Monday, January 21, 2013

Disclosure Controls and Internal Audit. Acumatica and SOX.

Hi Everyone,

Starting from version 4.0 we are implementing Audit History function, that is designed to help in Assessment of internal control, as per Sarbanes–Oxley Section 404.

As per SOX 404 TDRA:
Key steps to implement such control include:
  1. Identifying significant financial reporting elements (accounts or disclosures)
  2. Identifying material financial statement risks within these accounts or disclosures
  3. Determining which entity-level controls would address these risks with sufficient precision
  4. Determining which transaction-level controls would address these risks in the absence of precise entity-level controls
  5. Determining the nature, extent, and timing of evidence gathered to complete the assessment of in-scope controls
In Acumatica ERP version 3.0 we had already addressed some of these items, like:
1. - We have extended structure of accounts/subaccounts/business accounts, as well as company entities.
2. - This part is usually done during system implementation and security elements should be tuned according to the risks.
3. - Entity level controls are as well secured in version 3.0. We can specify to restrict or allow access on entity level as well as on reporting element level.
4. - This is achieved by transactional level security.

So almost all the items were available in version 3.0. Except - 5. There was no clear evidence of specific transactions modification. Yes we had time/date when transaction was created or last modified. But there was no historical data kept for the modifications made.

Starting version 4.0 we added Audit History capability, that tracks ALL the changes made to any record in the system. This function require a setup before activation.

All the best,

No comments:

Post a Comment