A few weeks ago, we sat down with four IT, systems and audit experts to discuss SOX compliance and business systems. You can watch the full discussion on demand here — but one of the key takeaways was that, for our panelists, preparing their team was just as important as preparing their systems.
Out-of-the-box, Salesforce can get you much of the information you need to pass a SOX audit. But there are gaps, and the process can be frustrating and time-consuming. Before you start, it’s important to understand what you can — and can’t — do in your Org already.
Technical debt in Salesforce is unavoidable as your business evolves — in many ways, it’s the cost of development. The longer you’ve been running Salesforce, the more likely it is that you’ve accumulated technical debt, such as unused customizations, obsolete roles and permission sets, and more.
Sales and Finance teams are two sides of the same coin — a profitability coin, that is. Both are critical to a company’s ability to succeed, and both need accurate data to work effectively. Yet the standard practice, when a company reaches a certain level of growth, is to have both teams working in their own silos — Sales in a CRM, like Salesforce, and Finance in an ERP like NetSuite.
As your business grows, so will your Org. And while a highly customized Salesforce Org reflects a booming business, there’s a critical difference between necessary complexity and technical debt.
As you build your Org, complexity grows and even simple development activity can get complicated. To make changes safely, you need to be able to see how Objects and fields are connected. For example, if you are going to make a change to a field in the Account Object, you need a list of all the reports, layouts, formula fields, dashboards, etc. that reference it — in other words, anything that could be affected when you make that change.
Welcome back to the last installment in our three-part blog series, “When Salesforce Meets SOX!” If you missed the earlier posts, here's part one, about access control, and part two, covering metadata.
Today, we’re covering configuration data, with a specific focus on Salesforce CPQ and related applications.
Today in our ongoing look at SOX compliance in Salesforce, we’re talking metadata. We kicked off this blog series last week by discussing access control — if you missed that post, check it out here.
To effectively meet SOX requirements for the Salesforce platform, it's critical that you narrow the scope of inquiry. System documentation and dependency analysis will help you understand which objects and automation touch revenue-related processes, but that’s only part of what your auditors are concerned about. They’ll also want to see that you have a system for monitoring and managing changes to that metadata.
We’re seeing more and more that SOX auditors are turning their attention to Salesforce systems. It’s a trend we’ve noticed for some time, but there’s still a lot of uncertainty about what’s in scope and what isn’t.
Part of the problem is that most of Salesforce — things like marketing operations, for example — don’t touch revenue-related data and, as a result, they aren’t of concern to SOX auditors. But apps like CPQ and Billing can impact rev ops. And increasingly, auditors are asking Salesforce teams to prove they’re managing them in a compliant manner.
Between licensing fees, consultants' fees, auditors' fees and more, your ERP system is a big investment. If you're like a lot of our customers, you're under a lot of pressure to justify those costs and show a clear ROI for any software you purchase on top of it.