Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

A Very Atlassian Journey Through SOX Compliance

In 2014, Atlassian's Finance team was suffering from stale finance documentation, disjointed remediation efforts, and an overall lack of accountability. That's when Rich Woodson joined as a compliance manager and began to create a SOX compliance program. The first iteration used Microsoft Office and resulted in out of date information, which lead to control failures. Plus, it didn't reflect how Atlassian had evolved. They needed to find a better tool that would improve accountability and reflect the dynamic nature of the business.

Before long, the team realized the tool they needed had been right under their noses all along: Jira! This is the story of what they built and how they built it.

  • Identifiez-vous pour voir les commentaires

A Very Atlassian Journey Through SOX Compliance

  1. 1. From Static to Dynamic How finance teams use Atlassian for SOX RICH WOODSON - SENIOR PROGRAM MANAGER
  2. 2. Agenda Stuck in the office Charting a way out Implementation Expansion Results Q&A
  3. 3. Assess risks AUDIT PROCESS Document processes START Walkthrough controls Close it out Design testsReport failures START Execute test Close it outRetest
  4. 4. Assess risks BUSINESS PROCESS Design new process Retest START Fail test Walkthrough controls Close it out Implement new process Walkthrough new process
  5. 5. Process Docs • MS Word, Excel or Visio • Static without change history • Manual version control Audit Workpapers • Proprietary off- the-shelf apps • Closed systems • Separate licensing Discussion • Email, IM chat • Multiple threads, audiences, linear • Logs maintained individually Reporting • MS Word and/or Excel • Static without change history • Manual version control Fragmented and Static Tools Suck
  6. 6. Asymmetrical Accountability Process Owner • Does not proactively report changes • Not sure who is responsible for each control • Needs help in control design • Needs to delegate certain controls Audit Manager • Unsure about the status of controls • Unable to track changes in controls or test plans • Testing status and blockers are reported periodically Auditor • Unsure of control’s current status • Must do research to determine prior year testing and results • Can’t track all document requests • Complies testing status for supervisor
  7. 7. Agenda Stuck in stasis Charting a way out Implementation Expansion Results Q&A
  8. 8. Objects are People Too
  9. 9. … and need direction
  10. 10. There’s Nowhere to Hide
  11. 11. There’s Nowhere to Hide
  12. 12. There’s Nowhere to Hide
  13. 13. There’s Nowhere to Hide
  14. 14. There’s Nowhere to Hide
  15. 15. There’s Nowhere to Hide
  16. 16. Agenda Stuck in stasis Implementation Expansion Results Q&A Charting a way out
  17. 17. Accountabilities and responsibilities assigned at the individual level
  18. 18. Accountabilities and responsibilities assigned at the individual level
  19. 19. All associated objects are directly linked
  20. 20. All associated objects are directly linked
  21. 21. All changes traceable to time, individual and nature
  22. 22. All changes traceable to time, individual and nature
  23. 23. Collaboration history and buy in evidenced
  24. 24. Collaboration history and buy in evidenced
  25. 25. Reporting Overview Projects Findings Stats
  26. 26. Reporting Overview Projects Findings Stats
  27. 27. Reporting Overview Projects Findings Stats
  28. 28. Reporting Overview Projects Findings Stats Automated 16% Man/Auto 19% Manual 65%
  29. 29. Agenda Stuck in stasis Implementation Expansion Results Q&A Charting a way out
  30. 30. Universally applicable to any compliance standard
  31. 31. Agenda Stuck in stasis Implementation Expansion Results Q&A Charting a way out
  32. 32. RESULTS HAVE BEEN ASTOUNDING! Area Result Resources SOX No significant deficiencies or material weaknesses Team size 5 SOC2 Type 1 &2 Passed on first attempt 1 FTE, 3 contractors ISO Passed on first attempt 1 FTE, X contractors
  33. 33. Ask me anything!
  34. 34. Thank you! RICH WOODSON - SENIOR PROGRAM MANAGER

×