All publicly-traded companies, wholly-owned subsidiaries, and foreign companies that are publicly traded and do business in the United States must comply with SOX. SOX also applies to accounting firms that audit public companies.

NetSuite offers a managed bundle called Strongpoint for Change Management, specifically designed for SOX compliance. However, NetSuite’s native features are also powerful enough to establish internal controls that meet SOX standards.

1.   Section 302 and 906: Corporate Responsibility for Financial Reports

2.   Section 404: Management Assessment of Internal Controls

3.   Section 409: Real-Time Issuer Disclosures

4.   Section 806: Sarbanes Oxley Whistleblower

Data Security Framework of NetSuite SOX Compliance

The data security framework of NetSuite SOX compliance can be summarized by five primary pillars:

1. Ensure Financial Data Security

All transactions in NetSuite can be routed through approval workflows which guarantee financial data to be displayed only to the people authorized to approve it. NetSuite further has inbuilt mechanisms to restrict data by allowing it to be displayed only to a set of people involved in the transaction.

2. Prevent Tampering of Data

All roles in NetSuite are guarded by a set of permissions and restrictions which do not allow any peep into the areas which an employee is not related to. There are further View, Edit, Create options which can be applied for each employee of a group of departments to minimize data breach and manipulation.

3. Track Data Breach

There are multiple tracking solutions available in NetSuite to track each and every employee activity in the system and on a specific record.

Employee Login Audit Trail and System Notes on every record are one of the major trackers to get the exact view over these.

4. Records available for Auditors

System Notes is a one spot for auditors to get each and every detail which has happened with the record. These are event logs readily available for auditors and drive an audit trail.

5.Demonstrate Compliance in every 90 days

Required financial statements and internal control structures are maintained by NetSuite via their reports and saved searches. These are designed to be built on the principles of accountability and authenticity of data input and resultant output.

Abiding to SOX is mandatory for all US public companies to safeguard interest of all the company stakeholders. However, NetSuite small/medium scale users also have a chance to abide by these compliances without any additional costs of managed bundles/modules.

The post Is Oracle NetSuite SOX Compliant? appeared first on OdeBlog.

However, the native system configurations are only some help to small to medium type environments where we can maintain a strong conduct of internal control while keeping an watching eye on the transactions taking place in and out of the system.

With large entities, comes the requirements for having a proper checklist to counter these internal frauds well in place and time.

That’s where we have NetSuite’s Strongpoint in picture!

What is Strongpoint?

Strongpoint is a NetSuite managed bundle built entirely on the NetSuite platform that automates some of the most manual and difficult aspects of SOX compliance and change management.

Any change made in the system has to be approved by an approval panel chain post which the change is recorded in the system.

The approvals we get during this process have to be justified by the approver further pressing for authenticity and actual requirement of this change on the management.

How does Strongpoint work in NetSuite?

1.  Accurate Automated Documentation

Strongpoint scans the entire ERP to read your customizations, settings and preferences made. It simultaneously records all the updates made to the system and we will always have a log of how things changed and were changed. All this happens in background automatically!

This indeed overcomes the drawback of System Notes which is record specific and is washed away on refreshes.

2. Change Management

There is a change management request form that has all the details capturing the change request, scope of change, impacted customizations and much more.

The impact of change is displayed on the Impact Analysis Tab before approver agrees to make these changes. Once approval is made, there is a page called What Changed allowing users to track and report the past changes creating a valid audit trail of transactions.

3. Optimization

Strong has a series of automation tools like automated saved search clean-up, unused customization clean-up, inactive user clean-ups, unused script clean-up and much more which optimize the NetSuite environment in-turn making the log trail easier for SOX purposes.

But, how does this help in SOX Compliance?

With, with having Strongpoint in place, leads to automation of several key aspects of SOX compliance requirements other than the inbuilt native NetSuite internal controls enabling;

• Document customizations and dependencies
• Log and track changes in the system
• Perform impact analysis and risk assessment for the change approval
• Track change requests approvals and associated changes
• Report, review and resolve non-compliant changes
• Report segregation of duties and access controls

Thus, Strongpoint helps you meet some of the more unique audit requirements around ERP systems, giving you complete visibility into your scripts, workflows, user roles and permissions, dependencies, managed bundles, platform changes and NetSuite releases.

Learn more about how Strongpoint is apart of NetSuite in SuiteApps blog

The post Strongpoint- A NetSuite Managed Sox Compliance Bundle appeared first on OdeBlog.