4 Steps to Prepare for your SOX audit
Identify your internal business processes
Identify rules (or buy the ALLOut rule set)
Identify conflicts (run ALLOut’s SOD reports)
Remediate (fix) or Mitigate (excuse)
-
Identify your internal business processes
-
Identify rules (or buy the ALLOut rule set)
-
Identify conflicts (run ALLOut’s automated SOD reports)
-
Remediate (fix) or Mitigate (excuse)
SOX Compliance, Security & Audit Tools for JD Edwards
Assess the effectiveness of your current controls!
There are no standard tools available to JD Edwards EnterpriseOne customers in native JDE, and with EnterpriseOne’s complexity, it is proven to be more cost effective to use the ALLOut toolset to view and understand your current set up and more importantly, how effective it is in preventing fraud.
Whether you fall under regulations like SOX or GDPR, or you just want to make sure your systems are secure, it is important to understand and manage the risks presents in your JD Edwards implementation. Even without regulations, most businesses struggle to keep up with users having more access than necessary, or orphaned users roaming your system.
Managing Segregation of Duties Issues
Understanding Segregation of Duties Conflicts ‘Segregation of Duties’ (SoD) rules state where duties and areas of responsibility should be separated to reduce opportunities for unauthorized or unintentional modification or misuse of an organization’s assets – this means that the same person should not have access rights to a function/process from end-to-end.
A SoD ‘Conflict’ is where one or more duty or area of responsibility exists, for the same individual (user) or group of individuals (role), so that fraud and/or error can occur.
SoD conflicts are not equally important to every company and vary based on:
- The safeguarding of assets vs. financial reporting risks.
- The relative importance of information confidentiality.
- The nature of company assets.
Managing Risk
Not implementing Segregation of Duties puts an organization at risk of failing to meet regulatory and compliance requirements – this is not the only risk however. The cost of fraud and other internal control failures is well documented in monetary values – in addition, other costs are often hidden, such as:
- Time and money spent researching and resolving any problem transactions that were not prevented or detected in a timely manner.
- Lost shareholder value due to the market losing confidence in an organization.
- Missed business opportunities because an organization’s credit rating changes and financing becomes more expensive.
- Costs to recover from reputational damage
It’s more than keeping your auditors happy. (Although who doesn’t like spending less time on audit requests?!) It’s about keeping safe and sane! No company wants to waste time on dealing with an internal fraud case when it could have been prevented easily with better controls.
Door, horse, bolt are all words that come to mind here!