Enhanced Audit / SOx Processes

The Sarbanes-Oxley Act of 2002 is a United States federal law also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called SOx or SarbOx).

The Act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure. It was designed to review the dated legislative audit requirements, and is considered one of the most significant changes to United States securities laws since the New Deal in the 1930s. The Act gives additional powers and responsibilities to the U.S. Securities and Exchange Commission. The Act came in the wake of a series of corporate financial scandals, including those affecting Enron, Tyco International, and WorldCom (now MCI). Named after sponsors Senator Paul Sarbanes (Democrat of Maryland) and Representative Michael G. Oxley (Republican of Ohio), the Act was approved by the House by a vote of 423-3 and by the Senate 99-0.

SOx process are particularly relevant to the KEstrel system in regard to enhanced audit functionality.

What do you want to do?

• Raising credit notes in Sales Ledger and Vehicle Rental modules.
• Creating Add to Specification Order Lines.
• Creating Vehicle Orders and associated value.
• Users posting maintenance / vehicle purchase orders onto the Purchase Ledger from Fleet modules and associated value.
• Users raising/editing maintenance orders and associated value.
• Users having access to the BACS module.
• Fleet users permissions and associated values by user for: Raising maintenance approvals; Raising recharge invoices; and Posting of maintenance invoices to the Purchase ledger

The following step by step process should be followed:

Raising credit notes in Sales Ledger and Vehicle Rental modules

1. For the raising of a credit note within either of these two modules the userid and associated value of the credit/invoice of the creator is logged/audited.

2. The credit (or invoice) is created and the daybook printed to generate the postings.

3. Review the Account Transactions and the values are displayed.

4. Select the Details command button to display the Display Transaction form and select the Daybook command button to see the Display Daybook Details form to view the Printed by and Data Entered by userids.

Creating Vehicle Orders and associated value

5. The creating and amending of vehicle orders is audited via the Vehicle Purchasing audit file. This may be viewed by selecting the Audit Tab within the order or by using the adhoc or Repgen facility to report down the FO.audit file for the Created.by.user.id and the date created fields.

Creating Add to Specification Order Lines

6. The creating and amending of additional specification lines is also audited via the Vehicle Purchasing audit file. This may be viewed by selecting the Audit Tab within the order or by using the adhoc or Repgen facility to report down the FO.audit file for the Created.by.user.id and the date created fields.

Users posting maintenance / vehicle purchase orders onto the Purchase Ledger from Fleet modules and associated value.

7. Any invoices raised through the Periodic process, miscellaneous invoices, maintenance recharges, etc are audited via the USERID and CREDATEfields now held in the FC.ipend file.

8. Generate the required transaction and interrogate the FC.ipend file. These fields can only be reported upon in the Invoice Pending file; they are not displayed within the forms.

9. The Display Transaction form in the Nominal Ledger invoice buffer may be viewed to see the User ID.

Users raising/editing maintenance orders and associated value

10. These details are currently audited and may be interrogated via am adhoc or Repgen report down the FA.audit file or may be viewed in the Audit Event Log Display.

Users having access to the BACS module.

11. Access to the BACS module is governed by user id and password control in the BACS Submission form.

12. Each user record has creation and amendment dates. Passwords, login attempts, dates and times are all recorded in the BACS passwords form (BACS submission / System Maintenance / Passwords.

Fleet users permissions and associated values by user for: Raising maintenance approvals; Raising recharge invoices; and Posting of maintenance invoices to the Purchase ledger

13. The Posting Maintenance approval limit is set within Fleet User Permissions (Fleet Environment / Review / Permissions) in the Maint approval Limit field. If a maintenance controller attempts to raise an authorisation with a total value greater than that set within Fleet User Permissions then the system displays a warning and does not allow the authorisation to be created.

14. The Posting Maintenance invoice limit is set within Fleet User Permissions (Fleet Environment / Review / Permissions) in the Maint Invoice Limit field. If a maintenance controller attempts to raise an individual authorisation item with a value greater than that set within Fleet User Permissions then the system displays a warning and does not allow the authorisation to be created.

15. The Raising Recharge limit is set within Fleet User Permissions (Fleet Environment / Review / Permissions) in the Maint Recharge Limit field. If an authorisation is created and a maintenance controller attempts to recharge a value greater than that set within Fleet User Permissions then the system warns Total recharge value exceeds your maximum permitted approval recharge value and does not allow the recharge to be created.