SOX, SOD and Oracle Apps

Why SOX Compliance is critical - Top Ten IT Control Deficiencies ( Source: Ken Vander Wal, Partner, National Quality Leader, E&YISACA Sarbanes Conference , 4/6/04):

1.Unidentified or unresolved segregation of duties
2.Operating System access controls supporting financial applications or Portal not secure
3.Database access controls supporting financial applications not secure
4.Development staff can run business transactions in production
5.Large number of users with access to “super user” transactions
6.Former employees or consultants continue to have system access
7.Posting periods not restricted within GL application
8.Custom programs, tables and interfaces are not secured
9.Procedures for manual processes do not exist or are not followed
10.System documentation does not match actual process


Segregation of Duties (SOD) Definition:

Segregation of duties (SOD) provides the assurance that no one individual has the physical and system access to control all phases of a business process or transaction: from authorization to custody to record keeping. A person or group has too much access or authority – resulting in risk exposure to the business.


SOD Examples: