Audits, Controls and Compliance – Configuration, Financials and Party

Don Goodenow
Director, Product Management, Reinsurance & Collections
StoneRiver

In my last post I outlined common service elements that can be included in an SOA solution. Today we’ll look at Configuration, Financials and Party (name and address +) in more detail, and see how they can enable compliance with regulatory requirements.

Enterprise-level Configuration is a service that can provide a mechanism for defining an organization and its products once for an entire suite of components. This can enable a company to establish standardized product definitions that apply across all components. The definition of organizational structure can enable a company to define work groups for its corporate entities and sub-entities, thereby establishing the basis for controlling individuals’ access and work flow processing.

Accounting Periods and Chart of Account Classifications can also be defined at the enterprise level, improving control over financial management and balancing processes.

Why is Enterprise-level Configuration important?
SOX and the MAR require organizations to establish and monitor controls of systems that can impact the ability to faithfully report financial status. Enterprise-level configuration of an organization’s products eliminates the risk of incomplete control over product offerings and of undesirable data duplication (with its implied control problems). Coupled with a single point of definition for an organization’s chart of accounts and accounting periods, Enterprise-level Configuration provides a powerful tool for a company to use as an essential part of its compliance efforts.

Enterprise-level Financials is a service that can provide a single mechanism for defining an organization’s standard financial model and accounting periods. This single financial / accounting structure allows the control of transaction recording within and across all components, assuring consistency in general ledger reporting and balancing methods within accounting periods.

In addition to common General Ledger functions across all components, an Enterprise Financials service can provide common receipting and disbursement processes, delivering a single point of control for these important activities.

Why are Enterprise-level Financials important?
SOX / MAR require that an organization establish and maintain financial controls that “… (1) Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets; (2) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements …” Enterprise Financials provide a mechanism for the definition and control of an organization’s accounts and the activities processed against them. No transaction can be processed if it is not first defined within Enterprise Financials.

Party can provide more than a Name and Address file. It can provide features for managing customer relationships and demographics. Party can:

  • Be built as a Customer-Centric Model, using ACORD’s Party Data Object Model
  • Support “Role” definitions to reduce redundancy in access management (related to security).
  • Employ “Usages,” to manage data ownership and to support the use of seasonal addresses
  • Introduce enterprise-wide address verification
  • Support geo-coding options, and
  • Third-party credit card processing support.

Why is Party functionality important?
SOX / MAR require that an organization provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements. Party can provide a single point for capturing all entities that have any relationship with system components: users, insureds, claimants, vendors, etc. This can eliminate redundant data capture. By supporting multiple role definitions and participation methods in a system’s processing, party can enable comprehensive field, transaction and process controls at the individual user level (related to security).

In my next post we’ll take a look at three more important services: Security, Distribution Services and Notes.

No votes yet