1 archive access audit keys to effective compliance lifecycle management
Post on 18-Dec-2015
217 views
TRANSCRIPT
1
Archive AccessAudit
Keys to Effective Compliance Lifecycle Management
2
About Solix Technologies, Inc. Oracle Certified Advantage Partner
Global Development Center - SEI CMM Level 5
Solix Technologies provide automated solutions for enterprise applications implementation and management.
Launched ARCHIVEjinni Suite for automation of enterprise applications life cycle compliance management addressing the following: Enterprise Transactions archiving System security and hardening Data retention Statutory reporting archiving Audit records and workflow archiving
3
Era of Compliance
The Sarbanes-Oxley Act,2002 is the most sweepinglegislation affecting corporate governance, disclosure and financial accounting in over a generation.
“Most observers would agree that the Sarbanes-Oxley Act (SOA) is the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the US securities laws of the early 1930s. It is, moreover, a law that came into being in the glare of a very bright, very hot spotlight.”
Pricewaterhouse Coopers, 2004
4
Four sections of the Sarbanes-Oxley Act (III, IV, VIII and IX) address the systems and accountability of reporting companies.
Within these four titles it is sections 302, 401, 404, 409, 802 and 906 provide specific direction for companies working to become compliant.
302 - Corporate Responsibility for Financial Audits
401 - Disclosures in Periodic Reports
404 - Management Assessment of Internal Business Controls
409 - Real Time Issuer Disclosures
802 - Records and Retention
906 - Reporting must Comply with the Act
Sarbanes-Oxley Act
5
The Challenge
Define, document, and test your business processes and key controls.
Test, evaluate and identify gaps within your highly complex, configurable enterprise application
Ensure that these controls, once defined, are operating throughout the reporting period.
Oracle Applications is based on pre-SOX era. Limited Data Archiving options – No simultaneous access for inquiry or reporting – No audit and internal controls
Introductions of Oracle Internal Controls Manager has addressed close to only one-thirds of the requirement.
6
Archive
7
The Compliance Lifecycle
The Compliance The Compliance LifecycleLifecycle
Establish or modify compliance procedures
Establish business rules for data retention
Implement Enterprise data archiving
Implement Enterprise data archiving
System Hardening System Security
Access to Archived Data for Query and Reporting
Compliance Reporting
Compliance Audit and Certification
8
The Data Growth ParadoxUnmanaged Application Data Growth
– Decrease in application performance and stability– Increase in infrastructure costs– Detracts resources from strategic initiatives
9
Archiving Need Beyond Compliance
Low performance Longer query and updates Longer maintenance Longer backup time Longer recovery time High data risk Increased costs for maintenance Regular upgrade of the Hardware and system for
addressing performance issues Longer time for upgrades Longer downtime for upgrades With $850/GB TCO, Hardware upgrades are not an
option beyond the ROI limits
10
ARCHIVEjinni
11
ARCHIVEjinni
ARCHIVEjinni automates the archive and purge process for Oracle eBusiness Suite for any suitable interval. ARCHIVEjinni resolves data growth issues and the complexity of both the application and storage
environment.
Monitors the data growth
Sets data retention policies
Archives the data for effective data lifecycle management
Maintains audit information for statutory compliance
12
Configure your Rules
13
Access
14
Archived Data – Simultaneous Access
15
Advantages of Archiving
Increase in performance Faster Query results Faster Inserts and updates Faster backup and recovery time Low downtime during upgrades Easy to maintain environment Data control on both production and Archived data Low cost disks for storing the History data Adherent to Sarbanes-Oxley and other international
Policies Easy data access to the Historical data
16
Audit
17
Create Controls
Leverage Oracle Internal Controls Manager
18
ARCHIVEjinni - A Compliance Tool
Historical Statutory Reports access – Reports archiving
Workflow and approval data archiving and access in form of audit trail
Online control and audit reports Reports and online inquiries with drill down across
both archived and production data – single data view across enterprise
Data masking and access control based on responsibility and user privileges
Assisting in full cycle compliance activities – control, monitoring and informational
19
3 Key Activity Supported
Control activities - approvals, authorizations, verifications, reconciliation, reviews of operating performance, security of assets and segregation of duties.
Informational activities - information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business.
Monitoring activities - assesses the quality of the system's performance over time.
Q & A