This chapter contains the topic:
Thousands of companies face the task of ensuring their accounting operations are in compliance with the Sarbanes-Oxley (SOX) Act. After a comprehensive external audit by a SOX compliance specialist, which identifies areas of risk, you use several programs to set up and provide the "electronic paper trails" necessary to ensure SOX compliance. The reports you produce satisfy the requirement of an Internal Control Report stating that management is responsible for an adequate internal control structure, and an assessment by management of the effectiveness of the control structure.
Within JD Edwards World Software, action code security, processing options, menu masking, Database Audit Manager (DBAM), and imbedded iSeries security work well for managing security needs. JD Edwards World Software additionally provides an internal control report to satisfy the segregation of duties specified in section 404 of the SOX Act.
To set up your system for SOX compliance, complete the following tasks:
To set up generic text information
To set up process definitions
To set up conflict definitions
After you set up your system for SOX Compliance, you must verify your action code security and function key security are set up properly.
Note:
The Action Code security for user ID *PUBLIC for *ALL programs must be set to N (no) for the Add, Change, and Delete fields.The Function Key security for user ID *PUBLIC and Field *ALL for all critical videos must be set to N (no) to prevent access.
You must set up new generic text information for the Process Conflicts file (F00712).
To set up generic text information
From Developer's Workbench (G9362), choose Generic Text Definition
On Generic Text Definition, enter *F00712 in the following field:
Application
Enter Process Conflict Definitions in the following field:
Description
Enter 2 in the following field:
Window Width
Enter 00 in the following fields:
Install System
Reporting System
Enter F00712 in the following field:
File ID
Enter J in the following field:
Ownership (JD Edwards World/User)
Enter RULN in the following field:
Data Item
Enter I in the following field:
Display (I/O)
Figure 56-1 Generic Text Definition screen
You use the Process Definitions program (P00711) to set up your processes. A process can be a single program, a combination of programs, or a combination of function key and subfile options that access multiple programs across the system. You can also set up a process that includes other processes. For example, you can set up your process for Accounts Payable (A/P) entry by entering all of the programs a user accesses during A/P entry. This might include the Address Book Revisions, Speed Voucher Entry, Standard Voucher Entry, and Recurring Voucher Inquiry programs.
The system stores all processes in the Process Definitions File (F00711).
You can use the F1 function key to access other screens containing data that you might use when creating a process. Use this function key in the following fields to access the various screens:
Process Name/Description, accesses the Process Definitions window which contains all the process names and description that exist in F00711.
Program, accesses the Software Inventory window that contains all programs in the system.
Function Key/Selection Option, accesses the Defined Function Key/Selection Option window that contains all of the function keys (except F1, F7, F22, F24, Help, Page Up, and Page Down) as well as subfile options that exist within the video entered in the Program field.
Process, accesses the Process Definition Search window that contains all processes in the system.
Additionally, you can access the Process Conflict Definitions program (P007121) by choosing Process Conflict Definitions (F8). Choose Audit Information (F6) to access the Audit Information window which contains system information such as, the user ID of the individual that last updated this process and the date and time in which the update occurred.
From Master Directory (G), choose Hidden Selection 27
From Advanced & Technical Operations (G9), choose Security and Security Admin
From Security and System Administration (G94), choose Security Auditing and Reporting
From Security Auditing and Reporting (G947), choose Process Definitions
On Process Definitions, complete the following fields:
Process Name
Description
On Process Definitions, each detail line can contain a value in either of the following fields:
Program
Process
If you enter a value for a video in the Program field, then you must complete the following field:
Function Key/Selection Option
You use the Process Conflict Definitions program (P007121) to set up all possible process conflicts. A process conflict can be between:
Two processes
A process and a program or vice versa
A process and a function key/subfile option on a video or vice versa
Two programs
A program and a function key/subfile option on a video or vice versa
Two function key/subfile options on a video
For example, you can set up a process conflict so that the system issues a violation if a user of the A/P entry process has access to any of the programs in the A/R entry process.
The system stores all processes in the Process Conflict Definitions File (F00712).
You can use the F1 function key to access other screens containing data that you might use when defining a conflict. Use this function key in the following fields to access the various screens:
Rule Name, accesses the Conflicts Rule Search window which contains all the conflicts/rules.
Program ID, accesses the Software Inventory window that contains all programs in the system.
Function Key/Selection Option, accesses the Defined Function Key/Selection Option window that contains all of the function keys (except F1, F7, F22, F24, Help, Page Up, and Page Down) as well as subfile options that exist within the video entered in the Program field.
Process Name, accesses the Process Definition Search window that contains all processes in the F00711 file.
Additionally, you can access the Process Definitions program (P00711) by choosing Process Definitions (F8). Choose Audit Information (F6) to access the Audit Information window which contains system information such as, the user ID of the individual that last updated this conflict/rule and the date and time in which the update occurred. Choose Memo (F14) to access the Generic Text window.
To set up conflict definitions
From Master Directory (G), choose Hidden Selection 27
From Advanced & Technical Operations (G9), choose Security and Security Admin
From Security and System Administration (G94), choose Security Auditing and Reporting
From SecurityAuditing and Reporting (G947), choose Process Conflict Definitions
On Process Conflict Definitions, complete the following fields:
Rule Name
Seq
On Process Conflict Definitions, each detail line can contain a value in either of the following fields:
Program ID
Process Name
If you complete the Program ID (video) field, additionally, you can complete the following field:
Function Key/Selection Option
Complete either of the following fields under the Conflicts With section:
Program ID
Process Name
If you complete the Program ID (video) field, additionally, you can complete the following field:
Function Key/Selection Option
Figure 56-3 Process Conflct Definitions screen