Sarbanes Oxley
Audit
With Sage DNA auditing, you can meet common Sarbanes Oxley
auditing.
Most Sarbanes Oxley regulations are around financial
applications and in this chapter we will discuss about the most common Sarbanes
Oxley issues that are related to Sage and how Sage DNA can meet the Sarbanes
Oxley’s requirements.
Sage DNA contains 2
type of auditing:
- Pattern
Base auditing – analytical auditing that is based on analysis of the access rights and
suggest invalid access rights based on the Users HR data
- Compliance
rules analysis as Segregation of Duty and other common rules. Sage DNA
comes with a Compliance Rules Editor (CRE) that enables you to quickly
write your owe rules and run them against Sage configuration
Before you
start with the analysis , we recommend that you will create a Sage sub
configuration that will include all the financial (or other sensitive)
resources, for you will be able to check and analyze this configuration
separately from the whole enterprise configuration
Sage DNA common
solutions to Sarbanes Oxley
Problem
|
Customer Need
|
Sage Solution
|
Review
potentially inadequate access rights of users to financial application
|
Generate
reports of access rights and distribute the information to the business
manages for review.
|
Sage DNA
enables you to aggregate all access rights from all systems and easily create
a partial dataset of the financial sensitive application.
With
Sage Reports the customer can generate access rights reports, or by using Sage Business Collaboration, have
the business managers review the access rights via Sage DNA server/client.
All the
modification/changes will be reported to Sage centralize repository and apply
to the master Sage Configuration.
|
Inadequate
segregation of duty for granting access for financial application and
resources
|
Apply
segregation of duty on users that have access to financial applications
|
Sage DNA
Compliance Rule Editor (CRE) enables you to easily and quickly define SOD
rules and other rules upon the Dataset of access rights that you have
imported into Sage.
Then,
the customer can apply the Business Process Rules (BPR) file and generate an
audit card with the list of exceptions
|
Lack of
control over financial data access and updates via company’s ERP or
accounting applications
|
Gain
control over the access rights
|
Immediately gain control over your privileges
environment (e.g., cross-platform view, assess, audit, cleanup,…), before,
during or after IdM is deployed.
Certify the access rights using Sage Portal Client
|
Inadequate
audit logs for change of access rights
|
Generate
log of changes in access rights
|
With
Sage DNA the customer can generate differences reports between datasets of
access rights.
Those
reports represents the differences of access rights between 2 different
configurations.
|
Inadequate
data retention of access rights of financial applications
|
Need of
retention / archive old data sets of access rights
|
With
Sage DNA customers can save and keep unlimited historic information on users’
access rights. The data can be stored in files, or database and can be
retrieved at any time.
|
Inadequate
controls and processes for risk management and security threat monitoring
under the COSO & ITIL framework
|
Need to
audit the access rights and show potential threats
|
Sage
DNA, Pattern Base Audit, & Business Process Compliance Rules can run
periodically and automatically on data sets of access rights.
The
result of this run is an audit log with a list of potential treats and
hazards to the organization.
Treats
may be suspected access rights, collectors users, and more.
|
