So, you are now or will soon be SOX-compliant: what's next? Congratulations, you are on your way to or you just completed your 404!!! Internal auditors, Business, IT, everyone is breathing better and everyone should definitely be proud of it! So, what's next? You probably hate this, but it's now time to think about next quarter's 302... Indeed, SOX is here to stay and it is time to include SOX in the 'normal' functioning mode of your company and IT Department. Until now, you have put projects on hold to reallocate resources (Business and IT) to the various domains of SOX testing and remediation. Or you have hired high-dollar contractors to help you get the job done. In any case, this is not a sustainable model. And you are still facing quarterly repeats... Ongoing, What will be the impact, the cost and how can you make SOX a part of your organization? By now you know that the software-based answers to SOX will hardly help you: this software will not improve your Business processes, your next-level management reviews and sign-offs, the accuracy of your transactions among systems, your Release Management processes. Nor will it help to ensure that your Development and Support groups do not have update/delete access to your beta test and production systems, etc. What were the main factors influencing the volume and pain of your SOX action? Very likely, two key factors were very likely: (1) the number of applications (2) the lack of standardized processes around these applications You are so ready for applications consolidation! One ERP-style, consolidated application ultimately means:
- 1 security solution allowing greater return on investment for an automated solution
- 1 set of secure processes and clear accountability Among the benefits of consolidating (whatever the level of consolidation) is the opportunity to develop best-of-breed tools and processes related to code management, release management, service support, etc.
- leveraging across modules within the ERP for SOX documentation A consolidated environment, primarily centered around an ERP system, will help reduce the volume of investigation and documentation to be put together for SOX testing: - How many architecture diagrams did you have to produce? - How many vulnerability matrices? - How many tables for roles, responsibilities and application functions - How much time between producing a version of this document and its being outdated? Bottom line
- SOX is an opportunity to re-think IT strategies around consolidation which in turn will ease integrating SOX in your organization generating less disruptive activities.
- SOX will not give you a competitive advantage, SOX is a continuous "must do": while minimizing its impact, benefit from it to take your IS to the next level!!! Bruno Loubiere is a seasoned IT Professional. Currently responsible for the Sarbanes-Oxley Compliance of the ERP application for a large computer manufacturer, his main area of expertise is project management of large, complex projects, ERP deployment, upgrades and consolidation, locally or globally. He can be contacted at b.loubiere@comcast.net
No comments yet. Be the first to comment!