ERP and SOX. What is “SOX” and why is it so important to your ERP system success?
The Sarbanes-Oxley Act of 2002, often shorted to SOX, was passed by the U.S. legislature and set new requirements for publicly traded companies to improve financial disclosures and to prevent accounting fraud. The goal was to enhance accountability and corporate governance and was passed in response to a string of accounting scandals in the early 2000s (think Enron, Tyco, Worldcom).
SOX is something that all publicly traded companies must abide by. There are many make-to-order and engineer-to-order manufacturers that are publicly traded and therefore affected by this legislation. Let’s take a look at two of the most crucial issues that SOX requires in an ERP system:
- Security – The security requirement of SOX is twofold: (1) access to confidential financial data must limited to only a select few authorized persons in the system and (2) financial data must only be added or edited by those authorized persons to ensure that the data is valid.
- System Access – Visibility requires a unique username and password to be used by each system user. The system administrator can set a minimum password length as well as maximum password lifetime to ensure the password stays private to the user.
- Role Based Security – Visibility’s ERP solution ensures that your confidential financial data is secure with role-based security. During the implementation process, our implementation consultant will assist you in setting up a wide range of “roles” in the system. Roles can keep entire modules hidden from a certain user, can allow for read-only access to certain data, and can also allow for certain authorized users to have access to add and edit financial data.
- Notifications – Our ERP solutions allows for workflow notifications to be set up for approvals. For example, in the purchasing module, you could set up a notification for approval of purchases over a certain amount. Or you could set up an approval notification for a new user being added into the system. The possibilities are endless!
The Role Tree screen above shows the various "roles" you can create to customize what each user has access to.
- Traceability – All financial transactions entered into your ERP system should be backed up. There also must be traceability when it comes to financial transactions entered into the system.
- Audit Trail - All records entered into Visibility are made with the user ID, the date and time that the record was created, the user ID who last modified the record, and the date and time that the modification was made.
Here at Visibility, Sarbanes-Oxley is something we consider in every implementation we do. In fact, one of our customers, who is subject to the Japanese Sarbanes-Oxley Act (J-SOX), worked with us to develop and roll out standard functionality to meet J-Sox compliance. Visibility is ready to meet your SOX compliance needs, click here to learn more.