D365 Finance & Operations and Dynamics AX Forum

Expand all | Collapse all

SOX / Audit requirement relating to system admin for Dynamics AX

  • 1.  SOX / Audit requirement relating to system admin for Dynamics AX

    TOP CONTRIBUTOR
    Posted Jan 08, 2020 03:06 PM
    Hi SOX compliance and audit guru

    Can anyone advise or share a documentation with regards to system administration access to both  PROD and PreProd environment. Like  same System admin in Dynamics AX is not allowed to have access to both PROD and Preprod environment per SOX or audit requirements

    Eg
    if John is system admin and have access to PROD he shouldnt have access to PREPROD
    and TIM who have access to Preprod, Tim doesnt have access to PROD
    Academy - Online Interactive Learning from Experts


  • 2.  RE: SOX / Audit requirement relating to system admin for Dynamics AX

    Posted Jan 09, 2020 07:27 AM
    Hi Najeem,
     I don't believe this is correct. why they interested in non-prod systems.

     A person who is an admin in prod will surely be an admin in non-prod. However, it can't be another way around.

    you should challenge the question. :-)

    let me if any questions, please.
    Thanks
    Mohammad

    ------------------------------
    Mohammad Arif
    Solution Architect
    Dentsu Aegis Network
    Livingston SC
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 3.  RE: SOX / Audit requirement relating to system admin for Dynamics AX

    TOP CONTRIBUTOR
    Posted Jan 09, 2020 06:47 PM
    Thanks Mohammed, I agree with you why non prod is subject to audit/SOX compliance Being sitting on AX side, love to challenge, but need some SOX/AUDIT documentation.

    On my side only the justification I am giving I need access to Non-prod to test any requirement is coming or test new features to demo finance. If i dont have access to non prod, where can I test or apply the knowledge to transfer

    Academy - Online Interactive Learning from Experts


  • 4.  RE: SOX / Audit requirement relating to system admin for Dynamics AX

    MICROSOFT MVP
    Posted Jan 09, 2020 09:50 AM
    Najeem,

    I would tend to agree with Mohammad, your pre-prod environments will more than likely not fall under the scope of an audit. However there is one major caveat to this, code promotion should always be a 'gated process' in that more than one user should be involved. Auditors will ask to see this process and will validate if a single user can go to a non-prod environment and push code to a prod environment without any other user input.

    ------------------------------
    Alex Meyer
    Director of Dynamics AX/365 for Finance & Operations Development
    Fastpath
    Des Moines, IA
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 5.  RE: SOX / Audit requirement relating to system admin for Dynamics AX

    TOP CONTRIBUTOR
    Posted Jan 09, 2020 07:51 PM
    Thanks Alex, for code promotion or any work in AOT, we have process of approval to complete. before code is pushed into PROD:  tested in preprod, UAT signing off and then move to PROD, Thats code promotion is by developer/ tech consultant

    Didnt get the myth of SOX/AUDIT consultants they myth of segregation of duties in IT area (Application owner) - (Prod vs Preprod). Its going to be a person who will set up and test in PRE PROD environment and then another person who is not aware and will set up in PROD

    Academy - Online Interactive Learning from Experts


If you've found this thread useful, dive deeper into User Group community content by role