Market dynamics: Sarbanes-Oxley-financial storm in an IT teacup?
The 2002 Sarbanes-Oxley (SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. ) Act, which is being touted as landmark legislation for US corporate governance Corporate Governance
The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. and accountability that will change the way in which organizations manage their businesses. In a nutshell nut·shell
The shell enclosing the meat of a nut.
in a nutshell
In a few words; concisely: Just give me the facts in a nutshell.
Adv. 1. , SOX introduces stringent new financial reporting rules and regulations aimed at deterring corporate fraud. AMR (1) (Adaptive Multi-Rate) A variable rate speech codec selected by the 3GPP for the 3G evolution of the GSM cellphone system (WCDMA). Using the Algebraic CELP (ACELP) compression technology, AMR provides toll quality sound at transmission rates from 4.75 to 12. Research said in a report published early in May 2003 that SOX has the potential to be "bigger than Y2K See Y2K problem and Y2K compliant.
Y2K - Year 2000 " and that the public companies will spend up to $2.5bn this year to comply with the SOX. A large portion of that will inevitably be set aside for IT. Regardless of the user pull, vendors are also pushing SOX to the hilt hilt
The handle of a weapon or tool.
to the hilt
To the limit; completely: played the role to the hilt. . A raft of enterprise software vendors, ever quick to spot a new and lucrative business opportunity to shore up their flagging sales pipelines are rolling out or developing applications and tools to help simplify SOX compliance. Software vendors are certainly taking SOX to the bank. But are they also taking customers to the cleaners? This report examines whether SOX, like its Y2K-compliance predecessor, is really a legitimate concern for IT user organizations, or whether it is simply the by-product by·prod·uct or by-prod·uct
1. Something produced in the making of something else.
2. A secondary result; a side effect.
1. of over-opportunistic vendor hype and rhetoric.
What is SOX?
The SOX Act of 2002 is a relatively fluid set of corporate disclosure and financial reporting rules for companies that are traded publicly in the US. The Act, which essentially reconciles two competing corporate reform bills (one sponsored by Paul Sarbanes Paul Spyros Sarbanes (Greek: Παύλος Σπύρος Σαρμπάνης) (born February 3, 1933), a Democrat, is a former United States Senator who represented the state of Maryland. in the Senate and the other sponsored by Republican Michael Oxley in the House of Representatives), was signed into law last July by President Bush in a move to restore confidence in the US financial markets in the wake of several highly publicized pub·li·cize
tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es
To give publicity to.
Adj. 1. publicized - made known; especially made widely known
publicised financial scandals that happened that year. The SOX requirement for companies to establish best-practice procedures for meeting their reporting obligations is specifically intended to curb massive accounting irregularities such as those that led to the December 2001 bankruptcy of energy trader Enron and resulted in an obstruction of justice A criminal offense that involves interference, through words or actions, with the proper operations of a court or officers of the court.
The integrity of the judicial system depends on the participants' acting honestly and without fear of reprisals. verdict against its auditor Arthur Anderson Arthur Anderson may refer to:
Among other things, SOX requires executives and auditors of publicly held companies to companies to validate the accuracy and integrity of their financial management. The processes and documentation required for compliance are quite rigorous, and regulated in part by the US Securities and Exchange Commission. Companies must document and certify the effectiveness of internal controls and procedures relating to relating to relate prep → concernant
relating to relate prep → bezüglich +gen, mit Bezug auf +acc financial reporting, and CEOs and CFOs must personally certify that their companies' statements are complete and accurate. Internal Controls
Most of corporate America's focus on SOX, both in terms of general media buzz and IT vendor activity, has thus far has been on two Sections of the Act that specifically relate to the requirement of management to report annually on the effectiveness of internal controls.
