What exactly the Sarbanes-Oxley-Act, short SOX, is and how it is affecting corporate practice, we already covered in our blog entry on SOX compliance, which you can visit on this page.
Now let’s take a closer look at the different fields of implementation and application. Your best option for implementing these mandatory guidelines is to set up rules and methods for the verification of financially relevant transactions. It may soon enough get complicated for a big company to do that on paper. Therefore, it is necessary to incorporate workflows in an IT system that guarantee adhering to the four-eye-principle as well as transparency for third parties.
Those workflows have to enable proper tracking of the state of all master data in your company. That means, making it possible for managers and auditors to see exactly, who changed what at which point. So, it is relevant to create certain “roles” for employees of the company that are part of the workflow-system. These roles can be assigned to all co-workers that take care of a financial transaction. Every role defines what a user of the workflow-system is allowed to do and what not. When a change is made in role assignment, the system saves this change too. To verify all users of the workflow-system a report on all changes is sent on a regular basis to the matching role holder – normally the manager. It can then be reviewed and stamped.
The roles are grouped according to the different areas of financial transacting. For every one of these areas an auditor has to be instated in order to maintain the four-eye-principle. The reports will then be sent periodically and automatically to the auditor by the IT system. It is possible to see which data was changed by which role holder at what time and which roles have been assigned to which employee.
That way fraudulent practices or accounting errors can be combated effectively. This may ultimately lead to effective work and company growth.
We will go more into detail in our next YouTube video on SOX compliance implemented into user management. Until then, come follow us on LinkedIn.