cancel
Showing results for 
Search instead for 
Did you mean: 

What controls do you have in place for Sarbanes-Oxley (SOX) compliance?

Pastry Chef
Pastry Chef

What controls do you have in place for Sarbanes-Oxley (SOX) compliance?

As a publicly traded company we have to comply with SOX. I'm specifically looking to see how other customers are handling changes.

Our ServiceMax project is fully integrated to our ERP system. Are the controls for the SFDC/ServiceMax application the same as your ERP controls?

Are there SOX best practices guidelines published anywhere?

here are some details that I'd like feedback on

  1. Development and changes moving from a Sandbox to Production
    1. We have a formal change request approval to edit/create objects in our ERP and are using the same process for SFDC/ServiceMax
  2. Who can do what (as far as developers and Admin)
    1. If you're the Sys Admin in Production, then you can't develop in the Sandbox
  3. Segregation of duties by profiles
    1. I'm the System administrator in the Sandbox but not Production. So we develop something in our Sandbox it has to be deployed into Production by the Sys Admin.
  4. Do you put the same controls in the Sandbox as in Production?
    1. example: I can't add a new user in the Sandbox without an approval document and then our named Sys Admin for Production has to add the user to the Sandbox
  5. Audit trails
    1. How are you using the history tracking, View setup Audit Trail or Reporting to aide in audits?
Highlighted
Employee
Employee

Re: What controls do you have in place for Sarbanes-Oxley (SOX) compliance?

Hello John,

As a former public auditor from Deloitte, the strength of any control both system or manually generated is largely defined by the level by which the processes are regularly reviewed. Developing your internal control / audit team to ensure that your administrators are focusing on process and system controls will be very helpful come audit time. compliance audit‌ best practices‌

Great talking with you today and don't hesitate to reach out with additional questions.

Warm Regards,

Wes

Highlighted
Staff Chef
Staff Chef

Re: What controls do you have in place for Sarbanes-Oxley (SOX) compliance?

Hi John, I am sure you have been using the Salesforce Audit Log. Adding a link here for anyone else who arrives here looking for audit information.

Use of Salesforce Audit Trails Feature to Track Changes

Also an idea has been created for audit tracking of ServiceMax changes e.g. to an SFM.

Regards, Richard

~If my post was useful, please give me a thumbs up! Mark correct answers as 'solutions' so we can all find answers faster!~
0 Likes
Reply