: See Approval Process for details Approval request selects and notifies appropriate approver/s Referred for higher approval Requisition Approved Approved Notify buyer that requisition is available for selection Buyer selection required? No System generates PO Declined Yes Notify requisitioner Buyer Selection and PO Generate Modify and resubmit or cancel Print PO - Hardcopy - Fax - email Deliver PO by fax/email Purchase Order (Hardcopy by post) Requisition status updated Send back confirmation The requisition is updated so that the requisitioner can see that the goods are awaiting delivery The supplier uses Procall to acknowledge receipt of Order - Confirm, reject or return for resubmission Workflows and Document Control Automated workflow, approvals, task lists and notification not only streamline business process, they can also eliminate user error. Workflows can be created in Ross Enterprise s ERP Application and initiated by authorized users to create/add/modify an item, customer, ship-to, payee or configuration change to the system. Customizable workflows can be also created to provide a high degree of integration and human interaction with the system. Standard operating procedures and sensitive documents can be controlled for view and edit with revision control, change tracking and multi-path approval. MS Office or online forms can be created and routed, and metadata can be imported or exported from the forms to populate system fields and tables. The intent of providing multiple controlled entry and exit points to the system, while validating all transactions, is to create an environment where more employees can utilize a single system of record for business transactions, reducing the use of multiple paper-based or electronic data silos. Additional Considerations for Regulated Industries As with regulatory compliance efforts related to manufacturing in regulated industries such as Life Sciences, Food and Beverage, and Chemicals a company must also specifically identify what regulatory rules apply to their business. It must then map these rules to the business process; map again to the specific processes, screens and transactions that are to be executed by the users; and finally map to the reports and queries used in making financial decisions.

Advantages of an Integrated System in SOX Compliance Ross Enterprise s ERP Applications are an integrated planning, purchasing, payables, receivables, sales, inventory, quality, manufacturing and accounting system. That means journal entries are automatically posted to the ledger from the subsidiary modules, requiring no human interaction, uncontrolled interfaces, or manual re-keying of data. This provides an additional advantage in the compliance effort, since an integrated system helps eliminate untested and uncontrolled points of entry. Summary Ultimately, the responsibility for SOX compliance audit preparation lies with a company and its auditors. Financial systems in and of themselves cannot automatically ensure compliance. Yet these systems must provide businesses with the foundation and best practices necessary for creating a secure, auditable and controlled environment one in which financial reporting and performance can be easily measured. About Ross Enterprise Ross Enterprise, a software unit of CDC Corporation (NASDAQ: CHINA), delivers innovative software solutions that help manufacturers worldwide fulfill their business growth objectives through increased operational efficiencies, improved profitability, strengthened customer relationships and streamlined regulatory compliance. Focused on the food and beverage, life sciences, chemicals, metals and natural products industries and implemented by more than 1,200 customer companies worldwide, the company s family of Internet-architected solutions is a comprehensive, modular suite that spans the enterprise, from manufacturing, financials and supply chain management to customer relationship management, performance management and regulatory compliance. For more information please visit www.rossinc.com.

2006-2007 Ross Systems. All rights reserved. For more information or a complete list of our worldwide offices, please visit www.rossinc.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information