npde500
Member
List,
Like many companies we are going through SOX 404 risk and control assessments. One of the recommendations that has been made for PSE1 is to implement processing option security to mitigate the risk of users change IV/BV processing options on demand. Our understanding is that this will require Prompt for Values, Prompt for Versions, Change and Data Selection (BV) to be secured and all versions of IV/BV to be defined on the Menu/Task View.
While we understand the risk we see this as system functionality mitigated by end-user training and management review.
Questions for list:
1. Have you implemented security on Processing Options?
2. If yes, was this for SOX or other purposes?
3. Due to the work needed to setup and maintain Processing Option Security do you think it's a good use of limited resources?
4. Any other related comments?
Many thanks,
Nick
(Feel free to reply privately if you so wish).
Like many companies we are going through SOX 404 risk and control assessments. One of the recommendations that has been made for PSE1 is to implement processing option security to mitigate the risk of users change IV/BV processing options on demand. Our understanding is that this will require Prompt for Values, Prompt for Versions, Change and Data Selection (BV) to be secured and all versions of IV/BV to be defined on the Menu/Task View.
While we understand the risk we see this as system functionality mitigated by end-user training and management review.
Questions for list:
1. Have you implemented security on Processing Options?
2. If yes, was this for SOX or other purposes?
3. Due to the work needed to setup and maintain Processing Option Security do you think it's a good use of limited resources?
4. Any other related comments?
Many thanks,
Nick
(Feel free to reply privately if you so wish).