PROJECT ON 

SOX IT PROJECT(ASSURANCE SERVICE)

  

BY   

ALKESH.V.DESHPANDE    

UNDER THE GUIDENCE Of 

Mr. PRASAD PENDSE 

ANB CONSULTING C0.PVT.LIMITED                

COLLEGE NAME 

          K.J. SOMAIYA INSTITUTE OF MANAGEMENT STUDIES & RESEARCH 

Introduction The Sarbanes–Oxley Act of 2002 also known as the 'Public Company Accounting

Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002.

Sarbanes–Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Each title consists of several sections.

The Sarbanes-Oxley Act created new standards for corporate accountability as well as new penalties for acts of wrongdoing.

SOX applies to all public companies in the U.S. and international companies that have registered equity or debt securities with the Securities and Exchange Commission and the accounting firms that provide auditing services to them.

Scope of Project SOX Auditing is a Process where we need to review several Applications and their

Interfaces.

We need to check several controls regarding those Applications and Interfaces.

All the Application Owner (AO) as well the person in-charge of the Interfaces must adhere to rules and the policy lay down by Bank.

It is the ability to demonstrate controls implemented for quarterly certification.

Benefits

Findings can be used when evaluating current level of SOX compliance.

It would reduce the costs associated with performing separate risk assessments as part of the organization’s information security strategy.

It would bring information security related risks into the focus of the organization’s leadership because of its association with SOX compliance.

It would lay the groundwork for developing a generalized compliance driven risk assessment model that could incorporate any set of regulations or specifications.

It could be the first step in developing a risk management program for organizations that have to be SOX compliant.

Project Details• In all there are 117 Applications and 170 Interfaces to be reviewed by the whole

ANB SOX team, from which I need to review 14 Applications and 10 Interfaces.

• For every application we need to check 42 controls and for every interface 18 controls.

• Out of these 60 controls several can be done at our end itself, and for the remaining we need to arrange a meeting with the Application Owner (AO) or the concerned person for the Interface.

• So every day there is a Feeding File and a Personal Tracker that needs to be filled, for all the controls checked and to be sent to our Project Manager Mr. Prasad Pendse.

• These Applications are real time system Applications and Interfaces are connectivity between various applications.

Tools

1) Finacle Core Banking Solution

2) SAS EBI

3) Whizible

4) Data Centre Governance

Finacle Finacle core banking solution is a comprehensive, integrated yet modular business

solution that effectively addresses the strategic and day-to-day challenges faced by banks.

The solution has an integrated CRM module enabling banks to offer a rich and differentiated value proposition to customers. The layered Service Oriented Architecture (SOA), STP Capabilities, Web-enabled technology and 24X7 operations ensure multi-channel, multi-country and multi-currency implementations.

Key modules :-1. Enterprise Customer Information2. Wealth Management3. Corporate Banking4. Consumer Banking5. Trade finance6. Accounting backbone

SAS EBI SAS Business Intelligence gives you the information when you need it, in the

format you need. SAS® Enterprise BI Server is a comprehensive, easy-to-use business intelligence

software solution that integrates the power of SAS analytics and data integration to share insights that power better business decisions.

Features :1. Web and desktop reporting2. Microsoft Office integration3. Query and analysis4. Interactive business visualization5. OLAP storage and OLAP data exploration interface6. Integrated analytics7. Guided analysis8. Metadata Management 9. Applications development

Whizible Whizible is a suite of products that orchestrates the flow of information across the

enterprise to deliver better decision making, alignment to corporate goals and execution that meets quality and schedule objectives creating a high performance organization as envisioned.

Features:– Project and Task Management – Resource Planning – Metrics and Reports – Issues Management – Change Request Management – Defects Management – Risk Management – Help-Desk Management – Document Sharing – Time and Expense Tracking – Quality Management

Data Centre Governance Data Governance is the exercise of decision-making and authority for data-related

matters. An application that focuses on Privacy / Compliance / Security may look different

from one that exists to support Data Warehouses and Business Intelligence An application concentrating on Architecture / Integration may involve different

participants than one whose goals involve Data Quality. The universal goals for Data Governance Applications are as follows:

1. Enable better decision-making2. Reduce operational friction3. Protect the needs of data stakeholders4. Train management and staff to adopt common approaches to data issues5. Build standard, repeatable processes6. Reduce costs and increase effectiveness through coordination of efforts7. Ensure transparency of processes

Screen layouts

Duplicate User ID

Here we tried to create a UserID as XYZ which is already exist

Here same user tries to login Second time after 90days.

User Deactivation after 90 DaysInactive User ID

Here we tried to create a UserID as XYZ which is already exist

Here a user tries to create a master with ID 243433 which is already present.

Duplicate masterMaker Checker

Here when a new user is created there are two persons involved in it one who makes it and other who approves that user

Password Change

Here user is forced to change the password after 60 days of last password change.

Here password entered by user is not visible as a plain/simple text.

Here user enters password 123ab which is less then 8 characters

Here user tries to change the password to a recently used password

File Upload

Selecting the files which needs to be uploaded

File is getting uploaded to the defined server.

File uploaded successfully to the location

Here user tries to upload the file “1030.mst” which is already uploaded