Netsuite and SOX Compliance

By Netsuite Guru

Hi All,

In this post, we will talk about Netsuite and SOX. SOX Stands for "Sarbanes-Oxley (SOX)", US Law maker passed this ACT in 2002 after several major accounting scandals in early 2000. This act is named after two congressman "Paul Sarbanes" and "Michael Oxley".  The U.S. Securities and Exchange Commission which is popularly known as SEC administers the act. 

always follow sox rules
Netsuite and SOX

 

Companies who are publicly traded companies ( Listed in US Stock exchanges) must comply with SOX law.Companies who are private but planning to go public should comply with SOX laws.

Note:- This post is for information purpose only, please consult auditors for any SOX related law.

SOX laws have 11 sections, some most important sections are as follow:

1. Section 302 -: Every public company is required to file periodic financial reports. Financial officers are responsible for maintaining report and follow internal sox. they should not omit any information in report or mention any untrue information.

2. Section 404 -: This section is for assessment of internal control.This section require each report to include internal .

3. Section 409 -: This section requires companies to release any drastic change in financial situation or operational position. Ex: any acquisitions, or disinvestment or change in management. 

4. Section 802 -: Penalty for modifying, alter, destroy information for making influence or distract investigations. Sec can fine up to USD 25 Million or 20 years imprisonment or both .

5. Section 906 -: Corporate responsibility for financial report. In case of misleading or fraudulent financial report, penalty is $5 million in fine and 20 years in prison. 


SOX rule for Admins, Developers or Functional Person:

Two important thing to remember are:

1. Person who develop should not deploy.
2. Document every change.
3. Every change require approval before deployment to production.
4. Document Everything.

1. Person who develop should not deploy: This is very important point to remember for admin and developers. We usually create scripts, records, fields , workflows etc, as a rule some one should test these and after testing we require proper approval to deploy. Another person who is not part of development should deploy changes into production. 

2. If you are Netsuite user and making change into production, always document it. You can use either Jira or similar tool to manage process changes and approval. Most important point, never deploy any change without approval.

3. Approval is important. If you are making any kind of change in process or adding new process, don't forget to ask for approval. You should in any case, not deploy to production without approval. 

4. Users should document everything before deployment and even add screenshots of deployments. This will help you in case SOX team need any clarification. 


We hope this will give little bit idea about SOX, let us know how you are handling it in your company.


Thanks

Netsuite Guru


 

 

 

Download Netsuite Guru Android App
Follow Me on Linkedin
Our FB Page

Comments

Post a Comment

Thanks for you message, please join us on Facebook and Linkedin