SOX Engine

Dashboard

Analyzing

OpenSox

v2.4.1
healthy

Evaluating controls against evidence. 2 tests running, 4 in queue. 6/7 data sources connected.

87%autonomous
91%self-heal rate
38tests this month
94%evidence quality
ITGC-AM-001Timely Termination of Access
Test Execution
5/12 stages · 8,420 tokens42%
Currently: Test Execution
9 of 12 records evaluated — 8 passing, 1 exception (EMP-4201)
Continuing evaluation...
Conductor Routing
6 sources active
Routing hr-terminations-feb-18.csv → ITGC-AM-001
Schema matched at 96% confidence · Testing full population
routing
sap-user-roles-daily.csv → ITGC-AM-003
Auto-routed via cached schema · 3 SoD conflicts found
2h ago
new-vendor-master.xlsx — Needs your input
Unknown format · 72% confidence · Might be ITGC-AM-003 or APP-AR-001
Oracle schema change detected — self-healed
REVIEW_DT → COMPLETED_DATE · Applied cached mapping at 94.2%
5h ago

Needs Your Attention

3
MW / CriticalDeficiency Classification
4 Material Weaknesses — Open
Potential MW across ITGC-AM-003. 4 unresolved findings requiring immediate remediation before audit completion.
1 control affected
Review & Remediate
MW / Criticalaccess management
ITGC-AM-001 — Control Failing
Timely Termination of Access. 5 open exceptions. Last tested Feb 15.
Owner: IT Security Manager
Investigate
MW / Criticalsod
ITGC-AM-003 — Control Failing
Segregation of Duties — Conflict Detection. 8 open exceptions. Last tested Feb 15.
Owner: Access Governance Lead
Investigate
High PriorityDocumentation
ITGC-AM-001 — Workpaper Awaiting Review
ITGC-AM-001 — Termination Access Review — Feb 2026. 5 exceptions documented. Prepared 2026-02-15.
Ref: WP-2026-AM001-002
Review Now
High PriorityDocumentation
ITGC-CM-001 — Workpaper Awaiting Review
ITGC-CM-001 — Change Management Review — Feb 2026. 3 exceptions documented. Prepared 2026-02-15.
Ref: WP-2026-CM001-001
Review Now
High PriorityException Management
2 Exceptions — No Owner Assigned
Critical/high severity exceptions without remediation owners. These need to be triaged and assigned to drive resolution.
ITGC-AM-001, ITGC-CM-001
Assign Owners
Monitored
15
Active Controls
5 critical
13
Open Exceptions
Autonomous
12
Tests This Week
2840K tokens
$47.23
AI Cost (Month)

What OpenSox Did

Detected new HR termination exportITGC-AM-001
hr-terminations-feb-18.csv appeared on SFTP. 12 terminated employees identified. Automatically triggered ITGC-AM-001 test.
Feb 18, 09:47 AM
Normalized data across 3 systemsITGC-AM-001
Mapped Workday Worker_ID → SAP BNAME → Oracle USER_NAME. All 12 HR records matched to system accounts.
Feb 18, 09:45 AM
Sent remediation overdue noticeITGC-AM-001
EMP-1847 (Michael Torres) — SAP account still active 18 days post-termination. Emailed IT Security Manager.
Feb 18, 08:00 AM
Self-healed a SAP connection timeoutITGC-OPS-001
SAP backup log connector timed out during ITGC-OPS-001 test. Retried after 5s backoff — succeeded.
Feb 17, 11:18 PM
Escalated Material Weakness to CFOITGC-AM-003
ITGC-AM-003: User USR-3401 holds both Vendor Create and Payment Release roles. CFO acknowledged in 1h 17m.
Feb 15, 04:05 PM
Generated audit workpaperITGC-AM-001
WP-2026-AM001-002 created for ITGC-AM-001. 5 exceptions documented. Sent to Sarah Chen — approved in 40 min.
Feb 15, 02:30 PM
Auto-adapted to Oracle schema changeITGC-AM-002
Oracle EBS renamed REVIEW_DT to COMPLETED_DATE. Applied cached schema mapping at 94.2% confidence.
Feb 14, 09:12 AM
Flagged self-approval in change managementITGC-CM-001
CHG-4521: J. Thompson is requestor, developer, and approver. Notified Change Management Board — acknowledged in 25 min.
Feb 15, 11:50 AM
Communications2 pending ack
[CRITICAL] Material Weakness Detected — ITGC-AM-003 SoD Conflict (USR-3401)
Diana Reyes · email · ✓ acked
#sox-compliance: Critical Exception — EMP-1847 post-termination access detected
IT Security Manager · slack
[OpenSox] Workpaper ready for review — ITGC-AM-001 Feb 2026
Sarah Chen · email · ✓ acked
[OVERDUE] Remediation past due — ITGC-AM-001 / EMP-1847 (due Feb 18)
IT Security Manager · email
Escalations2 open
L3ITGC-AM-003acknowledged
material weakness open — CFO acknowledged. Remediation plan requested by Feb 22.
L3ITGC-AM-001open
post termination login detected
L2ITGC-AM-001open
remediation sla breach
Evidence Qualityacceptable
92
Evidence Quality
12 pass · 1 warn · 0 fail
hr-terminations-feb-18.csv
13 PCAOB checks run. AI confidence: 97%. 1 warning.
Control Health
Passing (8)
Failing (2)
With Exceptions (5)
Control Test Trends (12 Weeks)
Exception Aging
View All →
Recent Test Runs
View All →
ITGC-AM-001Timely Termination of Access
Feb 15FAIL
ITGC-AM-003Segregation of Duties — Conflict Detection
Feb 15FAIL
ITGC-CM-001Change Approval Documentation
Feb 15EXCEPTIONS
ITGC-OPS-001Backup Completion Verification
Feb 16EXCEPTIONS
ITGC-AM-004Privileged Access Monitoring
Feb 13PASS
Deep Dives
Control Coverage
View Controls →
ITGC-AM-001FAIL
Continuous
ITGC-AM-002EXCEPTIONS
Q2 2026
ITGC-AM-003FAIL
Continuous
ITGC-AM-004PASS
Mar 12, 2026
ITGC-CM-001EXCEPTIONS
Continuous
ITGC-CM-002PASS
Mar 12, 2026
ITGC-CM-003EXCEPTIONS
Continuous
ITGC-OPS-001EXCEPTIONS
Tomorrow
ITGC-OPS-002PASS
Tomorrow
ITGC-OPS-003PASS
Next Monday
ITGC-AM-005PASS
Q2 2026
ITGC-AM-006EXCEPTIONS
Continuous
ITGC-CM-004PASS
Continuous
ITGC-OPS-004PASS
Mar 12, 2026
ITGC-OPS-005PASS
Next Monday
Critical & High Exceptions
Manage →
criticalITGC-AM-001
open
Employee terminated on Jan 28, 2026. SAP account remains Active (UFLAG=0) as of Feb 15, 2026 — 18 calendar days post-ter...
criticalITGC-AM-001
in progress
Employee terminated on Feb 3, 2026. SAP account remains Active (UFLAG=0). Last login was Feb 5, within the grace period ...
highITGC-AM-001
open
Employee terminated on Feb 1. Oracle account remains Active. No post-termination login detected, but account is accessib...
criticalITGC-AM-003
open
User holds both Vendor Master Create (FK01) and Payment Release (F110) roles in SAP ERP. This is a critical SoD conflict...
criticalITGC-AM-003
open
User holds both Journal Entry Create (FB50) and Journal Entry Post (FB01) roles. Can create and post journal entries wit...