Enhanced Incident Workflow streamlines ITGC testing
ITGCs are required by the Sarbanes Oxley Act of 2002 (SOX) to ensure the integrity of financial reports. While SOX is focused on the propriety of your financial and accounting practices, SOX ITGC controls focus on IT systems such as applications, operating systems, databases, and the supporting IT infrastructure.
Your SOX ITGCs ensure IT and security activities are managed and governed according to your policies and procedures and support the effective functioning of application controls by helping to ensure the proper operation of information systems. Together ITGCs and IT Application Controls (ITAC) ensure the integrity of your data and processes across the IT environment to manage and mitigate risk.
Using MonitorPaaS™, customers can now ensure that configurations, master data and transactions in scope for ITGC and ITAC effectiveness are accurate and complete. ERP users can verify system input and it is approved by the Control Owner. For example, the enhanced incident workflow sends an email notification to the user that made a change to a system configuration such as a three-way match or created a transaction such as a journal entry over a threshold value. The requester is prompted to justify the change request along with any supporting records that can be cross-referenced by the change approver. The log report of change requested and approved is maintained as evidence for audit evaluation.
Customers who are using ITSM systems such as ServiceNow to request changes, can use this workflow to reduce the cost of manually reconciling and auditing change requests in ITSM systems against the changes in ERP systems.
Everything you need to know about ITGC SOX
During your annual SOX audit your ITCGs are examined to ensure the accuracy of your financial reporting. If your ITGCs are insufficient it can lead to disclosures to investors if your ITGCs are cited in your financial audit.
IT Application Controls and the benefits of automation
The purpose of ITAC is to assist in maintaining the privacy and security of data utilized by and sent between applications. The function of ITACs varies depending on the purpose of the application.
Manual controls are ineffective without timely visibility into control violations that occur in daily business activities within enterprise applications such as Oracle E-Business Suite, Oracle ERP Cloud, SAP, and Workday. The bottom line is that if any of the key controls in your enterprise application fail to operate, there will be an impact on the business.