* Section 404 deals with the "certification of financial reporting processes and controls." This requires companies to identify risks to internal business processes that could affect financial results, and to document the controls in place to mitigate those risks. Outside auditors must evaluate those controls and report any problems. According to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. rules laid down by the SEC, most large US companies (i.e. those with a market capitalization Market Capitalization
A measure of a public company's size. Market capitalization is the total dollar value of all outstanding shares. It's calculated by multiplying the number of shares times the current market price. This term is often referred to as market cap. of over $75m) will be required to show compliance with Section 404 for fiscal years ending on or after June 15, 2004 (which extends by about eight months the original deadline). Smaller businesses, and so-called "foreign private issuers", will have until April 15, 2005 to comply.
* Section 302 requires CEOs and CFOs to attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as to the accuracy of generated reports on internal controls and financial reports. It also requires these officers to formally sign off that the internal controls are in place and to acknowledge responsibility that the internal systems meant to execute these controls are reliable and secure.
* Section 404 appears to be a key leverage point from a software standpoint, while research seems to show that most companies are better prepared to meet the financial reporting requirements of SOX Section 302.
The importance of internal controls is not a new phenomenon in financial IT circles--in fact this has been major auditing emphasis for decades. However, what is new is the emphasis. Whereas auditors in the past focused primarily on detecting errors and certifying accuracy, the Enron, WorldCom and similar debacles, have put a greater pressure to detect and discourage risk and fraud.
SOX has the potential to make an impact on businesses of all sizes. Market research estimates that nearly 15,000 public companies will need to achieve and sustain compliance with the laws. Mid-sized and larger companies will spend from 5,000 to 15,000 hours to achieve compliance and more time to sustain it quarter over quarter.
These public companies now face a tall order of management and technical challenges, not least:
* Identifying issues and improvement opportunities in auditing and internal control processes.
* Ensuring the integrity of records with audit trails, document management, version control, and security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security that ensure the protection of data and documentation.
* Establishing internal controls that conform to Verb 1. conform to - satisfy a condition or restriction; "Does this paper meet the requirements for the degree?"
coordinate - be co-ordinated; "These activities coordinate well" standards such as the COSO COSO Committee of Sponsoring Organizations of the Treadway Commission
COSO Church of Spiral Oak
COSO Corporate South
COSO Class of Service Override
COSO Combat Oriented Supply Operations (USAF) (Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. ) framework.
Generating up-to-date, accurate reports on internal controls and financial statements that can be attested at·test
v. at·test·ed, at·test·ing, at·tests
1. To affirm to be correct, true, or genuine: The date of the painting was attested by the appraiser.
2. to with confidence.
* Simplifying processes and documentation required for compliance to speed the deployment and acceptance of change within the organization.
* Providing real-time reports and continuous monitoring that deliver insights into the status and performance of controls.
* Leveraging and/or enhancing existing financials, ERPs, and other legacy systems to minimize the cost of SOX compliance.
According to AMR, the world's largest 1,000 public companies have earmarked more than $2.5bn in IT investment this year on investigation and initial compliance with these SOX-related issues. AMR's survey shows that over 85% of companies will change their IT and application infrastructure as part of SOX compliance efforts.
Financial Systems Overhaul
SOX has significant implications for the integrity and reliability of enterprise financial reporting systems. With reporting time frames shrinking and system integration and integrity being audited more closely, corporate financial systems are now under increased scrutiny. Enterprises are being forced to take a long look at the financial systems infrastructure they have in place to assess potential weaknesses in accounting and reporting systems and processes that could lead to inaccurate results, or worse, risk exposure to fraud. At the same time, financial system vendors see new business opportunities and are scrambling to get a piece of the action by re-casting software offerings in an opportunistic opportunistic /op·por·tu·nis·tic/ (op?er-tldbomacn-is´tik)
1. denoting a microorganism which does not ordinarily cause disease but becomes pathogenic under certain circumstances.
2. SOX light.
Without mentioning the systems specifically, SOX obliges companies to produce the results that financial management systems are primarily used for accurate and timely financial reports. This task cannot be performed without the transactional and reporting systems in place that reliably generate the financial information, and it is often not feasible to do this manually.
Modern accounting systems from leading software vendors are generally well equipped to handle the financial reporting requirements of companies in the US and abroad. Theoretically at least, these systems have some degree of built-in "control". As such they should not require major replacement or modification as a result of the new SOX requirements.
Companies with disparate and legacy accounting systems are more at risk to meet the new and evolving SOX requirements. A major sticking point sticking point
A point, issue, or situation that causes or is likely to cause an impasse.
Noun 1. sticking point - a point at which an impasse arises in progress toward an agreement or a goal for providing accurate and timely reporting is a fragmented accounting system characterized by multiple general ledgers General Ledger
A company's accounting records. This formal ledger contains all the financial accounts and statements of a business.
The ledger uses two columns: one records debits, the other has offsetting credits. and numerous transactional system interfaces. A fragmented financial systems environment requires more interfaces and reconciliation procedures that extend the time required to "close the books". Such an environment also increases the risk of material errors in consolidating financial results as data is often dumped into spreadsheets and re-keyed into other systems for reporting purposes.
Ideally, an integrated ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. system with fewer interfaces and subsidiary general ledgers would be easier to control. Companies with disparate accounting systems and those with older, unsupported accounting software should seriously consider moving to an integrated environment that is more easily upgradeable. At a minimum, they should be investing in more effective financial consolidation and reporting tools, and consider a strategy to merge disparate accounting systems into a centralized cen·tral·ize
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es
1. To draw into or toward a center; consolidate.
2. , single financial management system. Tighter integration of financial applications can benefit companies by improving the timeliness of periodic accounting closing and reporting cycles. Additionally, a homogenous homogenous - homogeneous financial and accounting system environment can also be more easily upgraded in the event that reporting compliance changes are imposed. Therefore, the viability of incumbent financial software vendors should also be based on their ability to deliver maintenance updates as external reporting requirements and standards evolve.
While SOX legislation undoubtedly requires financial management applications to step up to the increased accountability and regulations, it is important to remember that SOX does not explicitly spell out the precise requirements for an ideal financial system. Nor does SOX mandate wholesale changes to underlying systems despite what some IT vendors might say. Rather, it is the focus on process and controls that is new.
Beyond the Number Crunching Refers to computers running mathematical, scientific or CAD applications, which perform large amounts of calculations. See number cruncher.
(application, jargon) number crunching
Even though much of the focus on corporate governance controls has been on financial practices, SOX is more than just having an efficient financial reporting system in place to more effectively consolidate data and produce financial reports. Upgrading the existing financial application infrastructure to provide greater efficiency, consistency and performance can help, but only up to a point. These applications alone, however, will not create a sound internal control environment or eliminate fraud.
The real challenge of SOX is to identify processes, documents, controls, and risks associated with financial reporting. Leading commercial accounting software packages are certainly capable of handling the financial accounting chores of most enterprises, but only if supported by appropriate staff and sound accounting policies and control procedures that feed these systems. For example, the process of closing the books and consolidating financial information must be carefully documented, and care must be taken during each accounting cycle to ensure that everything worked as planned.
Control processes around financial reporting systems are varied, and must be built around the following:
* Automating the gathering and centralization cen·tral·ize
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es
1. To draw into or toward a center; consolidate.
2. of documentation and evidence needed for compliance.
* Providing each member of the "extended" accounting team with a personalized per·son·al·ize
tr.v. per·son·al·ized, per·son·al·iz·ing, per·son·al·iz·es
1. To take (a general remark or characterization) in a personal manner.
2. To attribute human or personal qualities to; personify. view of the compliance process and his or her assigned tasks.
* Allowing for secure collaboration between internal finance groups and external accounting agencies on documentation and processes.
* Utilizing workflows for automating issue management and document sign-off.
* Focusing on a risk-management strategy that includes preventing loss of data and provides audit trails to analyze anomalies and deter fraud.
