Sarbanes-Oxley, commonly known as SOX, requires that your publicly-held (or if you desire sometime in the future to be publically held) business establishes internal controls and procedures for your financial reporting to avoid the possibility of corporate fraud.
SAP Business One has many controls available to help your company pass SOX compliant audits. The issue that arises is that although you may think you have control over your controls and procedures, you may really have basic system or series of fragmented systems that are hard to control and audit.
When SAP Business One is effectively implemented, controls are put in place through Business One’s security and change log functionality. When system and accounting auditors audit a system, they are looking for the ability to separate functions of individuals and track changes. SAP Business One does this like a pro.
The process of implementing SAP Business One should take into account the security of important functions. A well-executed security model will help you put controls in place to pass SOX audits. The following are just a few areas for you to consider:
1. Separation of duties:
a. Setting up vendors.
b. Cutting checks to vendors.
c. Reconciling bank statements.
2. Issue user IDs that can be tracked back to individuals.
3. Have passwords expire regularly.
4. Keep passwords to production systems out of the hands of technical resources.
5. Disable generic user IDs like “Manager”.
6. Review change logs on a regular basis to ensure proper transactions have taken place.
7. Review processes and procedures quarterly as personnel changes.
The above points are extremely important to keep in mind as you implement any new system to ensure SOX compliance. We’ll be happy to show you how SAP Business One and Third Wave Business Systems will help you make this process as painless as possible.
-Mark Breznak, COO