Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 7168 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

I'm not sure if this is the correct place to post this question but here goes.

Has anyone had their FMP database system reviewed by a Sarbanes-Oxley (404) compliance audit? If so were you able to make it compliant to their requests? If yes, what did you need to do to become compliant?

I am the administrator of a FMP database system that tracks all print orders (2k/week) and costs ($2.5mm/week) that my company generates. I completely revamped this system to track all time spent on the creation of the artwork for these orders plus, as stated above, track all print costs for same. I've also redesigned this system to accept orders automatically from our Oracle system and feed the costs back to it so that purchase orders can be generated for the printers that we use to print the jobs.

Our company is now being audited and the company is showing some concern on the security of the FMP based system. There are approximately 150 users of our system which operates off of four separate servers in four different print departments across the country.

Any feedback is welcome.

Posted

Hi Kennel,

We just finished our first SOX audit in December. Luckily for us FileMaker was not an "in scope" system because we don't process any financial records with it. We use FileMaker to fill-in-the-gaps where the core information system comes up short. I don't think we could have passed on v6 if they had found FM to be in scope. If we were on v7 I bet I would be a different story. Can you possibly upgrade before your audit?

We did instutite an FM help desk program to assist us with change control because that was one of our weak areas.

Our VP of finance feels that for every dollar we spent on Sarbanes-Oxley compliance we reaped $0.05 in benefits. Not too good for the investors whom this law was designed to protect.

Posted

Ted,

One question: Is it Version's 7 way of handling the access privileges that would make the big difference in passing or failing the SOX audit?

Posted

Don't know any thing about SOX (other than the White Sox), but I am guessing that External Authentication in V7 would be a big security boost.

Posted

I think so. Before v7 we had a awful security scheme. Basically, everyone belonging to a particular group would share the same password. And since the records were stamped by the user name value (that users could freely change themselves) I figured that we wouldn't pass an audit. Like I said, FileMaker is not used in any of our significant financial processes so we were ok.

Now with the vastly improved security on v7 I think I could sell the auditors on the integrity of the system. I suppose one could try to buffalo them but that's not my style. Security in pre 7 versions was poor at best.

Posted

Ted,

SOX apparently frowns on multiple associates using the same password when these associates all have different functionality in the system. In the past this wasn't an issue with us mainly because we have a lot of cross-functional tasks. However, with the onslaught of sleeze-balls getting into CEO positions it has become an issue.

Thanks again.

Posted

Kennel,

I don't know if there has been an "onslaught" of sleaze-balls but there certainly has been a few. And now, courtesy of US lawmakers, we all (publically traded companies) have to pay for it.

I had to make 1200+ changes to our ERP system most of which concerned removing add/change/delete rights for those in the highest positions in the company.

It is like the organization has flipped upside down. Now those on the lowest rungs of the ladder have the greatest access rights where executives can't really do anything in the system - not that they ever actually did much anyway.

I put some of the blame on the scoundrels at Enron, Worldcom, etc. but I put most of the blame on the congressmen who in typical fashion, are trading off rewards for safety and security.

This topic is 7168 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.