NETSUITE

SOX ComPLIANCE 

AUTOMATE AND GET COMPLIANT IN UNDER A MONTH

SOX compliance requirements are only going up — and cloud-based enterprise systems like NetSuite pose a unique set of challenges. When you need to dedicate IT, finance and accounting resources to meet these requirements, the result is a significant drain on the productivity of your teams.

Strongpoint helps you meet some of the more unique audit requirements around ERP systems, giving you complete visibility into your scripts, workflows, user roles and permissions, dependencies, managed bundles, platform changes and NetSuite releases.

It starts with comprehensive documentation of the customizations in your account. From there, we provide a suite of powerful tools for tracking development activity, managing segregation of duties, and monitoring transactional and record-based events.

Read on for details, or use the form below to download our newest eBook, Three Steps to NetSuite Compliance.

Table of Contents

Download today:

THREE STEPS TO NETSUITE COMPLIANCE

netsuite ebook compliance
Get the Netsuite Compliance Ebook Now

Documentation and Cleanup

NetSuite accounts can have tens of thousands of customizations; these customizations can be interconnected in as many as a hundred thousand different ways. 

Documenting and tracking this is so time-consuming that nobody does it properly. We’ve seen everything from Excel spreadsheets to handwritten notes, but every manual approach has the same problem — it's time-consuming to collect and impossible to keep up to date.

Ultimately, if you don't have accurate documentation of your system, your path to passing a SOX audit is much more difficult. Auditors will want to see that you're aware of if and how changes to your system will affect revenue recognition. And the more complex your account is, the harder it is to be confident about this.  

How Strongpoint Helps

Strongpoint starts by scanning your NetSuite environment and creating a comprehensive record of all your customizations, dependencies and critical settings and preferences. It automatically keeps this information up-to-date, and gives you several out-of-the-box tools for working with it:

Watch a webinar: Account OPTIMIZATION

Unused customizations and related technical debt make the path to SOX compliance much more complicated. Unfortunately, identifying and safely deleting unused scripts, saved searches and other customizations is risky and time-consuming — unless you have accurate documentation. 

Watch the webinar to learn how Strongpoint leverages account documentation to make large cleanup projects quick and risk-free. 

webinar white

Impact Analysis

You can't get SOX compliant without efficient change process. And you can't get efficient change processes unless you have effective impact analysis. When you know the effect of a change ahead of time, you can build smart policies to review what's risky and pre-approve what's safe. 

That's exactly what Strongpoint does. We give you access to accurate impact analysis before you make a change, so you no longer have to rely on guesswork to know what requires investigation. 

As a result, your IT team saves time and you can go into audit with a verifiable record that everything risky underwent the proper review. 

Impact-Based Risk Decisioning

Strongpoint logs every change in your system and determines whether it's safe or risky. From there, you can pre-clear what's safe, and build custom approval policies that ensure risky changes are reviewed and approved by the right people.

In this clip, Strongpoint's VP of Sales and Marketing, Paul Staz, walks you through how Strongpoint's default policies assess technical risk when making a change via a process issue.

JIRA/SErviceNow Integration

If you use Jira or ServiceNow to manage tickets, you can access Strongpoint's impact analysis directly at the ticket level, and get a comprehensive list of related customizations that will be affected by a potential change. 

You can also sync Jira/ServiceNow tickets to change requests in Strongpoint, so the impact analysis and approval, if required, is collected in an audit-ready report. 

Change Management

NetSuite accounts are changing constantly. End users change saved searches; Administrators change fields, forms and list values; developers create and change scripts and workflows. In a typical NetSuite account, this can be hundreds of changes per month — and thousands of system notes.

The problem is that going through these system notes to identify what's relevant to auditors, and tying those changes back to approvals that took place outside the system is incredibly time-consuming. In fact, it's one of the biggest pain points for NetSuite teams in the lead up to an audit. 

We designed Strongpoint to solve this problem. Our change management tools are built on smart, risk-based policies and automation. Inside NetSuite or integrated with your ticketing system, we help you create airtight change controls that make passing an audit easy and stress-free. 

