Ask An Expert

HFM Admin SOX Compliance Checklist: Providing Support for SOX Sections | US-Analytics

Jennifer Conard
January 27, 2020

Since Oracle Hyperion Financial Management is generally a finance-owned and IT-supported application, HFM administrators have several responsibilities and requirements that they need to meet. Some are evidence-based activities (e.g. provide proof of how foreign-owned entities are translated and consolidated in the financial statements), and some are change control activities (e.g. ensure metadata updates of entities and/or accounts are approved by the accounting manager).

To support accounting for Sarbanes-Oxley compliance activities, use the SOX compliance checklist to see how HFM admins perform the following application support and change management tasks.

HFM application support

  • Provide JE details from HFM (usually in a searchable Excel document for auditors’ ease of use).
  • Using a data grid, provide evidence that revenue/expense accounts translate at average rate and asset/liability accounts translate at end of month rate.
  • Provide security detail for those with access for input of exchange rates.
  • Confirm app security is in place allowing only appropriate (or restricted) users access to write back to HFM data intersections through grids, forms, or Excel.
  • Verify that app security is reviewed and appropriate per the user’s role in the organization. (This exercise may prove double duty for the Oracle licensing reviews to make sure the organization is in compliance.)

Change management

  • Compare metadata file quarter over quarter. Provide documentation support that metadata updates were approved by accounting. Note: Oracle Data Relationship Management can provide reports on these changes.
  • Compare HFM rules file quarter over quarter. Provide documentation support that any calculation updates were approved and followed your organization’s defined change control process (using your SDLC process).
  • Confirm app security is in place allowing only appropriate users access to modify metadata and rules elements.

Miscellaneous tasks

Additional activities HFM administrators may be asked to participate in include:

  • Conduct an IT disaster recovery exercise. (Can HFM be brought online with the prior night’s backup?)
  • Review license compliance.
  • Perform environment upgrades. Verify browser compatibility with the current version of Hyperion, Office tools compatibility, Windows 10 compatibility, and so on.

You might also be interested in...


Want something amazing in your inbox?

Subscribe to our newsletter below