With a focus on financial governance, a governance agenda is implicitly set for information security. In fact, systems hackers have openly discussed the perils of so-called "data poisoning of financial statements" at industry events such as Black Hat and Def Con For other uses, see Defcon (disambiguation).
DEF CON (also written as DEFCON or Defcon) is the world's largest annual hacker convention, held every year in Las Vegas, Nevada. The first DEF CON took place in June 1993. . With the increased reliance of financial systems on IT, it is near-impossible for company officers to realistically sign off on the accuracy of financial statements without proper security control functions in place. Companies therefore need to bundle their financial systems with security to achieve the authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. , authorization, administration and audit functions that provide confidentiality and integrity of financial information. A robust architecture will establish the security requirements, internal controls, maintenance and monitoring of the systems. SOX's emphasis on the maintenance of controls around financials further points out that security is not simply a point-in-time goal, but a continuous assessment effort to provide adequate protection and accuracy of financials.
Implications for IT Vendors
Enterprise software vendors across the board are finding numerous opportunities to position their products in a SOX light. There are two main reasons for this.
First, because of the sheer depth and breadth of SOX compliance activities, compliance does not only involve putting the necessary financial systems in place. It also involves a careful orchestration orchestration
Art of choosing which instruments to use for a given piece of music. The sections of the orchestra historically were separate ensembles: the stringed instruments for indoors, the woodwind instruments for outdoors, the horns for hunting, and trumpets and drums of technology partners and solutions from ERP, BPM, and other e-business application areas.
Second, the quick time frame for SOX compliance has companies scrambling to define, document, and improve internal processes and controls along with the underlying technologies to support them. As yet there is no single product on the market that can claim to address all SOX requirements. Much of the early response from IT vendors has focused on the management and reporting of structured financial information, with financial business application vendors or financially oriented BI vendors leading the way. As a result, many software solutions have emerged to support the internal control reporting requirements specifically pertaining per·tain
intr.v. per·tained, per·tain·ing, per·tains
1. To have reference; relate: evidence that pertains to the accident.
2. to SOX Sections 404 and 302.
For companies where it might not be feasible to move to a single accounting system architecture, BI tools and financial consolidation packages provide reasonable alternatives to effectively manage financial information from disparate systems. For example, analysis and reporting tools that allow rapid dissemination dissemination Medtalk The spread of a pernicious process–eg, CA, acute infection Oncology Metastasis, see there of financial results internally (via the corporate intranet or "standard" viewers such as Microsoft Excel (tool) Microsoft Excel - A spreadsheet program from Microsoft, part of their Microsoft Office suite of productivity tools for Microsoft Windows and Macintosh. Excel is probably the most widely used spreadsheet in the world.
Latest version: Excel 97, as of 1997-01-14. ), as well as the analysis of key performance indicators Key Performance Indicators (KPI) are financial and non-financial metrics used to quantify objectives to reflect strategic performance of an organization. KPIs are used in Business Intelligence to assess the present state of the business and to prescribe a course of action. . In addition, IT can assist in making financial information more accessible and transparent to internal and external users by delivering results through Web-based reporting tools and portals.
Content management software providers are also getting in on the act. Recognizing that SOX also has implications for the management of related financial information that is typically held in unstructured formats, CM vendors are putting a content twist on the compliance issue, and vendors are now developing tools and/or beefing up their respective records management solutions to help companies manage the storage and retention of records for SOX compliance.
Finally, knowledge management, business process management, workflow, portal and collaboration vendors also see a role for their respective technologies in the effective project management of the financial auditing and reporting process.
Specialist SOX compliance vendors such as Nth Orbit are also starting to emerge in the market.
The vendor landscape for SOX compliance is evolving very rapidly, as the compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). are becoming better defined by the SEC and better understood by companies subject to the regulations. Enterprise software vendors have seized the opportunity to launch new corporate SOX accountability and compliance marketing campaigns. Many see a new a business opportunity to boost their flagging software sales, by offering infrastructure, applications and even complete solutions that all promise to alleviate the pain of meeting SOX compliance.