How Strongpoint Helps

Watch a webinar: CHANGE MANAGEMENT

In this webinar, we walk you through how easy it is build and automate effective, audit-ready change policies, and how to integrate both with ticketing systems such as Jira/ServiceNow.

Watch the webinar to learn more.

webinar white

Reporting and Reconciliation

When it comes to passing a SOX audit, having a list of changes in your account is only half the battle. NetSuite teams tend to encounter the most difficulty when they’re asked to prove they understand why those changes were made.

Whether you track approvals via email, spreadsheet or an external ticketing system like Jira or ServiceNow, tying those approvals back to the changes that actually took place in the system — and demonstrating that the appropriate policy was followed — is an incredibly time-consuming process that can involve days of reviewing system notes. 

Strongpoint automatically reconciles changes to approvals and automatically tracks the changes and updates that are the most difficult to capture manually. It continuously audits every change, pre-clearing those that are safe, and automatically alerting Admins and managers when a high-risk change occurs without the proper approval.

This functionality can be easily integrated into Jira and ServiceNow using pre-configured plugins, so that your teams can continue using those platforms while taking advantage of Strongpoint’s industry-leading impact analysis and change policies.

Three reports that prove compliance

The 'closed-loop' nature of Strongpoint's change management system means that you can go into audit with just three reports showing everything happening in your system:

  • Changes that followed policy
  • Changes that didn't but were reviewed and resolved
  • Any changes still outstanding

Watch the video for a demo.

Segregation of Duties

The theory behind segregation of duties (SoD) is simple — users should not be able to perform multiple steps in a financial transaction. In practice, however, the realities of managing access in large organizations make it very difficult to enforce. 

NetSuite contains 636 distinct permissions, which govern 4923 separate tasks, searches and records. Because of this complexity, managing access effectively takes time and resources most admins and finance teams don't have. And even if things are clean and streamlined at all times, automation can introduce 'phantom conflicts' that auditors will read as control deficiencies. 

Strongpoint contains out-of-the-box rules, reporting and tools that make it easy to plan a role and permission cleanup — even those 'phantom conflicts' we mentioned above. This lays the groundwork for a rapid SoD implementation. 

Role and Permission Cleanup

More roles and permissions mean more possibility for SoD violations. Taking steps to clean up, consolidate and tighten access controls is the major part of any SoD project.

Strongpoint takes you step-by-step through the process of identifying unused and obsolete roles and permissions — both real and 'phantom' conflicts, and removing them safely. 

Watch the video for an overview of how it works. 

Compensating Controls

Well-defined access controls are a great foundation for minimizing SoD conflicts. But on their own, they can't prevent violations. What's important — what auditors will want to see — is that you have systems in place to alert you when conflicts occur. 

Strongpoint integrates directly at the employee record to give you instant feedback on role and permission assignments. You'll know if a new assignment has the potential for SoD violations, and can even block certain risky assignments — such as Admin privileges — outright without prior approval. 

Master Data and Financial Controls

Configuration changes are not the only important changes to your NetSuite account. Changes to master data can significantly affect financial integrity. Similarly, not all transactional behavior can be managed through roles and permissions alone. To manage these risks, you need a solid system of detective controls.

Some companies use saved search alerts as detective controls, but have difficulty proving that alerts were sent or acted upon. In addition, system notes searches can be difficult to run over a significant time frame. The result is that even with robust processes, staff are often overwhelmed, resources are tied up and auditors are left unsatisfied at audit time.

Strongpoint Agent in two minutes

Watch a webinar: building smarter controls

An auditor once told us, “We aren’t worried about the things you know about. We are worried about what you don’t know about.”

In other words, it's easy to know about, and report on, the things that follow policy perfectly. But it's not so easy to stay on top of hot fixes, offline approvals and other workarounds that are sometimes necessary in busy NetSuite accounts. 

In this webinar, we show you how to create airtight detective controls around transactional activity — and prove to auditors that financial data is protected even if the right policy isn't followed. 

Watch the webinar to learn more.

webinar grey

Learn More

Canva Design DAEbNGD39vQ-1

Get in touch to book a free needs assessment with one of our SOX compliance experts. We'll provide a comprehensive review of your system, your processes and your setup — and let you know if Strongpoint can help make the compliance process fast and simple.