eCommerce Connexion
EC/EDI Industry Newsletter Brought to you by EDI Specialists, Inc.
Wednesday, April 27, 2005 Volume 1 Issue 4  
HOME
LETTERS

There are no letters for this article. To post your own letter, click Post Letter.

[POST LETTER]
CONTENTS
Aurora Technologies
Compliance Corner
Cook Consulting
EDI Sciences
EDI Vendor Directory
Enterworks
EXTOL
Gateway EDI
Inovis
QualEDI
RedTail Solutions
SEEBURGER
Task Performance Group
The Kodiak Group
TIE Commerce
VisionShare
Wayne's World
webMethods

Do you have a Case Study, Editorial or info on your User Group that you wish to
contribute?
Click here to email the editor!
Aurora Technologies
EDI Shines Brightly in the Harsh Light of Sarbanes-Oxley
by Faith Lamprey

Even if you have not yet gone through a Sarbanes-Oxley (SOX) compliance review, you surely have heard much about how time-consuming and laborious it is. Most folks complain loudly and often about having to go through this arduous task.

When called in to assist a customer with this process, I now arrive with my “SOX First Aid Kit.” With it I attempt to change their mood by explaining how I have brought some essential items to help them. My kit contains red pens, Tylenol, Excedrin Migraine, Pepto-Bismol, burn cream, tweezers (to extract pesky data), “transparency” tape, small bottles of gin, whisky and scotch, and even a nice pair of red socks! The kit puts smiles on their faces and then I commiserate with them about how the regulations do not seem to be clear and how everyone is confused about what is required.

Now that I have lightened their mood and listened to their complaints, I mention that, despite all the pain, many companies have found benefits from the process. I point out that the review of their system development process, access security and internal controls may uncover some problems areas. Therefore, the remediation process (where problem areas are addressed) can actually help them strengthen the data accuracy and integrity of their systems, something all IS Managers support.

For those of you not familiar with the SOX compliance review, the major tasks mandated by the Act include:

• Documentation of the financial reporting process (including the methodology used for system development and enhancements);
• Assessment of the risks and effectiveness of internal controls (Section 404 of the Act);
• Testing of controls; and then,
• Remediation of problem areas uncovered during the review.

So how do your EDI processes fare when examined under the SOX light? For most companies, EDI is one of the newer systems, and therefore, contains better controls than their legacy systems. In addition, the security and encryption methods used to transport EDI transactions have always provided a high level of assurance and confidence in the data. As a result, the EDI processes of a company usually pass the Sarbanes-Oxley review with flying colors.

However, one area you may want to examine is the use of FTP for EDI transport. If it is entirely within your control, you may pass the SOX test. If trading partners can access your system to pull data or push it to you, take a careful look at your security controls.

And so I tell my customers, do not fear a SOX audit in the EDI area! While I probably have not convinced them to embrace and welcome the Sarbanes-Oxley review process, at least I hope they now understand how it may help them improve their system controls and showcase the strengths of their EDI processes.


[PRINTER FRIENDLY VERSION]
Published by Gerard Noumi
Copyright © 2005 EDI Specialists, Inc.. All rights reserved.
You have received this message through opting in through our site. 		TELL A FRIEND
Powered by IMN