Sarbanes Oxley Software Review
...rk, therefore a group who is independent of the Accounting group will have completed the work, additionally, and we will have the knowledge of our SOX compliance in house to make sure the company remains compliant. Another benefit to having the work completed in-house is that there will not be any additional man-hours spent in training or work in order for someone in the company to understand the requirements to remain compliant. The internal audit group may choose to use a software program that is designed to help in the documentation of necessary to be compliant with SOX. One important thought that will have to be taken into consideration when reviewing the various software options, is that “Enterprises that choose one-off solutions for each regulatory challenge they face will spend 10 time mores on compliance projects than their counterparts that take a proactive approach” (Gartner Research, 2004). Simply put, it is recommended that a company should spend approximately half of their SOX budget on implementation and remediation issues, another 30 percent on the actual internal analysis (including redundant audits) and the remaining 20 percent on software upgrades and new purchases. So as the accounting group is reviewing the various software options, we will be looking for systems that will do more than just help with the documentation necessary to become compliant, but we want to sure that which ever system that is chose, it will be one that will help us to maintain and update our requirements so that the company will remain compliant with SOX at all times. Business Opportunity/Problem Once the issue of whether the company will be a Privately or Publicly held company, we will need to make sure that the company is compliant with the various agencies. As mentioned before, public companies have additional reporting and compliance requirements then that of private companies. Therefore, if the company is to go public it will have more rules and regulations to be compliant with and the most daunting of these is the Sarbanes-Oxley Act. So with that in mind the Business Opportunity/Problem for the accounting group will be to see how they can make sure the company is compliant all the while remembering not to affect the bottom line to much. More specifically, the opportunity/problem will to see how the IT group can help in achieving the necessary goals for compliance. The most effective way that IT can help is by helping to install, implement and maintain any software system that is chosen by the accounting department that will assist in SOX compliance. Sarbanes Oxley Software Review There are many software programs available that can assist a company in becoming compliant with Sarbanes-Oxley. They come designed for small to large companies, some designed only to help a company with their documentation, some with varying degrees of financial statement attestation and some are compatible with ERPs (Enterprise Resource Planning) system. As the accounting group reviewed the various programs out on the market we were looking for one that met all or most of the following requirements along with delivering the most “bang” for our buck. The list of requirements we were looking to fulfill are as follows, the software must be, compatible with the ERP system we are implementing; it must not only assist in the documentation our financial controls, it must also assist in the testing of those controls; and should have the ability to help us manage and update our controls in order for us to remain compliant. After reviewing approximately 16 different software packages we were able to narrow the list down to 3 different packages that we felt met most of the requirements we were looking for. The three that we chose to review further in depth were, (Vendor – Software Package) (1) OpenPages - Sarbanes-Oxley Express; (2) Providus Software Solutions – RiskResolve 3.0; (3) onProject – S-O Comply. OpenPages – Sarbanes-Oxley Express OpenPages was founded in 1996 and develops enterprise governance, risk and compliance management solutions that streamline knowledge-intensive processes to improve corporate accountability, reduce disclosure process cost, enhance internal controls management productivity, and increase investor confidence. Their solutions are designed to meet the evolving governance, risk and compliance management requirements for firms in high growth markets such as financial services, media, energy and power, technology, health services, and life sciences. OpenPages offers software package for SOX compliance called Sarbanes-Oxley Express. Sarbanes-Oxley Express (SOX Express) is an enterprise compliance management solution that reduces the time and resource costs associated with ongoing compliance for Sections 302 and 404 of the Sarbanes-Oxley Act. It combines powerful document and process management with flexible reporting capabilities in an extremely easy-to-use environment that enables CEOs, CFOs and financial management officers to enforce internal controls. The accounting firm PriceWaterhouseCooper (PWC), in which PWC sold the software to OpenPages, originally created SOX-Express. OpenPages SOX-Express was recently named a leader in Sarbanes-Oxley Compliance software by Forrester Research (an independent research firm – Forrester Wave). SOX-Express is designed to be used by companies of all sizes and can be integrated with an ERP. It also automates the design, documentation, review, approval, and testing of a company’s internal controls framework. SOX Express provides a COSO-based risk management framework to shorten time-to-compliance and to expedite compliance audits. It also automates the design, documentation, review, approval, and testing of a company’s internal controls framework. SOX Express provides a COSO-based risk management framework to shorten time-to-compliance and to expedite compliance