OAUG%20SOX%20Panel%20Krista%20Ladd%20Oracle%20Applications%20Manager%20Silicon%20Image,%20Inc.

1
OAUG SOX PanelKrista LaddOracle Applications
ManagerSilicon Image, Inc.
2
Introduction

• Company Silicon Image, Inc
• Size
• 300 employees
• 2004 Revenue 173.2 million
• 2005 Revenue (first 3 quarters) 150 Million
• Technology Services group supports users in
  Sunnyvale, Irvine, Taiwan and multiple Sales
  sites
• IT Group 7 employees / IS Group 6 employees
• Application version 11.5.9
• Modules Financials, Distribution, Manufacturing
  and HR
• Consulting Company used to assist with the SOX
  compliance project Horn Murdock Cole

3
Segregation of Duties

• How did you resolve issues of Segregation of
  Duties?
• Utilized the Oracle ICM SOD tool.
• Entered the major violations and resolved before
  the audit review
• Continuously add violations as the auditors find
  issues and make suggestions
• Monitor on a monthly basis to make sure there are
  no new violations
• Created alerts to monitor known violations and
  document as compensating controls

4
Key Challenges

• What were the most challenging moments in the SOD
  task?
• Clearly defining ownership of SOD violations
  between Finance and IT
• Understanding the Finance processes well enough
  to suggest compensating system controls and
  explaining fully to auditors
• Understanding Oracle functionality (current and
  future) to suggest system controls
• Journal Approval Workflow
• Credit Memo Workflow
• Etc.

5
SOD Recommendations

• Violations
• Run the reports often and share any new
  violations with Finance
• Work with BPOs to make sure not approving user
  access which is a SOD violation
• Controls
• Have an IT person who understands Finance read
  through all of the Finance process documentation.
  
• Look for opportunities for the system to control
  risk
• Look for items that are documented as system
  controls or actions when that is not the case
• This will reduces future auditor confusion as
  well as minimize IT involvement