Web Buyer's Guide: Sarbanes-Oxley Compliance: Buying Advice

Contact Us

Finance

Sarbanes-Oxley Compliance: Buying Advice

By Nettie Hartsock

The Sarbanes-Oxley Act of 2002 was created and signed into law on July 30, 2002. The act’s creation was intended to prevent future corporate and accounting financial scandals such as those that occurred within WorldCom, Enron, and Tyco International.

The act was sponsored by Representative Michael G. Oxley, a Republican representative from Ohio and Senator Paul Sarbanes, a Democratic senator from Maryland. The Sarbanes-Oxley Act addressed and established specific controls in order to strengthen auditing, accounting systems, information technology systems, corporate reporting and financial disclosures on the corporate level.

What the passage of Sarbanes-Oxley and specifically the Sarbanes-Oxley Section 404 requirements most significantly established was the present and future need for enterprise applications to help address and successfully meet the internal auditing and corporate compliance requirements as detailed in the Act.

Features:

In order to meet the standards established by the passage of The Sarbanes-Oxley Act corporations had to increase the depth of their internal information technology capabilities in financial reporting, and securing their data, electronic archiving, software, and computer hardware and network systems.

One of the most useful all-encompassing reference for companies and specifically for CIOs to use in determining if existing IT controls do indeed meet the guidelines as set forward by The Sarbanes-Oxley Act can be found on the Web site of the IT Governance Institute.

The IT Governance Institute site provides very valuable and real-time information in helping corporations and other entities insure they are meeting and exceeding the corporate compliance mandates as set forward by the Act.

Non-compliance, missed deadlines, or reporting errors can all significantly impact a company’s value, lead to fines and further auditing and affect the relationship with shareholders as well.

Any enterprise application implemented must directly enhance controls, document management, data mining and archiving, file retrieval, real-time compliance and business reporting management.

In addition, CIOs must be certain to choose software that will increase and enable better communication with regulators, employees, and investors as well as providing a clear and up-to-date profile of the company’s financial outlook at any given time.

Although the compliance requirements also come at a hefty financial cost to companies implementing the enterprise applications in order to meet Sarbanes-Oxley compliance, they are both necessary and required by law.

Companies must look to applications designed to also be easily understood by lenders, investors and in-house financial managers. The applications must also produce resulting data that can be easily understood and presented on both a public and private level. This is particularly relevant during quarter result reporting times and shareholder events.

In the next section, we will take a look at some existing solution options that help companies successfully address compliance issues within Sarbanes-Oxley.

What’s Available:

Below you will find a good cross-section of enterprise applications geared toward meeting compliance requirements in The Sarbanes-Oxley Act 2002. It is useful to research several vendors and determine which will be the best fit for your particular business arena.

Proforma’s Sarbanes-Oxley Pro – offers tools to document financial processes and controls and improve the accessibility of the associated documentation. Sarbanes-Oxley Pro provides pre-built financial models for six core transaction processes and their associated internal controls: cash disbursements, cash receipts, payroll, purchasing, inventory and revenue.

Telelogic DOORS from Telelogic – offers companies an enterprise-wide solution that captures, links, traces, analyzes and manages information to strengthen and ensure compliance with specified requirements and standards.

Manakoa Compliance Service from Manakoa Services – helps companies determine their existing IT asset security practices in relation to compliance checklists and in relation to federal, regional and international regulations.

Sarbanes-Oxley from Remedy – Remedy IT Service Management Solutions for the Enterprise helps automate and control IT processes for auditors reviewing. This solution features a suite of applications from BMC Software to help automate IT service and support. The solution also helps align IT infrastructure for improved asset management and data management processes.

How to Choose:

The most important consideration when deciding which enterprise applications to employ is to understand what your company’s existing reporting needs are and to understand how to best meet the Sarbanes-Oxley requirements. One thing to keep mind is to look at long-term solutions that your company can put in place and rely on in the future.

Companies need to understand their systems must continue to grow and mature as the market demands.