audits. With a browser-based interface and a standards-based architecture, SOX Express is rapidly installed and easily integrated into existing IT environments. Built on a Java-based web-services architecture, IT organizations will appreciate SOX Express’ minimal impact on existing infrastructure and resources. Additionally, SOX Express can be configured by business users, helping to keep total cost of ownership low by eliminating the need for IT administration. Because of its intuitive interface, consistent navigation and format, SOX Express is extremely easy to use. With SOX-Express individuals can create personalized, user-specific home pages that make the user experience extremely efficient and ensure end-user adoption and productivity. The cost (not including implementation) starts at $65,000, with a minimum of 25 “seats” required (which if not necessary can be the minimum number of seats maybe able to be reduced). Providus Software Solutions – RiskResolve 3.0 Providus Software Solutions was founded in 2002 and is a small company with annual revenues approximately under $5 million. The company develops innovative operational risk management (ORM) and regulatory compliance software solutions to financial institutions that require effective management and mitigation of various types of business risks within business units and across the enterprise. The company offers SOX compliance program called RiskResolve 3.0 that provides companies with a single active risk management console enabling a top-down view of risk and potential risk across all lines of business. The program is designed to integrate with an ERP system and it provides complete financial controls documentation and attestation. It is designed to be used by companies of all sizes, however, the price for the program is a little steep. The price varies ranging from $120,000 to $350,000 and up for large-scale enterprise wide deployment. However, the biggest draw back of RiskResolve 3.0 is that it is currently designed to be used by financial institutes in order for them to meet there compliance requirements and it really can not be adapted to be used by a manufacturing company. onProject – S-O Comply onProject is a profitable, privately held, venture funded company with multiple millions of dollars in revenues, founded in 1989 by former managers and project managers at AT&T, Hewlett-Packard, Johnson & Johnson and Merck. The company platform is adaptable to all industries and size companies, has been customized for nearly 100 businesses. The company has a Sarbanes-Oxley compliance program called S-O Comply, which functionally includes a flexible and secure framework with the ability to import and centrally document internal control data, as well as assign and manage tasks or issues and document disclosure activity. S-O Comply is flexible enough to meet the needs of the smallest or largest public companies. Since the product's introduction in April of 2003 onProject has secured thousands of users within these corporations. This continued success positions us as one of the leading software solutions for Sarbanes- Oxley compliance available today. onProject has been recognized as a known or preferred SOX software vendor by the Big Four accounting firms, CFO Magazine, AICPA and Gartner, Inc. The program comes in different versions Enterprise - A Client-Server/Web model providing a rich graphical interface and tools for performing complex, cross organizational operations. Small Group - For those companies where few users are required and few organization structures exist, includes the same features and functionality of the enterprise but for the desktop. The program starts at $9,900 for the basic setup of the Enterprise version. SOX Compliance Software Decision As the three software packages were being reviewed there were certain requirements that were being looked for from each package. Those requirements were, (1) Low implementation costs; (2) Easy to use and train individuals on; (3) A package that will help with future compliance audits, not just with documentation of controls; (4) A vendor who was stable that should be in business in the future and be able to handle our growing company’s needs. So with having the requirements listed above in mind, the review of the final three software packages began and by reviewing to see which of the three met all or most of the requirements the accounting group was able to narrow it’s choice down to one. The one package that was chosen was OpenPages Sarbanes-Oxley Express. It was chosen because it was the one package that met all (or the most) of the requirements that the accounting department was looking for in a SOX Compliance software package. SOX-Express will help with the initial documentation and the on going attestation of the financial controls. The system is designed with manufacturing businesses in mind. The price was about the middle of the road for the three, but the package should save money for the company over the long run and the package should grow with us as our company grows. The other two software packages are good packages but they just do not meet all of the requirements that were being looked for. S-O Comply was the most affordable of the three but it was a package best designed for small businesses. So it would meet our current demands however, as the company grew, the system would not be able to handle the growth. RiskResolve 3.0 is probably just as comparable to SOX-Express is the sense of features offered, it was just too costly to implement as compared to SOX-Express. Another item about RiskResolve 3.0 is that the package is more specifically designed to be used by Financial institutions for their compliance needs and not for a manufacturing company. Case Study #1 – Sarbanes-Oxley Express; Becton, Dickinson & Co. Becton, Dickinson and Company (BD) are a medical technology company with approximately $4.5 bil...