Regulatory and Internal Compliance

Sarbanes-Oxley Act

Key sections of the Sarbanes-Oxley Act of 2002 require public companies to provide greater “internal controls,”
auditing capability and real-time reporting for their financial systems.  Section 404, which provides for “Internal
Controls”, is by far the most important to IT managers and employees as it addresses directly the underlying
control systems such as PeopleSoft Financials.

Section 404, effectively requires public firms to ‘establish and maintain internal control structures and
procedures for financials reporting’ AND ‘report on the effectiveness of the internal control structure’.

How Phire Can Help You Achieve SOX Compliance

There are no organizations or groups recognized by any government entities that certify software as being SOX
compliant.  Instead, application change management software like Phire Architect is a tool that enables
companies to achieve SOX compliance by enabling companies to enforce controls, implement established
change management processes, and meet reporting requirements.  The table below lists some of the principles
and practices utilized by companies to meet the standards set forth by Section 404 of the Sarbanes-Oxley
legislation.
"The Only Thing Constant is Change."
©2007 www.phire-soft.com | All Rights Reserved.
____Compliance
SOX Section 404 Principles/Practices
 Phire
Architect
Segregation of Duties – roles and responsibilities are segregated to prevent conflicts of interest,
risk of fraud, and enables better checks and balances.  Phire's workflow feature coupled with row
level security allows organizations to define custom change management processes that
segregate tasks depending on the role.  This allows the separation of tasks among developers,
testers, migrators, and approvers.
Gated processes - implementation of controls to prevent continuation of the process until
pre-requisite process is completed such as manager approval or system testing.  Gated
processes can be defined with Phire Architect to require pre-requisite tasks to be completed
before the change management process can continue.  Thus, you can require and enforce
successful testing or manager approval prior to the migration task.
Auditing Capability – ability to capture and report on historical record of all changes including who,
when, what, and why.  Phire is the central repository for all the activities associated with incidents
and change requests.   Detailed transactional data such as whom and when a migration was
performed is captured by Phire and this information is accessible via online pages or delivered
reports.
Real Time Monitoring and Tracking – ability to track and monitor the entire life cycle of a change
request in real time.  Phire's flexible reporting and query capabilities allow for monitoring of
activities in the system from high-level management statistics to the detailed issues and change
request tasks that are on-going.  The Issue/Change Request Tracker provides an easy search and
navigation point to everything going on in the system with the ability to drill into individual items.
Analysis of Results - periodic and regular operational reviews, metrics, and other key performance
indicators (KPI's).  The detailed historical information accumulated in the Phire repository provides
the opportunity to analyze performance across numerous metrics including types of requests,
functional areas, urgency, specific users and time-frames.  Based on your needs specific queries
and reports can be developed to provide timely analysis of the important activities in your
organization.
IT Security – implementation of proper security to prevent unauthorized access to data.  Phire
Architect is tightly coupled with the PeopleSoft infrastructure and security which results in an
industry-proven security solution.  In addition, security within Phire has been extended to include
row-level permissions to enable organizations to implement security solutions that are highly
flexible with a greater granularity.
Code Versioning – backup versions of code during development and prior to migrations to enable
fallback and prevent loss of work.  One of the main features of Phire Architect is the ability to
version all PeopleTools objects as well as any file objects.  Code versioning can be built into your
change management process to allow easy back out of code changes from production.  Detailed
information on each historical version of the object is easily accessible using online pages.
Reporting on Effectiveness of Controls – ability to report on process exceptions, security
violations, and violations to implemented controls.  Phire Architect contains a set of compliance
reports that show the effectiveness of the controls you have implemented.  There are reports that
show security violations, migration exceptions, and control data changes.