1 / 15

PROJECT ON SOX IT PROJECT (ASSURANCE SERVICE) BY ALKESH.V.DESHPANDE UNDER THE GUIDENCE Of Mr. PRASAD PENDSE ANB CONSULTI

PROJECT ON SOX IT PROJECT (ASSURANCE SERVICE) BY ALKESH.V.DESHPANDE UNDER THE GUIDENCE Of Mr. PRASAD PENDSE ANB CONSULTING C0.PVT.LIMITED COLLEGE NAME K.J. SOMAIYA INSTITUTE OF MANAGEMENT STUDIES & RESEARCH . Introduction.

gaetan
Télécharger la présentation

PROJECT ON SOX IT PROJECT (ASSURANCE SERVICE) BY ALKESH.V.DESHPANDE UNDER THE GUIDENCE Of Mr. PRASAD PENDSE ANB CONSULTI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PROJECT ON SOX IT PROJECT (ASSURANCE SERVICE) BY ALKESH.V.DESHPANDE UNDER THE GUIDENCE Of Mr. PRASAD PENDSE ANB CONSULTING C0.PVT.LIMITED COLLEGE NAME K.J. SOMAIYA INSTITUTE OF MANAGEMENT STUDIES & RESEARCH

  2. Introduction • The Sarbanes–Oxley Act of 2002 also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002. • Sarbanes–Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Each title consists of several sections. • The Sarbanes-Oxley Act created new standards for corporate accountability as well as new penalties for acts of wrongdoing. • SOX applies to all public companies in the U.S. and international companies that have registered equity or debt securities with the Securities and Exchange Commission and the accounting firms that provide auditing services to them.

  3. Scope of Project • SOX Auditing is a Process where we need to review several Applications and their Interfaces. • We need to check several controls regarding those Applications and Interfaces. • All the Application Owner (AO) as well the person in-charge of the Interfaces must adhere to rules and the policy lay down by Bank. • It is the ability to demonstrate controls implemented for quarterly certification.

  4. Benefits • Findings can be used when evaluating current level of SOX compliance. • It would reduce the costs associated with performing separate risk assessments as part of the organization’s information security strategy. • It would bring information security related risks into the focus of the organization’s leadership because of its association with SOX compliance. • It would lay the groundwork for developing a generalized compliance driven risk assessment model that could incorporate any set of regulations or specifications. • It could be the first step in developing a risk management program for organizations that have to be SOX compliant.

  5. Project Details • In all there are 117 Applications and 170 Interfaces to be reviewed by the whole ANB SOX team, from which I need to review 14 Applications and 10 Interfaces. • For every application we need to check 42 controls and for every interface 18 controls. • Out of these 60 controls several can be done at our end itself, and for the remaining we need to arrange a meeting with the Application Owner (AO) or the concerned person for the Interface. • So every day there is a Feeding File and a Personal Tracker that needs to be filled, for all the controls checked and to be sent to our Project Manager Mr. Prasad Pendse. • These Applications are real time system Applications and Interfaces are connectivity between various applications.

  6. Tools • Finacle Core Banking Solution • SAS EBI • Whizible • Data Centre Governance

  7. Finacle • Finacle core banking solution is a comprehensive, integrated yet modular business solution that effectively addresses the strategic and day-to-day challenges faced by banks. • The solution has an integrated CRM module enabling banks to offer a rich and differentiated value proposition to customers. The layered Service Oriented Architecture (SOA), STP Capabilities, Web-enabled technology and 24X7 operations ensure multi-channel, multi-country and multi-currency implementations. • Key modules :- • Enterprise Customer Information • Wealth Management • Corporate Banking • Consumer Banking • Trade finance • Accounting backbone

  8. SAS EBI • SASBusiness Intelligence gives you the information when you need it, in the format you need. • SAS® Enterprise BI Server is a comprehensive, easy-to-use business intelligence software solution that integrates the power of SAS analytics and data integration to share insights that power better business decisions. • Features : • Web and desktop reporting • Microsoft Office integration • Query and analysis • Interactive business visualization • OLAP storage and OLAP data exploration interface • Integrated analytics • Guided analysis • Metadata Management • Applications development

  9. Whizible • Whizible is a suite of products that orchestrates the flow of information across the enterprise to deliver better decision making, alignment to corporate goals and execution that meets quality and schedule objectives creating a high performance organization as envisioned. • Features: • Project and Task Management • Resource Planning • Metrics and Reports • Issues Management • Change Request Management • Defects Management • Risk Management • Help-Desk Management • Document Sharing • Time and Expense Tracking • Quality Management

  10. Data Centre Governance • Data Governance is the exercise of decision-making and authority for data-related matters. • An application that focuses on Privacy / Compliance / Security may look different from one that exists to support Data Warehouses and Business Intelligence • An application concentrating on Architecture / Integration may involve different participants than one whose goals involve Data Quality. • The universal goals for Data Governance Applications are as follows: 1. Enable better decision-making 2. Reduce operational friction 3. Protect the needs of data stakeholders 4. Train management and staff to adopt common approaches to data issues 5. Build standard, repeatable processes 6. Reduce costs and increase effectiveness through coordination of efforts 7. Ensure transparency of processes

  11. Screen layouts

  12. User Deactivation after 90 Days Inactive User ID Duplicate User ID • Here we tried to • create a UserID as • XYZ which is already • exist Here same user tries to login Second time after 90days. Here we tried to create a UserID as XYZ which is already exist

  13. Duplicate master Maker Checker Here a user tries to create a master with ID 243433 which is already present. Here when a new user is created there are two persons involved in it one who makes it and other who approves that user

  14. Password Change Here user tries to change the password to a recently used password Here user is forced to change the password after 60 days of last password change. Here user enters password 123ab which is less then 8 characters Here password entered by user is not visible as a plain/simple text.

  15. File Upload File is getting uploaded to the defined server. Here user tries to upload the file “1030.mst” which is already uploaded File uploaded successfully to the location Selecting the files which needs to be uploaded

More Related