SOX compliance and Microsoft Dynamics AX 2012
Posted on: October 20, 2015 | By: Jarrod Kraemer | Microsoft Dynamics AX/365
After months of hard work gathering requirements, finalizing business process, and implementing AX, your CIO sends you an email indicating that you need to prepare for an audit. Normally this email would be met with an initial panic because the implementation team overlooked SOX requirements. (Not the first project team to do so!) With Microsoft Dynamic’s AX you can rest easy knowing a plethora of compliance management tools come out of the box. Standard, out of the box AX ships with over 100 different security roles that cover a wide array of business processes. Each role has been crafted by Microsoft to cast a large umbrella over business process, but Microsoft also acknowledges the need for modification to these security roles. As well as the security that comes out of the box with AX, Microsoft has allowed users to have the opportunity to use the built in workflow functionality within each module. Workflow is a great way to establish system control within a module or department in AX, and it provides audit with an easy to use tool for tracking the separation of duties with system transactions.
AX also comes with segregation of duties functionality. This allows a security admin to identify two duties that cannot be shared by a particular user. A perfect example would be an accounting clerk who cannot create vendors and process checks. The rule would throw up a flag indicating that this user is out of compliance when you run the segregation of duties conflicts job.
Another feature that Microsoft boasts is their alarm capabilities. Do you ever find the need to know when data updates, or when the status of a job or transaction changes? Simply create an alert. Users can create alerts for mostly any activity in AX, which help the user and help an auditor when examining the health of system controls.
In addition to the aforementioned compliance and control features, AX also contains detailed transaction history in each of its modules. Each “Audit Trail” will provide you with a timestamp and user ID to see who posted a transaction. This feature gives auditors pinpoint accuracy when questioning a transaction.
Let us know if you would like to discuss how we have addressed SOX requirements at other clients.
For additional information please feel free to reach out to us at firstname.lastname@example.org or (312) 345-8817.
All the best!
2020 Nucleus Research Report on ERP Technology