Reactive Companies Meet Sarbanes-Oxley Standards,

Proactive Organizations Exceed Them!

Therron HofsetzLogical Apps, Inc.

thofsetz@logicalapps.com

Agenda

Sarbanes Oxley Overview

Logical Apps Approach to Sarbannes Oxley

Question and Answer

What do these dates have in common?

December 2, 2001

July 19, 2002

August 31, 2002

Enron declares bankruptcy

MCI Worldcom declares bankruptcy

Arthur Anderson agrees to stop auditing public companies

How did this happen?

Earnings pressure

Lack of mandated disclosure of company reporting model

Minimal oversight into corporate business practices

No documented or enforced internal controls

Dependency on consulting fees

Assumed good intent of their client

Inability to continuously monitor a company’s internal controls

Unable to identify violations of internal controls

Corporate Issues Audit Firm Issues

How Did Congress Respond?

Sarbanes – Oxley Act

Sarbanes – Oxley Act

Section 103: Your auditor (and therefore, you should) maintain all audit related records, including electronic ones, for seven years.

Section 201: Firms that audit your company’s books can no longer provide you with IT related services.

Section 301: You must provide systems or procedures that allow employees to communicate effectively with the audit committee.

Highlights

Sarbanes – Oxley Act

Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financial reports. Sections 404 CEO’s, CFO’s and outside auditors must attest to the effectiveness and accuracy of financial reports. Section 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time” disclosure but is unclear on what it means.

Highlights (continued)

Sarbanes–Oxley Act

Behavior ConsequenceAny CEO or CFO who “recklessly” violates his or her certification of the company’s financial statements.

If “willfully” violates.

Fine of up to $1,000,000  and/or up to 10 years imprisonment.

Fine of up to $5 million and/or up to 20 years imprisonment.

Any person who “corruptly” alters, destroys, conceals, etc., any records or documents with the intent of impairing the integrity of the record or document or use

in an official proceeding.

Fine and/or up to 20 years imprisonment.

Sarbanes–Oxley Law

Sarbanes - Oxley Impact on

Information Systems

The 3 Cs of Sarbanes-Oxley

The jobs of the CEO, CFO & CIO got tougher on July 30, 2002 -- the day the Sarbanes-Oxley Act was signed. The legislation requires significant changes to financial practices and corporate governance, and touches all corporate areas -- including technology. For the first time ever, the CFO and CEO can look a CIO in the eye and say, 'Guess what, you're on the hook with us.'

CEO’s, CFO’s and CIO’s

What Does this Mean to CIOs?

Provide extensive Control for Oracle Applications

Continuously Monitor Identified Risks

Provide Oversight Into Creation of Financial Data

Enforce Segregation of Duties to Minimize Risk

Take Measures to Ensure Financial Data is Accurate

Ensure the Accuracy of Reporting Data

CEO’s and CFO’s will Require CIO’s to:

System Control Examples

Financial Statement GenerationReport parameter changes are documented

Data that generates financial statements is accurate

Inventory Item Creation Costing is accurately assigned

PurchasingApproved suppliers are used

Approval limits cannot be easily manipulated

Customer CreationDuplicate customers

Credit limits

Oversight of Financial Data Examples

Standard Data Entry is EnforcedAccurate reporting

Segregation of Duties Separation of functions to minimize risk of fraud

Audit changes to sensitive data

Approval processes for creation of financial data

Oversight into Financial ProcessesEnsure all month/year end activities are completed

Typical Solution to Sarbanes-Oxley

The Logical Apps Approach to

Sarbanes–Oxley

AppsRules

AppsRules for Sarbanes-Oxley Compliance

LogicalApps for Oracle Applications

Automated Enforcement of Internal Controls

for the Oracle Applications

AppsRules for Sarbanes-Oxley

AppsFormEnforce Segregation of DutiesEnforce Accuracy/Completeness of System Data

AppsFlowSystem Enforced Process Approvals Oversight into Business Processes

AppsAuditContinuous Monitoring of System ChangesBuilt in Reporting on System Changes

Automated Enforcement of System Controls

Implement & Enforce Your Company Policies

Enforce Controls in Oracle Forms

Forms Security

Data Integrity

Accountability

Increase Productivity

AppsForm for Sarbanes-Oxley Compliance

Challenge Oracle Solution AppsForm Solution

Application Security

Hide Fields or Tabs

Prevent Update/Insert

1. Define multiple Responsibilities

2. Forms Customization for required security

1. Form/Field level security by User, Group of Users, Responsibility, Operating Unit, Inventory Org, etc.

Data Integrity

Require Values

Field validation

LOVs & Default Values

1. Offline business rule

2. Forms customization

1. Required Fields

2. Validation of entered data

3. LOVS for free form data

End User Productivity

Hide Fields or Tabs

Zooms

Default Navigation

1. Forms customization 1. Configure forms for specific users

2. Tool menu entries

3. Field & tab order

Implement & Enforce Your Company Processes

Implement Process Controls Through Workflow

Automate Current Manual Processes

Enforce Systematic Approvals

System Wide Notifications

Integrated with Workflow Builder

AppsFlow for Oracle Applications

Risk/Control Oracle Solution AppsFlow Solution

Separation of Duties via

Transaction Limits and Approvals

1. Limited seeded workflow

2. Build Custom workflow processes for needed transactions

1. Configure approvals for any Oracle Apps transaction

2. Integrate to Oracle Workflow for re-usability

Enforce Data Integrity Across Process Steps

1. None 1. Configure complex process flows across steps, departments, users, responsibilities

2. Enforce process completeness and track metrics

Provide Process Details and Metrics

1. Track processes in workflow tables

1. All AppsFlow processes tracked via workflow tables

Monitor and Report on System Changes

Complete Audit Trail History

Configure Audit Rules in Minutes

Comprehensive Reporting

Key Setup Changes

Key Transaction Changes

Simplifies Oracle Audit

AppsAudit for Sarbanes-Oxley Compliance

Risk/Control Oracle Solution AppsAudit Solution

Monitor Setup Data Changes

1. Created_by and last_updated_by

2. Oracle Audit

1. Complete history, including old value, new value, user, date & time of change

Monitor Transactional Data Changes

1. Created_by and last_updated_by

2. Oracle Audit

1. Complete history, including old value, new value, user, date & time of change

Implement conditional audits based on user defined condition

1. None 1. Additional where clause on audit trigger

Pre-Built, easy to use audit reports

1. None 1. Online & hard copy reports

2. Reports user values not internal ids or foreign keys

Sarbanes Oxley Benefits

AppsRules Proactively Enforces System Controls:

Provide extensive Control for Oracle Applications Maintain oversight into creation of financial reportsEnforce data integrity and reporting accuracyAutomate processes to enforce separation of duties and appropriate levels of approval

Enforce process completeness across multiple process steps and departments (Item Setup, Month End Close)Continuously monitor changes to sensitive dataConfigure & Report on key Audit DataCentralize a repository of rules and workflows

Questions?

Therron Hofsetz

thofsetz@logicalapps.com

www.logicalapps.com

949.453.9101