SOX Compliance – a headstrong measure implemented by authorities for governance of risk hovering over ERPs. These compliances are the statutory internal controls a company should follow data security policies which limit access to their financial data. It also has the added benefit of helping organizations keep sensitive data safe from insider threats, cyber-attacks, and security breaches.
All publicly-traded companies, wholly-owned subsidiaries, and foreign companies that are publicly traded and do business in the United States must comply with SOX. SOX also applies to accounting firms that audit public companies.
NetSuite offers a managed bundle called Strongpoint for Change Management, specifically designed for SOX compliance. However, NetSuite’s native features are also powerful enough to establish internal controls that meet SOX standards.
1. Section 302 and 906: Corporate Responsibility for Financial Reports
2. Section 404: Management Assessment of Internal Controls
3. Section 409: Real-Time Issuer Disclosures
4. Section 806: Sarbanes Oxley Whistleblower
Data Security Framework of NetSuite SOX Compliance
The data security framework of NetSuite SOX compliance can be summarized by five primary pillars:
1. Ensure Financial Data Security
All transactions in NetSuite can be routed through approval workflows which guarantee financial data to be displayed only to the people authorized to approve it. NetSuite further has inbuilt mechanisms to restrict data by allowing it to be displayed only to a set of people involved in the transaction.
2. Prevent Tampering of Data
All roles in NetSuite are guarded by a set of permissions and restrictions which do not allow any peep into the areas which an employee is not related to. There are further View, Edit, Create options which can be applied for each employee of a group of departments to minimize data breach and manipulation.
3. Track Data Breach
There are multiple tracking solutions available in NetSuite to track each and every employee activity in the system and on a specific record.
Employee Login Audit Trail and System Notes on every record are one of the major trackers to get the exact view over these.
4. Records available for Auditors
System Notes is a one spot for auditors to get each and every detail which has happened with the record. These are event logs readily available for auditors and drive an audit trail.
5.Demonstrate Compliance in every 90 days
Required financial statements and internal control structures are maintained by NetSuite via their reports and saved searches. These are designed to be built on the principles of accountability and authenticity of data input and resultant output.
Abiding to SOX is mandatory for all US public companies to safeguard interest of all the company stakeholders. However, NetSuite small/medium scale users also have a chance to abide by these compliances without any additional costs of managed bundles/modules.