Supply Chain Sarbanes Oxley Supply Chain SarBox Supply Chain SOX Supply Chain Corporate Governance Supply Chain Integrity

An organization's supply chain systems include: Enterprise Resource Planning (ERP), Transportation Management Systems (TMS), Warehouse Management Systems (WMS), supplier web portals, customer web portals, Electronic Data Interchange (EDI / eB2B), financial systems, Manufacturing Execution Systems (MES), Quality Management Systems (QMS), etc.

How secure is your organization's internal and external supply chain information across your customers, employees, and suppliers? Two key security components need to be addressed:

The first component is the technology security surrounding your supply chain information systems. Technology security, which may be hardware or software based or a combination of the two, includes firewalls, anti-virus software, anti-spam software, protection against denial-of-service attacks, etc. The technology security can be thought of as the castle's defenses (moat, guard towers, drawbridge, etc.)

The second component is the business application security. This includes user roles and rights within a software application. What the user can do to what information. The Association of Certified Fraud Examiners (ACFE) recognizes that the separation of responsibilities is a very effective fraud-reduction tactic. However, user roles must be separated not just in the business software application, but in real life too!

And as discussed briefly in Information & Communication, if users are forced to store information on unsecured computers, this is a potential security problem.

If an organization's technology infrastructure is breached, the ability to create accurate and timely financial statements could be compromised. Good supply chain governance demands that significant attention be focused on ensuring the integrity of the computer systems supporting the internal and external supply chains. Systems, like processes, that lack integrity leave the door open to fraud.