A raft of vendors are now jostling for a competitive position with "new" SOX products, making for a noisy and confusing market. While SOX may in fact be spawning a new breed of compliance software, it is unlikely that this will ever be encapsulated encapsulated Localized Oncology adjective Confined to a specific area, surrounded by a thin layer of fibrous tissue; encapsulation generally refers to a tumor confined to a specific area, surrounded by a capsule. See Islet encapsulation. in a single product offering. Many of the so-called SOX solutions on the market today are simply customized versions of vendors' existing products that attempt to embed em·bed also im·bed
v. em·bed·ded, em·bed·ding, em·beds
1. To fix firmly in a surrounding mass: embed a post in concrete; fossils embedded in shale. best-practice SOX principles into their applications' logic.
Given the sheer diversity of technologies and applications, a clear leader has yet to emerge on the software front. Moreover, it will take time for SOX to make a significant impact on sales. Since many of the early SOX plays are really consulting plays, the short-term beneficiaries revenue wise are the established global professional services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. and business consulting firms Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee
business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a as they help companies put compliance reporting systems and procedures in place.
A cross-section of some of the current SOX compliance solutions available on the market are briefly reviewed below.
The database and business applications giant Oracle is poised to ship its Oracle Internal Controls Manager product later this summer. Oracle's main development partner in its SOX effort is auditing firm PricewaterhouseCoopers.
The new software, which is an component application contained within Oracle's E-Business Suite 11i, specifically targets Section 404 of SOX and is designed to help companies document and test internal controls and monitor ongoing compliance. It does this by establishing financial controls and alerting users when such controls are circumvented. For example, Internal Controls Manager can be used to create a "library" of such risks that can then be linked to each business process in an organization, and used as the basis for risk assurance activities.
The software links to other Oracle applications including Oracle Workflow, a process-modeling tool that forms part of the Oracle E-Business Suite A group of integrated Internet-based applications from Oracle. Introduced in 2001 as Version 11i, it includes modules for CRM, finance, human resources, supply chain management as well as applications for business intelligence. . The combination of the workflow tool and Internal Control Managers enables companies to design their business processes and store them in a centralized repository while also monitoring the business processes to ensure they are performed in the manner in which they were designed. Alerts are automatically sent to the appropriate person when deviations are detected.
Internal Controls Manager will be sold separately from Oracle's E-Business Suite Businesses. Customers can also outsource the application from Oracle.
IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries)
IBM is developing what it calls a "SOX compliance toolset" that ties together its Lotus Notes Messaging and groupware software from IBM Lotus that was introduced in 1989 for OS/2 and later expanded to Windows, Mac, Unix, NetWare, AS/400 and S/390. Notes provides e-mail, document sharing, workflow, group discussions and calendaring and scheduling. messaging and Tivoli storage technologies with records and content-management systems. The new solution will effectively build e-record management capabilities into IBM's core content management and Lotus-branded products.
The combined solution will also provide capabilities for the capture and storage of unstructured data Data that does not reside in fixed locations. Free-form text in a word processing document is a typical example. Contrast with structured data. See free-form database. , such as documents, email and instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or threads. IBM is also working on an administration component for monitoring, reviewing, and auditing content. IBM has not announced a formal release date for its as yet unnamed SOX solution.
Documentum has rolled out its Corporate Governance and Compliance Solution, which the company developed in partnership with BearingPoint (formerly KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm)
KPMG Kaiser Permanente Medical Group
KPMG Keiner Prüft Mehr Genau (German)
KPMG Kommen Prüfen Meckern Gehen Consulting). The solution is best described as a document management product leveraging Documentum's enterprise content management and e-Room collaboration technology.
It uses existing records management, CM, collaboration technologies, pre-configured templates, and process controls. The core of the system is built around a set of enterprise-wide controls and a centralized records repository that supports automated "best-practice" SEC reporting (10K and 10Q) workflows for compiling, reviewing, formatting, publishing and archiving financial records and related document types in a secure repository.
