Automating Internal Control Process

As the part of Section 404, Sarbanes Oxley Act requires the review of user access. Most companies follow similar process: once or twice a year, IT department prints out the application access and sends to business managers to confirm their staff’s access to ERP applications. This could become a big headache for corporate internal control team if the company has thousands of employees. The complication arises because of the cultural barrier between IT and business departments. Most business managers are not familiar with the ERP backend user authorizations. And in reality, the collaboration between IT and business managers is not that great. There is one independent survey by Ponemon Institute this Feb.. which mentioned that ‘two thirds of 627 respondent companies said their IT department and business functions rarely collaborate in identity management’.

This leaves compliance vendors a great opportunity to automate complicated internal control processes such as user access review or certification, in addition to managing SOD risk. For companies who are feeling the pain will look for a tool which automates the process, bridge IT and business, and bring the visibility of the compliance.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: