Skip to content


Smart Auditing and Compliance Testing
SmartSOX is an innovative tool that allows you to simplify & accelerate compliance testing in SAP systems.

Smarter Sample Selection

Mitigate Risks Early

Best Practice Control Set

Design Your Own Controls

SmartSOX allows for smarter audit sample selection by focusing on changes that impact SOX controls, that could negatively affect your audit results, providing you with greater confidence in your compliance testing.
SmartSOX can be used as a proactive measure to keep SAP productive systems in compliance by mitigating risks as early as possible, improving accuracy and accelerating your periodic review process.
The SmartSOX solution comes pre-configured with example and suggested control set based on our extensive experience on SOX compliance testing projects, so you can get your installation started in just a few minutes.
SmartSOX includes a dedicated app that enables you to design new controls or modify existing control sets by selecting the crucial system objects you want to audit, giving you complete and total flexibility over your system audit process.

About SmartSOX

Sarbanes Oxley Act (SOX) compliance testing is always a challenge to any enterprise of any size. Compliance testing activities are very challenging, compared to other software-related activities like feature and performance testing, and even worse, any changes transported to the production environment of a live SAP system can potentially impact the IT controls.

AevITas IT SmartSOX solution helps SOX auditors, control owners, business process owners and senior leaders in the enterprise to review all the changes that were transported to production systems, in the light of the SOX controls that have been impacted. This crucial functionality helps to efficiently select those changes for review and compliance testing.

SmartSOX is a solution unique in the market that enables business process owners and control owners to proactively review these changes and ensure SOX controls are in place and withstand audit scrutiny.

Additionally, SmartSOX provides the auditors with the important ability to design their own controls. The Audit Team can effectively modify the Control Set at any time, by inserting new or editing existing controls by selecting the crucial system objects they would like to include. After finalizing the control set, the audit tool can be run again using the newly formulated controls.

Watch our brief demonstration video below to learn more:

Frequently Asked Questions

Answers to the most common questions about the SmartSOX.

SmartSOX is designed to simplify and accelerate periodic SOX reviews for SAP ECC6 and SAP S/4HANA. SmartSOX helps SOX auditors to intelligently select their audit sample using an evidence-based approach and gain confidence on SOX compliance in the most crucial area of SAP application changes. SmartSOX detects direct changes made to productive systems early to improve accuracy and accelerate the periodic review process. Out of the box, it comes with a predefined model control for both ECC and S/4HANA designed to get you started, but we have also developed an interface to give you the ability to modify the model and also create your own controls to run against the system.

SOX compliance testing is an assessment of the company’s internal control processes related to financial reporting. SOX compliance testing helps a public company show investors, employees, and other stakeholders that it has procedures in place to prevent fraud and that the financial reports the company produces are accurate and reliable.

The initial SOX controls testing is often performed by management as a self-assessment, or by a dedicated SOX team, followed by an assessment performed by independent auditors. When the testing is done by management, they are testing their own processes. In this form of testing, there is very little independence since management is involved in both the control operation and in the SOX testing process.

Testing is occasionally facilitated by an internal audit team who publishes a self-assessment to managers, who will respond with documentation for the internal auditors to validate. Some companies have a dedicated SOX team that is part of the management team, acting as a compliance group and therefore is not fully independent. SOX teams are removed from the control and better positioned to provide unbiased test results. After the testing is completed, an internal audit team may perform independent testing. Since the internal audit is independent, others may be able to rely on the SOX controls testing they performed.

Today’s business environment is very complex and is becoming increasingly automated. Numerous applications comprise the enterprise ecosystem and therefore multiple sources of risks exist. Most importantly, the need for auditing the information access control in a continuously changing application environment.

This poses the need for continuously auditing the enterprise systems, combined with overall exhaustive audit activities throughout the year.
Even more importantly, while all these challenges are intensifying over time, the audit resources remain limited. Time availability is also limited. While in the meantime support from the business side is also restrained to the minimum.

This poses the question; how can your organization manage the important activity of SOX compliance testing? How can you manage this with your available resources and limited time? How is it possible to move on to smart compliance testing and collect the best samples for a most effective auditing process?

SmartSOX is used as a proactive measure to keep productive systems in compliance with SOX and mitigate risks before they are identified in future reviews. The tool can be used before the official reviews or after a major change request has implemented in a system, to proactively check for violations and risk early in the process to take immediate remedial action.

The SmartSOX solution includes the sample selection application, a SOX control master data management application, and a predefined model control set, implemented for SAP ERP applications, both ECC and S4/HANA.

SmartSOX Master Data Management App
SmartSOX includes a web-based master data management application that allows you to create and manage your SOX controls, while also maintaining the link between the SOX control and the SAP Control object. The Master Data Management app includes a mass-upload functionality that can significantly speed up the start-up/onboarding process, or when simply you would like to create or change a big number of controls.

SmartSOX Control Report
The SmartSOX control report application is the main tool of the solution that runs the controls upon request of the user and presents all the potential risks that currently exist in your productive SAP system. After reviewing the comprehensive result set, you can create a sample that you will be able to investigate further.

Predefined model control set
Based on our multi-year experience, we have created and provide included with SmartSOX a predefined model control set that can help get started with the tool. The initial control set can also be used as a template for the mass-upload tool to speed up the onboarding and installation process of the solution.

The biggest reason to implement this solution is if your company deals with the Sarbanes-Oxley sections 302 and 404 regulations, you have implemented a lot of controls to be able to successfully have audit of your company’s SAP ERP system. aevITas SmartSOX tool enables you to easily review and analyze the control results in one centralized place using a simple user interface.

If you have implemented any SAP ERP solutions, you already know that SAP is notorious for its complexity in role and user access security and administration. The risk of degrading role security is augmented by this complexity – having a robust and rigorous audit control system is a must. Even as your company evolves and develops over time, business requirements change and adjust to your development, but controls and security often become outdated.

Still searching for your ideal solutions partner?

Seamless Integration | Tailored Solutions | Delivery Excellence | Cost Effectiveness