1 / 6

OAUG SOX Panel Scott Tang, Project Manager

OAUG SOX Panel Scott Tang, Project Manager. January 24 th , 2006. Echelon Corporation. Approximately 260 Employees Worldwide Passed two IT Audits without a Major Deficiency Information Systems – Staff of Seven (including CIO) 2 Employees for Enterprise Application Support

maya
Download Presentation

OAUG SOX Panel Scott Tang, Project Manager

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OAUG SOX Panel Scott Tang, Project Manager January 24th, 2006

  2. Echelon Corporation • Approximately 260 Employees Worldwide • Passed two IT Audits without a Major Deficiency • Information Systems – Staff of Seven (including CIO) • 2 Employees for Enterprise Application Support • 4 Employees for IT Infrastructure Support • Functional Departments’ Business System Analysts (BSA): • Manufacturing • Order Administration & Account Receivables • Finance • Oracle Applications 11.5.10 (Upgraded in October 2005) • Sox Consultant: Dixon

  3. Segregation of Duties • Issues prior to 404 Requirements • No major SOD issues: • Conservative Finance and Accounting organization established by CEO and CFO. Only users who needed to transact on the system were allowed on the system. We did allow superuser access at this time. • ISO Certification in 2000 helped to document practices. This process helped us identify potential issues and thus, tightened up the use of superuser and other responsibilities. • After 404 Requirements • Small staffs – Difficult to segregate duties • Internal Audit (IA) wanted to take away superuser responsibilities away from the BSAs. • Internal Audit needed to list the conflicts and assess risks. This is where a 3rd party consultant assisted in defining the conflicts and risks. Once established, we refined the responsibilities and/or created necessary controls.

  4. Challenging Moments • Definition of the Problem or Requirements - At all levels. • Lack of Risk Assessments • Ownership of Process – Assuming IS has the solutions. • External Auditor Compliance • Auditing during the Upgrade Process

  5. Suggestions • Understand the problem at the highest-level first. • SOX Act of 2002 • SEC Final Rules • PCAOB Audit Standard No.2 • COSO Framework • COBIT (ISACA) => COforSOX (62 control objectives) • Apply Control Objectives that make good business sense for the company and truly mitigates significant risks. • Solutions through collaboration • Software applications are only tools, not the solution

  6. Oracle Challenge And now SOX Oracle User Oracle 11.5.10

More Related