Automated exception handling Runtime engines such as those for the Java language or Microsoft .Net lend themselves to an automated mode of exception or error handling. In these environments software errors do not 'crash' the operating system or the runtime engine but rather generate exceptions. is also built in to identify deviance Conspicuous dissimilarity with, or variation from, customarily acceptable behavior.
Deviance implies a lack of compliance to societal norms, such as by engaging in activities that are frowned upon by society and frequently have legal sanctions as well, for example, the from standard policies or practices. E-Room templates are designed to facilitate collaboration-related compliance activities, such as support for "digital workplaces" to facilitate discussion and collective management of content across departments as well as executive dashboards that provide a consolidated view of projects.
DecisionPoint, a relatively small BI vendor, has announced a new product aimed at SOX compliance called DecisionPoint Compliance Dashboard. DecisionPoint's solution leverages its core strength in applying its data warehousing See data warehouse.
data warehousing - data warehouse technology to extract and analyze data resident in ERP systems, including financial data.
Using analytics similar to BPM applications, the application can detect anomalies in the financial data based on thresholds and business rules, and create alerts. The system uses analytic tools and applications to help understand and validate the accuracy of financial data by comparing reported results with preceding periods, budgets, forecasts and defined metrics metrics Managed care A popular term for standards by which the quality of a product, service, or outcome of a particular form of Pt management is evaluated. See TQM. . The anomalies are red-flagged in the dashboard-style user interface, and investigations to explain the anomalies can be captured in the application. The data warehouse is robust enough to capture transaction details, allowing users to drill into the data from the application.
DecisionPoint's new Compliance Dashboard appears well suited to meeting many of section 404's requirements, although the product has yet to be proven in live customer installations.
Plumtree Software Plumtree Software was founded in 1996 by product managers and engineers from Oracle and Informix. The company was headquartered in San Francisco, California. Plumtree was founded on the premise that the technology used to build the World Wide Web could support new kinds of & HandySoft
Corporate portal An internal Web site (intranet) that provides proprietary, enterprise-wide information to company employees as well as access to selected public Web sites and vertical-market Web sites (suppliers, vendors, etc.). software vendor Plumtree Software has teamed with HandySoft, a business process management vendor, to roll out a portal/business process management offering designed to help companies build the necessary internal controls and reporting procedures for collecting and reporting financial data.
Dubbed dub 1
tr.v. dubbed, dub·bing, dubs
1. To tap lightly on the shoulder by way of conferring knighthood.
2. To honor with a new title or description.
3. SOX Accelerator, the solution combines Plumtree's portal, collaboration, search, and personalization Custom tailoring information to the individual. On the Web, personalization means returning a page that has been customized for the user, taking into consideration that person's habits and preferences. technologies with HandySoft's application workflow logic and process automation capabilities. The solution marks the culmination of co-development efforts than began in January 2003. For HandySoft the SOX proposition is relatively straightforward: project management of the audit process. HandySoft touts its BizFlow process management platform's ability to incorporate human users into system-to-system process flows and provide the project and task management for defining processes, risks and internal controls that conform to standards such as the COSO framework. These capabilities fit nicely in the SOX world, which benefits greatly from customized views into the complex audit process that are collaborative in nature.
Meanwhile, Plumtree is weighing in with its portal prowess--specifically the Plumtree Portal's ability to provide customized views into the complex audit process and support collaboration. Plumtree believes that the portal will be the locus for not only visibility but also collaboration across multiple departments that will be part of the audit process.
HandySoft is one of the first pure-play BPM vendors to view the portal as a "natural interface" to kick off business processes. Plumtree and HandySoft have worked together in the past, closing HandySoft prospects who wanted BPM within the context of an enterprise portal See corporate portal. . This experience on the ground convinced both companies to "productize" the partnership. The Sarbanes-Oxley Accelerator is expected next month.
