Hello, Are there any U.S based public companies (Traded in NYSE/NASDAQ) using Navision and use it for Sarbanes-Oxley (SOX) compliance procedures? Thanks & Regards Raj
Yeah SFNT.
Thank You Ahmed
THere are a few, but it depends what you mean by “use it for Sarbanes-Oxley”. There are companies I know of that are required to be SOX compliant, and that use Navision as their ERP system. Though I don’t know of a company that uses Navision to achive the requirements of use it for Sarbanes-Oxley. The oddest thing is that you will really need to use Windows logins to achive the SOX requirements on login security, even though it is of course far less secure than Database logins. Also you will have less problems with a SOX auditor running on SQL back end than on C/SIDE. There are s many holes in sarbanes and oxley, that it looks as thought hey picked some software they liked,and then started writing the rules. Navision can work and be compliant, but you will tend to be doing soem odd work arounds. As another note, I know a consultant that was starting a business primarily designed to use Navision as a tool to bring companies to SOX complaincy. When he first told me this I thought he was mad, but in the past 6 months I have seen that he was actually very sane, and very smart.
We are on v2.6 and that version is grossly inadequate, even for pre-SOX internal controls. The solution for us is external “mitigating contols” to make up for the lack of sufficient internal controls within Navision. BTW it is not “FOR Sarbanes-Oxley (SOX) compliance procedures” but the finacial system is “SUBJECT TO” SOX. There is a difference. However, another pespective is where companies might be migrating to another system where the SOX compliance is easier/better that their old system, in that case it would be “FOR” SOX compliance. Gary
Thanks Gary for your comments. If I may ask, is your company public? and are you moving to Ver 4.0 Financials?
We are public, but not listed…sore subject. We will not be upgrading to v4. regards Gary
Hmm, I can’t see how they would let you get away with 2.60, it just does not meet any of the requrements. I will bet you had to do a lot of work arounds. We also had the issue, of SOX coming in DURING the conversion to Navision [V]
David, It’s called “compensating contols.” Or at least that’s what we used to call them at the CPA firm. I’ve got SOX auditors here right now, and I told them “Navision can’t do it, not in our version of Navision.” Then we get into the manual compensating controls outside of Navision, to show how we still can control “most” of the concern points, not all but most of them. You don’t need ALL your controls inside the system. My opinion, if the auditor does not KNOW the software, and I mean really know it, then you have to review what they say and ask for, and possibly challenge them. If you know your system, don’t be afraid to challenge the auditors. One of the controls they wanted would require custom modification to v2.6, and I told them it did not make business sense to do that custom mod…because as a custom mod it creates its own problems. Chicken and egg situation. Some times you have to argue with them as well. I was in an SAP installation and the auditors wanted a change log. You just DO NOT turn on track ALL changes, or the log will be so big so fast that you end up trying to manage the growth of the change log rather than the data. You have to be selective in what you track changes for example, master data vs transaction data. Even then, depending on the business, even master data changes could be voluminous. The classic one is “too many people have a high level of security.” Well when you have a small accounting department…guess what, people have to wear many hats and you WILL have a segregation of duties issue. You have to have compensating controls for these situations because the system just won’t handle it. I had a ball with one topic “change control.” I told him it did not matter as WE DID NOT MAKE ANY CHANGES in 2004, so there is nothing to audit. He was stumped as to what to do next. He had to audit the changes…but there were no changes to audit. Being an ex-auditor and an old-fart (snicker) I get a little cranky when someone does not think and tries to ram a generic template down my throat. OK time to stop venting… Regards Gary
Hmmm, it sounds like we had the same auditors [8D].