Recently AMR announced that $6 bn will be spent on Sarbanes-Oxley compliance in 2006. This is roughly equal to the amount for 2005; however more will be proportionally spent on technology and less on headcount and resources. This pre-conference workshop invites companies to share their initial compliance experiences, what lessons have been learned and what initiatives they have in mind to achieve sustainable compliance and reduce compliance costs in the future. In particular the role of technology to enable compliance will be discussed to understand what additional benefits can be derived so that companies can look to gain a return on their compliance spend.
How Herman Miller automated its SOX Segregation of Duties validation across multiple business applications Session GB-06 Mon, April 24 , 2006 Don Morren – Herman Miller Inc.
Like so many organizations seeking SOX certification or adequate governance, Herman Miller needs to certify that users do not have access to applications that create a conflict of interest. Our challenge, however, was to perform such “Segregation of Duties” (SOD) validation across 3750+ users, 250+ user-roles, 350+ business processes and thousands of application/session accesses associated to various business systems. For our first round, we came up with home made scripts, tables and spreadsheets along with countless hours of analysis to perform this tedious task. We have since then implemented a rules-driven SOD conflicts identification engine, enabling us to scan dynamically of all the above elements … in less than 10 minutes! Not only we know precisely who is able to access what, we have direct visibility of any SOD conflicts for us to investigate and resolve. In addition to saving us considerable effort, this SOD compliance solution enhanced the accuracy of our conflicts identification, critical to maintain our SOX certification for years to come. Benefit from our experience, mark this session in your agenda …