What do auditors look for in a SOX/ITGC Audit for JD Edwards?

Every audit experience is unique, but having a good grasp of the key ITGC controls can dramatically improve your SOX audit outcomes

Preparing for your audit can be stressful, and it’s not surprising that those involved frequently heave a collective sigh of relief when it’s all over – provided there were no troublesome audit findings…

Afterwards, it is easy to be complacent.  But it’s important to remember – just because they didn’t pick up on something this year, that doesn’t mean they won’t dig deeper next time.  As time goes by, as your auditors satisfy themselves that you’re covering the basics, they are likely to test your controls more stringently.

Audit companies are coming under increasing pressure to up their game

Recently, some highly publicized audit failures have resulted in large fines.  Following a number of corporate scandals, the UK’s accounting regulator wants to put the onus on auditors to seek out fraud.  This move is likely to spread across the globe.

That’s good news for stakeholders and investors, but it does mean that the audit engagement – already a challenging experience for many companies – is likely to place an even heavier burden on the client’s IT staff.

The Top Ten SOX / ITGC Controls you should be able to demonstrate

Clients often ask me what the auditors are likely to look for. It can be difficult for IT staff to understand what’s expected of them, particularly for those who don’t have Internal Audit teams to turn to for help and guidance.

The overall objective is to implement controls to provide reasonable assurance that financial reporting systems and subsystems are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data.

But what exactly does that mean for you and your JD Edwards EnterpriseOne system?

I’ve put together a summarized list of the main items that auditors are likely to look for when testing your system for the Top Ten SOX / ITGC controls.

You won’t always be asked for all of them, but you’ll almost certainly be asked for some of them – and you could be asked to provide evidence on different aspects of them every year.

I hope you find it helpful!

If you need help or advice on implementing effective controls, please feel free to contact us or visit our website.  We offer consultancy services, as well a range of On-Premise and Cloud-based solutions to help you manage JD Edwards security and auditing processes efficiently.

And if you’d like to understand auditing security in more depth, I’ve produced a 3 part series of on-demand webinars on Auditing Security in JD Edwards – you can access part one here.