Transactional Security for SOX
Sarbanes Oxley (SOX) financial reporting requirements require, among other things, that any reported financial analysis is derived by documented and auditable processes that ensure accuracy in representing original business transactions. Designing a Business Intelligence system to securely capture original business transactions greatly simplifies these auditable processes and shields the repository of transactions from any user access
In order to achieve this, Decentrix recommends that the architecture for the data warehouse is designed such that the:
- data warehouse transactional repository is only updated by the automated ETL processes and
- the transactional repository is only read by the automated data cube building processes
As a result of this design, no user access is ever required or permitted to the data warehouse server itself for analysis. This is because all user analysis accesses the data cubes only, which should always be located on a separate server.
The outcome is a very controlled and limited access (by authorized IT personnel) to the original business transactions in the data warehouse. This access can be documented and audited to ensure that the source transactions for any analysis numbers cannot have been modified since the original source business transactions were recorded.
When properly designed, any business total displayed from the data cube can be drilled through until it is visibly represented by the original source transactions in the data warehouse fact tables. This ability to audit cube totals is available for the values on any presentation tool analysis whether they be dashboards or PDF reports.
As a consequence of this design, the auditable security over the data warehouse source transactions provides the strongest level of protection, supporting the auditing of every analysis total back to trusted original source business transactions. The result is compliance with the Sarbanes Oxley (SOX) requirements for accurate financials.
The complete auditing of any business total in an analysis report consists firstly of expanding the total down to the finest level of detail. This can be performed by the “Drill-Through” command to expand the total in terms of the source transactions captured in the data warehouse Fact tables. Secondly, the data warehouse must have auditing and reconciliation processes to ensure that the transactions added to the data warehouse exactly represent the original transactions from the operational system from which they derive. These transactions are captured right after original data entry and are protected from any further modification in the secure data warehouse environment. Finally the operational systems must have controls to ensure that the actual original business transactions are captured reliably on the day of entry.
BIAnalytix is a powerful media data warehouse and Business Intelligence system provided by Decentrix which implements this secure architecture and procedures for the protection of the original transactions in the data warehouse. New transactions or changes are only ever added to the data warehouse and the original supplied business transactions are never modified after being captured right after entry in the source system. All user access to the information is isolated to the fast OLAP cubes on the intranet servers thus allowing very secure processes to protect the original source transaction but still allowing drill-through of any displayed total to those original business transactions. These features make the BIAnalytix data warehouse a fundamental component in meeting the Sarbanes Oxley requirements for accurate financial reporting and keeping your key executives from ever reporting on totals that are not traceable to the original transactions.