1 / 7

Xilinx: SOX slides for NorCal OAUG

Xilinx: SOX slides for NorCal OAUG . Kavita Khatwani Jan 24 th 2006. Company background. Name of Company: Xilinx Inc. Size (numbers): 3100 IT: Size: 200 Distribution: Application version: 11.5.9

willow
Download Presentation

Xilinx: SOX slides for NorCal OAUG

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Xilinx: SOX slides for NorCal OAUG Kavita Khatwani Jan 24th 2006 Xilinx Confidential

  2. Company background • Name of Company: Xilinx Inc. • Size (numbers): 3100 • IT: • Size: 200 • Distribution: • Application version: 11.5.9 • Modules: Financials (AP, AR, FA, GL, PO), Order Management, Mfg, Planning, Inventory, HR, CRM, Installed Base, Contracts • Consulting Company used to assist with the  SOX compliance project: PwC (Price Waterhouse Coopers) Xilinx Confidential

  3. SOD in Year1 • How did you resolve issues of Segregation of Duties? • Before the 404 requirement • ERP audit/s driven by IA (partnership with external consulting group) post upgrade to 11i identified a few Sod issues which were addressed • Negligible work done on an ongoing basis to identify and fix Sod issues • After • 5 person team (~3 full time equivalent) in year1 to drive the SoD piece of evaluation, analysis and remediation • PwC assistance taken to identify all Sod conflicts • 4 month extensive effort • Driver: Business SOX Program manager • Pain shared by: IT Xilinx Confidential

  4. SOD challenges • Where were the most challenging moments in this task? • Smaller sites had people performing roles that were strong SOD issues • Big list of super users within the application • IT individuals to business support functions with Admin responsibilities (update) were identified as SOD issue • Late scramble on SOD remediation as the issues flooded to IT very late in the fiscal year • Test plans and testing for SOD issues from business, required a lot of hand holding from IT Xilinx Confidential

  5. Suggestions to reduce effort • What would you suggest for the people/users who are still struggling at this task? • Get to know your environment!! • Develop your own matrix of SoD and use it • Be aware of the ‘Processes’ tab issue (AZN_PR_XXX submenus in Inv, GL, AP, PO & AR) • Build a process to catch SoD issues prior to them being created in your environment • Plan for moving from People dependent detective controls to System dependent Preventive controls Xilinx Confidential

  6. SOD approach Develop SOD matrix/mapping across applications Identify sec404 relevant IT applications in scope for SOD Rationalize the risk (H,M,L) on SOD issues Identify SOD issues in your environment Develop processes to PREVENT more SOD creation Remediate them based on risk profile Mid -Long term Short term Xilinx Confidential

  7. Automation of Controls System Based Preventive Control System Based Detective Control Reliable People Based Preventive Control People Based Detective Control Desirable Xilinx Confidential

More Related