Tuesday, February 01, 2005

Help is on the way: software for SOX compliance

Corporate spending on Sarbanes-Oxley (SOX) so far hasn't been the gold mine that software vendors have been hoping for. Compliance has been largely a manual effort, as companies work to document and improve internal controls under SOX Section 404. A recent AMR survey estimates that only 28% of SOX compliance spending has been for technology. The rest is for manpower: internal headcount (42%) and external consulting (29%).

But the ratio of manpower to software may be starting to change. According to an article in CFO Magazine, software vendors have been refining their SOX compliance offerings to automate some of the tasks:

New versions of Sarbox software programs represent big improvements over earlier offerings. Certainly, recent releases from Axentis, Hummingbird, OpenPages, Virsa Systems, and Approva reflect a more realistic understanding of the burdens. Some of the programs compare a company's current controls to compliance best-practices, offering solutions on how to shore up weaknesses and better segregate duties. Others help managers document policies and procedures, creating electronic archives of those policies along the way. Several programs flag internal transactions that look suspicious.
Software is not going to completely automate Section 404 SOX compliance. Compliance will continue to be a huge manual effort. There's no substitute for manager's understanding of the business in assessing, designing, and implementing proper internal controls. But software can help.

Read the entire CFO article for more details.

Update: on a related note, Computerworld has a good article today on how SOX compliance programs are causing a shift in the role of the CIO, putting the IT group at least temporarily more closely associated with the CFO. For CIOs that have been struggling over the years to get out from under the management by the accounting function, it's not necessarily a good trend.

Related posts
Making SOX compliance a meaningful exercise
Sarbanes-Oxley compliance: too often a wasted effort
Sarbanes-Oxley spotlights need for controls in IT
Checklist for Sarbanes-Oxley compliance
Sarbanes-Oxley spotlights need for controls in IT
Cost of compliance with Sarbanes-Oxley isn't mainly in new systems
Is Sarbanes-Oxley the new Y2K?

1 comment:

Anonymous said...

Thanks for the software solutions that you mention...It helps fine tune the selection process for segeration of duties.. I have worked with many of these solutions and they are very deep -- the problem with all thee solutions is they are narrow in their approach

I am a partner at a Big 4 and one of the best solutions in the market is CorporateStream from a company called MetricStream. They provide a lasting and comprehensive solution

Watch out for this company.. Its a success in the making. They are backed by Kleiner Perkins and are going about it the right way....

Rubin ...