Contact Us

HFM Admin SOX Compliance Checklist: Providing Support for SOX Sections

Since Oracle Hyperion Financial Management is generally a finance-owned and IT-supported application, HFM administrators have several responsibilities and requirements that they need to meet. Some are evidence-based activities (e.g. provide proof of how foreign-owned entities are translated and consolidated in the financial statements), and some are change control activities (e.g. ensure metadata updates of entities and/or accounts are approved by the accounting manager).

To support accounting for Sarbanes-Oxley compliance activities, use the SOX compliance checklist to see how HFM admins perform the following application support and change management tasks.

HFM application support

  • Provide JE details from HFM (usually in a searchable Excel document for auditors’ ease of use).
  • Using a data grid, provide evidence that revenue/expense accounts translate at average rate and asset/liability accounts translate at end of month rate.
  • Provide security detail for those with access for input of exchange rates.
  • Confirm app security is in place allowing only appropriate (or restricted) users access to write back to HFM data intersections through grids, forms, or Excel.
  • Verify that app security is reviewed and appropriate per the user’s role in the organization. (This exercise may prove double duty for the Oracle licensing reviews to make sure the organization is in compliance.)

Change management

  • Compare metadata file quarter over quarter. Provide documentation support that metadata updates were approved by accounting. Note: Oracle Data Relationship Management can provide reports on these changes.
  • Compare HFM rules file quarter over quarter. Provide documentation support that any calculation updates were approved and followed your organization’s defined change control process (using your SDLC process).
  • Confirm app security is in place allowing only appropriate users access to modify metadata and rules elements.

Miscellaneous tasks

Additional activities HFM administrators may be asked to participate in include:

  • Conduct an IT disaster recovery exercise. (Can HFM be brought online with the prior night’s backup?)
  • Review license compliance.
  • Perform environment upgrades. Verify browser compatibility with the current version of Hyperion, Office tools compatibility, Windows 10 compatibility, and so on.

You might also be interested in...


New call-to-action

Ask an EPM/BI Advisor

If you're here, you've got questions — and we've got answers. Book your consultation to ask us about any range of topics, including:

  • Evaluating EPM or BI technologies
  • Comparing on-prem vs. cloud
  • Planning upgrades and migrations
  • Estimating project costs and timeframes
  • And much more — ask us anything!

Let our experts tackle your toughest questions for you.

Let's Talk