An audit nightmare
Or could it be time to enable governance by design?Here's the challenge we must address, with regard to the integrity of the organizations financials or processing the transactions which are used for the reporting to the external stakeholders these are outside the span of control for all users.
- Only the CEO has end to end accountability and few can answer the questions to be helpful to IT.
The five capability model enables an organization to very clearly distinguish between 3 management, which includes the controlled create, update and archive of all three of the master data categories.
The majority of the organization and agency will be creating either expense or revenue transaction capabilities.
There are only a minimal set of users who have the authority to create a customer, supplier, employee, offer, item, component and financial account codes.
The biggest and most recognizable error, the I didn't know there was a difference between master and transaction processes.
Myth
Data experts are not accurate in the assumption that data is unrelated and not dependent upon process.Meeting the Sarbanes Oxley 404 assurance-be a hero for an executive
- When I measure cost savings from waste, I measure the columns with information from the ERP master records by the number of rows returned in the profiling or daily batch report.
- When I am performing a security architecture role as the person who qualifies the projects and guides the application threat assessment during the SDLC;
- A threat assessment must be done on any create or get process introduced
- The business intelligence process should not create, while it may present information by joining two data sets, the use of in memory or a physical table writes to a new table with both parts of the information.
- Any mis-match between the source application - in the master data records we must assume any values created, updated and archived MUST be done with the MANAGEMENT CAPABILITY user group.
- These management capability users are a team of people who must associate and document a series of steps in due diligence and retain the records for audit purposes.
- generally legal, corporate finance and an operations person performing the action with both legal and finance validating the action.
No comments:
Post a Comment