Content management (CM) software provider FileNet has entered into a partnership with Steelpoint Technologies, a risk management provider, to produce an integrated SOX compliance and risk-management solution. FileNet recognizes the broader need for companies to make sure their entire CM strategies work more effectively than before. The partnership is defining a new category of software that FileNet is calling "compliance and litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute.
When a person begins a civil lawsuit, the person enters into a process called litigation. risk management."
The jointly developed solution is built on FileNet's P8 content integration platform and integrates Steelpoint's Introspect in·tro·spect
intr.v. in·tro·spect·ed, in·tro·spect·ing, in·tro·spects
To engage in introspection.
[Latin intr eCM litigation support software application to provide tighter control of content management processes. At the core is Steelpoint's eDiscovery technology that allows users to identify relevant and responsive content (collect, categorize cat·e·go·rize
tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es
To put into a category or categories; classify.
cat and store information from a variety of sources) and provides tools to collaborate on issues of risk and drive-corrective mitigation processes.
PeopleSoft is selling two products to promote Sarbanes-Oxley compliance: Global Consolidation software, which helps companies collect and report data from around the world; and Investor Portal, which helps companies make key financial information available to shareholders. PeopleSoft has also teamed up with consulting and auditing firms Protiviti and Ernst & Young to offer complete cradle-to-grave SOXcompliance solutions.
Hyperion Solutions Hyperion Solutions Corporation is a business performance management software company, located in Santa Clara, California, USA. Many of its products are targeted at the Business Intelligence and Business performance management market.
BI supplier Hyperion Solutions has a long-standing (dating back to 1982) heritage in regulatory compliance and mandatory hyperinflationary accounting methods. Corporate accountability and SOX compliance dominated proceedings at Hyperion's recent user conference. Hyperion is now aggressively casting several of its packaged financial analytic applications Analytic Applications are a type of business application software, used to measure and improve the performance of business operations. More specifically, Analytic Applications are a type of Business Intelligence solution. as SOX-compliant. These include: Hyperion Financial Management, Hyperion Performance Scorecarding (as an executive "dashboard" of closely monitored KPIs), and Hyperion Planning Hyperion® Planning™ is a budgeting and forecasting application from Hyperion Solutions Corporation. Hyperion Planning uses Essbase (a multidimensional database product sold by Hyperion) as a database and calculation engine, and includes a web-based user interface. , Budgeting, Forecasting and Business Modeling. The company's ability to offer integrated solutions spanning financial, operational and analytic systems should keep the company at the forefront of the SOX Sections 404 and 302 niche.
Nth Orbit is a Silicon Valley start-up founded the by former CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of e-procurement vendor RightWorks, which was subsequently acquired by i2. The company was founded with a single focus: compliance. The company's Orbit Certus software suite, which was announced just as the SEC approved the final rules pertaining to Section 404 was released, is best described as an internal controls and assurance solution. Certus has evolved into a comprehensive Internal Control & Assurance (ICA Ica (ē`kä), city (1993 pop. 108,724), capital of Ica dept., SW Peru, on the Pan-American Highway. It is a commercial center for the cotton, wool, and wine produced in the region. There are several summer resorts nearby. ) solution also covering Sections 302, 407 and 906. It comprises several modules: control framework (a customizable COSO library of documented risks and controls), control handbook (to formalize and publish policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental ), certification programs (for coordinating and capturing sub-certifications and close checklists), self-monitoring controls (activated procedures with workflow), compliance monitoring (via Workbenches to provide visibility, incident tracking, and project management), and routine basements (for periodic auditing of controls).
Open Pages is a relatively new software company that specializes in knowledge process automation. Its OpenPages Sarbanes-Oxley Express is an internal controls management application that provides corporate governance and brand management solutions to facilitate what the company calls Enterprise Business Control. The modular solution comprises several key elements: management dashboards, project management, controls documentation, issues management, collaborative task management, issues management, and COSO-based process and controls repository.
