Happy Cybersecurity Awareness Month (CSAM)! Did you know that the loss of critical, and often sensitive, information can severely impact the profitability and innovation of your organization? And with consumer awareness of data protection on the rise, it’s no surprise that data security has become a mandatory responsibility for organizations running Salesforce.
A few weeks ago, we sat down with four IT, systems and audit experts to discuss SOX compliance and business systems. You can watch on demand the full panel discussion on audit prep here — but one of the key takeaways was that, for our panelists, preparing their team was just as important as preparing their systems.
Whether you’re prepping for an audit, troubleshooting an issue or comparing your prod and dev environments, NetSuite gives you several tools for investigating what’s happening in your system.
Sales and Finance teams are two sides of the same coin — a profitability coin, that is. Both are critical to a company’s ability to succeed, and both need accurate data to work effectively. Yet the standard practice, when a company reaches a certain level of growth, is to have both teams working in their own silos — Sales in a CRM, like Salesforce, and Finance in an ERP like NetSuite.
As your business grows, so will your Org. And while a highly customized Salesforce Org reflects a booming business, there’s a critical difference between necessary complexity and technical debt.
As you build your Org, complexity grows and even simple development activity can get complicated. To make changes safely, you need to be able to see how Objects and fields are connected. For example, if you are going to make a change to a field in the Account Object, you need a list of all the reports, layouts, formula fields, dashboards, etc. that reference it — in other words, anything that could be affected when you make that change.
Welcome back to the last installment in our three-part blog series, “When Salesforce Meets SOX!” If you missed the earlier posts, here's part one, about access control, and part two, covering metadata.
Today, we’re covering configuration data, with a specific focus on Salesforce CPQ and related applications.
Today in our ongoing look at SOX compliance in Salesforce, we’re talking metadata. We kicked off this blog series last week by discussing access control — if you missed that post, check it out here.
To effectively meet SOX requirements for the Salesforce platform, it's critical that you narrow the scope of inquiry. System documentation and dependency analysis will help you understand which objects and automation touch revenue-related processes, but that’s only part of what your auditors are concerned about. They’ll also want to see that you have a system for monitoring and managing changes to that metadata.
We’re seeing more and more that SOX auditors are turning their attention to Salesforce systems. It’s a trend we’ve noticed for some time, but there’s still a lot of uncertainty about what’s in scope and what isn’t.
Part of the problem is that most of Salesforce — things like marketing operations, for example — don’t touch revenue-related data and, as a result, they aren’t of concern to SOX auditors. But apps like CPQ and Billing can impact rev ops. And increasingly, auditors are asking Salesforce teams to prove they’re managing them in a compliant manner.