The Sarbanes Oxley compliance or SOX compliance
has been a huge concern for corporations across North America over the
last few years.
Security, backups, and authorization
Dynamics NAV
provides an extensive range of tools to work with security. In addition, Dynamics NAV
also provides an integrated security structure with Windows
Authentication and the SQL Server security model. The Dynamics NAV
backup feature provides the ability to back up the database from within
the application. Regular backups could also be scheduled to ensure
effective database recovery procedures are in place.
Access control and audit trail
In addition to that, a user is
restricted by Dynamics NAV roles and permissions to the level where the
user is able to perform his daily activities on the system. This is
further cemented with the new Role Centers in Dynamics NAV RoleTailored
Clients.
In the SQL Server option for
Dynamics NAV, it is possible to provide record-level security, which
ensures that specific users view only specific areas of the application.
The User ID
of the user performing a transaction in Dynamics NAV is tagged at every
stage, including data entry in the documents and journals. The User ID
can also be found in the ledger entries and on posted documents, thus
enabling a smooth trail of transactions supported by dates and times.
Shown next is a screenshot of the G/L Entries, showing User ID and Source Code to identify the source of transactions:
Change Log
A Change Log feature in Dynamics
NAV, if set up, provides a log of all the changes made to the data,
including insert, modify, or delete.
To set up the Change Log in Dynamics NAV, let's follow the next steps:
1. From the Administration menu in Dynamics NAV, scroll to the Application Setup and then expand further to General and open the Change Log Setup screen as shown next:
2. To start using the Change Log, check the Change Log Activated checkbox.
3. Click on the Setup menu button at the bottom of the screen and select Tables.
4.
This opens a list of all Dynamics NAV application tables, with options
to log insertions, deletion, or modification of those tables, as shown
next:
5.
For each table, that needs to be change logged, there is an option to
select all fields in the table, or select a collection of some fields
(by selecting some fields and clicking the Assist Edit button).
6. Once the setup has been done, the changes in the application tables start getting logged in the Change Log Entries screen as shown next:
Data validation and accuracy
The Dynamics NAV
application provides several checks and balances at every step
throughout the various stages of application including data entry and
postings. Language-specific error messages and prompts assist users with
the data accuracy and ensuring the correct information enters the
application. There are checks to ensure the debits and credits match;
field-level controls are established throughout the application to
ensure the fields that are mandatory for the transaction are entered by
the user before moving on.
Effective change management
Change management procedures
are an essential part of maintaining a SOX-compliant application. A few
aspects of change management to keep in mind while defining the
organization's change management policy are as follows:
Every change must be driven by a business case or an issue raised by a business process owner. This must be documented.
The change done to the application must be tested in a separate test database before releasing the code to a live database.
The object files must be logged and so should be the objects changed to accomplish the change.
Proper versioning of objects ensures the previously defined measures are accomplished easily.
Appropriate
approvals must be given to promote the object changes to the database
and must be documented in the change management process.
There are several
tools available across a wide range of partners to manage the code
promoted to the database and report on it.