Methodware is widely acknowledged as an established leader in distributed risk management and internal audit software. Its Enterprise Risk Assessor (ERA) is not a new application, but its functionality clearly addresses several aspects of SOX. The software provides tools that assist management to identify the top risks in the organization, and determine the adequacy of internal controls. The tools are built around a comprehensive risk framework that is COSO compatible, and share a central repository to ensure consistent consolidation, tracking and monitoring of risk and audit information over time. An innovative feature of ERA is its use of key mapping and graphical information called Heatmaps to identify and display comparative risk data and risk matrices. Methodware also provides pre-built risk management data models for project management incorporating the Prince II Methodology, procurement, and corporate governance.
Financial transparency and visibility are this year's rallying cry Noun 1. rallying cry - a slogan used to rally support for a cause; "a cry to arms"; "our watchword will be `democracy'"
war cry, watchword, battle cry, cry
catchword, motto, shibboleth, slogan - a favorite saying of a sect or political group
2. for both corporate America and enterprise software vendors. While SOX attempts to bring clarity to corporate financial reporting, much still remains unclear about the potential impact of this new law. Research shows that even companies whose financial systems appear to comply with the act are uncertain as to exactly what some provisions mean, and when they must comply with the requirements. Some of this uncertainty stems from the SEC, which is still fleshing out the details of the law through a series of proposed rules. In addition, some regulatory responsibility has been outsourced to external bodies like the NYSE NYSE
See: New York Stock Exchange that have been dragging their heels.
For enterprise software vendors, SOX clearly drives opportunities for further IT investments--witnessed by the incorporation of SOX into financial management systems marketing. These vendors are counting on the combined weight of SOX and other new regulations to result in major systems changes at some companies. True, SOX does implicitly state a requirement for reliable financial systems, but sound financial management systems have always been a cornerstone for accurate financial reporting, and this requirement existed well before SOX came into the corporate limelight limelight: see calcium oxide.
Early form of theatrical lighting. The incandescent calcium light invented by Thomas Drummond in 1816 was first employed in a theatre in 1837 and was widely used by the 1860s. . With the SOX compliance deadline one year away, many software vendors are in fact exploiting a "scare-tactic" of penalties to promote their products. While SOX may be spawning a new breed of compliance software, few vendors have yet come up with new functionality specifically to respond to the legislation. Therefore, the question remains over whether the current crop of SOX compliance software will provide new value beyond core transactional and reporting capabilities; and if it does, whether companies will be ready to stretch their thin IT budgets for a process they feel they should have in place anyway.
Ultimately, the decision to invest in SOX-compliance software should be based on the company's perceived level of risk and the extent to which the internal control environment has previously been documented. Many companies with fragmented, disparate, and aging financial systems will be challenged. Here, opportunistic vendor posturing does have some validity, but organizations that have already standardized standardized
pertaining to data that have been submitted to standardization procedures.
standardized morbidity rate
see morbidity rate.
standardized mortality rate
see mortality rate. on leading financial management software and adhere to adhere to
verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful
2. sound best-practice accounting and reporting principles shouldn't need to worry. Nevertheless, they should consider implementing internal control assessment software to gain proficiency in the compliance processes.
When implementing new SOX compliance software, companies should be aware of the risks of being early adopters of the newer software for SOX compliance such as OpenPages and Nth Orbit, risks that ironically these solutions are intended to avoid. Companies should consider mature risk-management solutions such as Methodware to avoid the additional risk of attempting to comply with newly released software. But the fact that the deadline for compliance begins with fiscal years ending June 2004 mitigates much of the risk of early adoption.
Above all, customers should guard against excessive vendor rhetoric and hype that overstates the capabilities of software products to ensure compliance. As more vendors press hard to fit their products into the SOX frame, the more blurred the overall picture becomes and the more diluted the message becomes. Technology alone cannot ensure a sound internal control environment, nor can it fix ethical problems of fraud. This is dependent on a number of factors, not least skilled accounting personnel, a good system of internal control processes, the proper application of policies and procedures, and an honest commitment to report the "truth".