“The elephant in the room is that Sarbanes-Oxley doesn’t directly specify the key role of technology and its
support of corporate compliance. The reality is that all roads to compliance are driven on technology’s
management of business processes and data. The greatest challenge is unifying companies' technology
patchworks and fragmented data, as well as securing internal processes and ensuring integrity of operations
and accurate, auditable reporting.”
NetSuite —The Sarbanes-Oxley Compliance Engine
While the primary responsibility for Sarbanes-Oxley compliance rests with a company to define and document their internal processes, the internal business applications play a crucial role in ensuring that such processes are implemented and auditable. NetSuite provides a business foundation of centralized, consolidated data management; robust and auditable financials; and seamless integrated business processes, enabling efficient operations and reliable financial reporting-serving as the compliance engine supporting internal controls and reports to fulfill
Sarbanes-Oxley requirements.
Data fragmentation is the number one hurdle.
Industry and compliance experts agree that multiple ERP, CRM, and ecommerce systems are the single greatest IT hurdle to Sarbanes-Oxley compliance. NetSuite, with its ‘one system’, real-time architecture and unified business processes, provides the perfect platform to both support and audit internal processes.
Your defined business processes are integrated in a single system.
With a single, integrated application for CRM, ERP, and ecommerce, NetSuite automates key business processes across your entire business, including: finance, sales, marketing, service, order fulfillment,
procurement and employee management. NetSuite ensures data integrity because employees no longer have to re-enter data in different systems, rectify inconsistent or inaccurate data, or wait for batch updates. Instead, all your data is consolidated in real-time, ensuring greater process control with reporting visibility and accuracy.
Real-time, ad hoc and historical audit history increase visibility
System sensing and alerts provide instant notification of out-of-compli-ance positions, enabling proactive management of at-risk issues. In addition, standard operating and ad hoc financial reports provide clarity and visibility for regulatory reporting.
Many audit firms recommend a five-step approach to Sarbanes-Oxley compliance. The following is a sample
approach to achieving and sustaining compliance:
Scoping & Planning. During this initial phase, your company defines the scope of change required by studying the integrity of processes
and reporting, and determining the change required to become compliant. Companies must also determine how to ensure ongoing com-pliance. Executive sponsorship and strong leadership must then be put in place to drive sustainable change.
Visioning & Targeting. Once the scope of the project is determined, the detailed project plan is defined and the project team put in
place. Enabling technology is sourced and selected.
Design. With requirements defined and the team in place, the team creates the unbounded design for compliance. Next, the project is
bound-ed with process, technology, organizational and cultural change constraints considerbound-ed. It is important to note that successful projects are more dependent on change management in the organization than the simpler design of processes and reporting.
Find out more: contact NetSuite, Inc. at 1-877 NETSUITE or visit www.netsuite.com
Updated 11/10/04 NetSuite Data Sheet | 2
Scoping & Planning Your Company NetSuite
As-is assessment of internal controls
Benchmark leading practices Perform gap analysis
Scope initiative (people, processes, reports, tech.)
Visioning & Targeting Your Company NetSuite
Create compliance roadmap
Create plan for consolidating business systems/ data sources
Design Your Company NetSuite
Design corporate business process flows
Design reporting scope & structure
Map process flows to NetSuite
Map reporting requirements to NetSuite
Determine customization requirements & design
Implementation. Design and customization are implemented across process, technology, organizational and cultural lines. Testing across
these lines is critical for practical success. Critical planning of the compliance “go-live” includes assignment of personal, named accounta-bility from the department level up through executive management.
Report, Audit, Certify. Once the system and practices are live, the cycle of real-time, ad hoc and strategic reporting with audits begins.
Here, it’s critical to ensure quality assurance of compliance to processes, policies and procedures. Best practices show that this is managed via both internal and third party resources.
Implementation Your Company NetSuite
Implement & customize NetSuite application
Migrate data, processes and policies to NetSuite
Migrate reporting and periods to NetSuite
Assign security & accountability by role & name
Post policies, procedures to NetSuite SOX File Cabinet
Publish policies & procedures to company, partners
Scoping & Planning Your Company NetSuite
As-is assessment of internal controls
Benchmark leading practices Perform gap analysis
Using NetSuite to Support Sarbanes-Oxley Compliance
Aside from the one-system architecture, NetSuite has a host of features to help you both implement and audit your internal controls and processes for Sarbanes-Oxley compliance.
NetSuite offers powerful user activity auditing and controls to help businesses determine who has access to their core business data and what changes are being made and by whom.
Find out more: contact NetSuite, Inc. at 1-877 NETSUITE or visit www.netsuite.com
Updated 11/10/04 NetSuite Data Sheet | 4
Real-time, role- based dashboards
Key Performance Indicators (KPIs)
Online and e-mail-based reminders and notifications| Report snapshots and custom lists
Robust financial reporting
Income Statement, Balance Sheet and Cash flow Detailed transaction reports, individual journal entries Custom Reports
ODBC Business Intelligence reports
Billing Schedules
Billing Schedules associated with Sales Orders Automate creation of invoices at pre-defined intervals Customer specific billing cycles
Revenue and associated costs booked at the appropriate time
Revenue Recognition
GAAP compliant for revenue related to future periods Associate revenue recognition templates with their item records Automate the creation of revenue recognition schedules
Journals Entries
Entries are automatically created in the appropriate periods Ensure consistent booking of revenue with associated costs Avoid manual/data entry errors
Ensure accurate financial statements.
File Cabinet Organize company intranet; post, publish content, policies & procedures
Audit trail
Always-on
Transaction audit trail tracks changes to financial records Identifies
Who entered or edited the transaction When the entry was made
What the latest value of the entry is
System Generated Notes
Audit-trail of non-transactional records
Sorts identifying changes that were made at the individual level Highlights
Who made the change, when made, before/after values of fields
Role-based Access
All NetSuite users assigned roles
Enables control over what records and to which types of changes users have access Restricts users to accessing information only for their respective departments Sales users have access to records assigned to them or their team
Roles can have specific forms associated with them, enabling users to see only the information they need and thereby protecting more sensitive data
Access Restriction by IP Address
NetSuite allows you to limit certain types of access to business data from specific locations Enables you to control changes that are made
Summary
In spite of what some software companies might tell you, implementing a business management application alone will not cause you to become instantly Sarbanes-Oxley compliant. However, choosing an application like NetSuite will provide you with the tools you need to ensure and audit your compliance status. NetSuite provides a platform for growth for many years to come.