Here are some specific tips when deciding what enterprise application will best meet your company’s long-term needs for reporting and maintaining the strength of your asset and document management:

Look at the history of the vendor and how long they’ve been in the arena of compliance and reporting.
Determine whether the product can be customized to meet your company’s specific needs as well as meet the requirements in Sarbanes-Oxley
Determine how well all your other applications will integrate with the solution and if staff will be able to quickly learn and implement the new application.
Ask what additional support and long-term integration the vendor offers for the application.
Do you want to rely on a Web-based application and have the application accessible to employees online? Or do you want a stand-alone system?
What are the potential risks associated with the system and how quickly are problems addressed by the vendor?
Ask for customer referrals so you can determine what other companies usage and experience of the system has been.
What are the security features inherent in the solution and what are the audit trails the system provides?
Does the system have a strong disaster recovery feature and if so how is it implemented?
What are the data capabilities of the system?
What are the compatibility features of the enterprise application and how does it fit within your existing infrastructure?
How does the application meet real-time compliance requirements?

The passage of Sarbanes-Oxley has impacted companies on a reporting level more than any other in the last ten years of corporate governance. Company executives must rely on their IT infrastructure and the enterprise applications to both meet and monitor all the financial reporting requirements as set forth in the Act.

Companies must pro-actively design and implement their IT systems to support the integrity of the financial reporting and data management and present in real-time the picture of a company’s health to shareholders, investors, lenders and employees.

Finally, compliance efforts must be standardized, automated and monitored in order to meet the fiscal reporting capabilities required by Sarbanes-Oxley. To best meet the requirements companies must completely understand both the internal accounting and data processes as well as ensure that the information technology solutions implemented are going to serve as effective long-term solutions.

11/10/2005

Related Links:

Related stories on this topic

CardSystems Solutions Becomes a Cautionary Tale

Related stories in this industy

CardSystems Solutions Becomes a Cautionary Tale

Featured White Paper

Building a Virtual Infrastructure from Servers to Storage by NetApp

The Advantages of a Hosted Messaging Security Solution by Microsoft

Achieving Sales Success with Tablet PCs by Toshiba

What's Missing from SEM? by NetIQ

5 Essentials of Customer Experience Management by Tealeaf

The CIO’s Guide to Mobile Security by Research in Motion

On-Demand Versus On-Premise CRM: Are There Performance Differences? by Business Objects

Overcoming Data Protection Challenges of the Modern Distributed Business by Adaptec

Small and Medium Business Security Solutions by Trend Micro

Is Daily Defragmentation Needed in Today’s Environment? by Diskeeper

Performance Management: New “Hybrids” Combine Agent and Agentless Technology by BMC

A Proven WAN Optimization Approach by Riverbed

Mitigating Fire Risks in Mission Critical Facilities by APC

Architectural Considerations for Archive and Compliance Solutions by Network Appliance

Storage Virtualization: An Overview of Key Technologies and their Capabilities by Datalink

The World of IT has taken a Quantum Leap by Everdream

Fighting the Hidden Dangers of Internet Access by St. Bernard

Secure Optimized Data Protection for Remote Offices by Symantec

Workday Redefines Software by Workday

Simplify & Improve Enterprise Desktop Management by VMware

Spam Filtering: Building a More Accurate Filter by St. Bernard

Intel Energy-Efficient Performance by Dell

Business-Class Security and Compliance for On-Demand Instant Messaging by WebEx

Reducing the Risks of 64-bit Application Porting with Parasoft C++ Test and Parasoft Insure ++ by Parasoft

Reduce IT Costs and Complexity with Effective Application Problem Management by Identify

Understanding E-Mail Hygiene by Mirapoint

Automated Deployment by Dell Managed Services by Dell

From Crisis to Cruise Control: Creating a High-Performance IT Organization by Tripwire

Affordable Data Protection Without the Compromise by EMC

Breaking New Ground: The Evolution of Linux Clustering by Penguin

Preventing Insider Threat with Identity Compliance by Sailpoint

Backup Strategies Re-Examined In Wake of Natural Disasters by CDW

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright © 1996-2007 Ziff Davis Enterprise Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.