Download
oaug sox panel scott tang project manager n.
Skip this Video
Loading SlideShow in 5 Seconds..
OAUG SOX Panel Scott Tang, Project Manager PowerPoint Presentation
Download Presentation
OAUG SOX Panel Scott Tang, Project Manager

OAUG SOX Panel Scott Tang, Project Manager

92 Vues Download Presentation
Télécharger la présentation

OAUG SOX Panel Scott Tang, Project Manager

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. OAUG SOX Panel Scott Tang, Project Manager January 24th, 2006

  2. Echelon Corporation • Approximately 260 Employees Worldwide • Passed two IT Audits without a Major Deficiency • Information Systems – Staff of Seven (including CIO) • 2 Employees for Enterprise Application Support • 4 Employees for IT Infrastructure Support • Functional Departments’ Business System Analysts (BSA): • Manufacturing • Order Administration & Account Receivables • Finance • Oracle Applications 11.5.10 (Upgraded in October 2005) • Sox Consultant: Dixon

  3. Segregation of Duties • Issues prior to 404 Requirements • No major SOD issues: • Conservative Finance and Accounting organization established by CEO and CFO. Only users who needed to transact on the system were allowed on the system. We did allow superuser access at this time. • ISO Certification in 2000 helped to document practices. This process helped us identify potential issues and thus, tightened up the use of superuser and other responsibilities. • After 404 Requirements • Small staffs – Difficult to segregate duties • Internal Audit (IA) wanted to take away superuser responsibilities away from the BSAs. • Internal Audit needed to list the conflicts and assess risks. This is where a 3rd party consultant assisted in defining the conflicts and risks. Once established, we refined the responsibilities and/or created necessary controls.

  4. Challenging Moments • Definition of the Problem or Requirements - At all levels. • Lack of Risk Assessments • Ownership of Process – Assuming IS has the solutions. • External Auditor Compliance • Auditing during the Upgrade Process

  5. Suggestions • Understand the problem at the highest-level first. • SOX Act of 2002 • SEC Final Rules • PCAOB Audit Standard No.2 • COSO Framework • COBIT (ISACA) => COforSOX (62 control objectives) • Apply Control Objectives that make good business sense for the company and truly mitigates significant risks. • Solutions through collaboration • Software applications are only tools, not the solution

  6. Oracle Challenge And now SOX Oracle User Oracle 11.5.10