We have a requirement to regularly review and certify as correct all the session authorizations for our entire user population. We can generate a raw listing using ttaad2432m000, but the volume of output is immense. Is anyone aware of any third party products that address this need?
How are all of you planning to deal with this?

Thanks in advance for all your help.
Sandy

Sandy,

Not one that I am aware of. But since you brought it up as a requirement (which probably is a requirement for every company in the U.S.), one of the Baan solutions providers could jump on it. Perhaps you could write a business case that they can use to develop a solution.

Has anyone read the SOX specs? I've heard that in the specs there is nothing specific stated like "regularly review and certify as correct all the session authorizations for our entire user population." instead it basically says that you must have a procedure, it must be documented and you must stick to it..

Maybe some of the SOX auditing firms (like PWC) came up with their own procedures ahead of time and are trying to push them on their customers?

I ask his becuase I've heard wild storys and it seems that the requirements are different from company to company...

Dave

Currently working as a consultant for a Netherlands based but US comp, the SOX-troops executed a very heavy and severe audit. Due to several organizational and systemwise consolidations it was a true mess, reason for the auditors to digg deeper ande deeper.
Most important issue is, to have a fully implemented Seperation of Duty system, especially for those activities in which financial transactions/risks are involved.
Therefore we'll create a customized table in which all critical sessions are registered (like in the purchase to pay process: create PO's, book receipt, approve receipts, etc) and relate all sessions to a certain role.
A query will present those login id's with access to sessions which are related to more then one role and therefore are not SOX-complying.

Good luck with the audits

Hutje :cool:
_____________________
If you can't beat them, buy them

The answer to your problem is Capella.Net and that you can have a customized report based upon your needs, on the web - rather than you using BaaN licence just for users report.. Solution currently in place with lot's of BaaN users already and can be found at www.ariel-global.com