For the past few years Viper Motorcycles has used SAP Business One to assist in the auditing of its financial reporting and internal controls so that it can comply with the Sarbanes-Oxley Act. While Viper and other small-cap companies in the United States aren't required to report under SOX until 2007, the Big Lake, Minn.-based manufacturer implemented SAP's business management application to help it monitor, audit, and validate its business processes.
Like what you see? Click here to sign up for Accounting Today's daily newsletter to get the latest news and behind the scenes commentary you won't find anywhere else.
The company, Viper PowerSports, was in the process of switching from a private company called Viper Motorcycles that went public early in 2005 through a reverse acquisition. That newly public status brought Viper into the world of small-cap companies that need to consider the future impact of SOX.
Along with new management and a new product line came a new software package, Softbrands 4th Shift Business Edition, which ties together accounting, manufacturing, and customer relationship management. With Viper seeking to meet the SOX requirements that it is not required to meet, the software had a lot of the tools needed to establish the reporting and controls to meet that goals. "You have management alerts, management by exception. You have built-in CRM," says Steve Ernst, director of influencer programs for SAP. "You have the ability to go down into each and every transaction in terms of operational data, not just financial data." Such is the world of SOX, where software, in many cases, has always had the kinds of controls and audit trails needed in the new regulatory environment. Ernst says that includes operational data that is not tracked by typical accounting software packages. "It can look at manufacturing processes, including throughput. The capabilities provide the ability to track things that are partner-related, customer-related, employee-related," says Ernst.
"This shows that SMBs are looking for more than accounting software to support those efforts," says Ernst. "They are looking for best practices to better manage their business and SOX does outline the need for better business management through processes controls."
RIA Puts |
SOX Reporter Service Online
If companies find that information about Sarbanes-Oxley is scattered, Thomson's RIA operation has set out to rectify that. In January, RIA introduced its Sarbanes-Oxley Reporter Service that not only aids in an organization's compliance with the act, but gives users access to business data across the organization in one central place.
The Web-based application doesn't just detail for the user what is required to comply, says Susan Weisenfeld, an RIA editor. The service takes it a step further and outlines what is necessary to adhere to the rules of the PCAOB and the SEC.
"It's the integration of the Sarbanes-Oxley Act, the PCAOB, and the SEC," says Weisenfeld. "What SOX Reporter does is serve as a hub for the information."
The service, available on RIA's Checkpoint online platform, also offers case law and official reform, along with explanations of each section, annotations on relevant cases, and interactive checklists, written by RIA editors.
Material is organized by act section and can be searched via a template, or via a table of contents. Features called "Viewpoints" link users from the Reporter to related discussions on topics that include SEC compliance, internal control, and corporate guidance.
Ernst cites a PricewaterhouseCoopers 2005 survey which showed that 30 percent of businesses plan to put some sort of SOX-like reporting, business processes, and controls in place over the next two years even though they aren't required to do so.
SAP Business One, which starts at $3,750 per seat license, is marketed as more than an accounting software application. The program incorporates a number of applications, ranging from supply chain management to manufacturing controls and reporting, and from workflow processes to financial and operational reporting capabilities. And, unlike an accounting program that shows you where you've been, says Ernst, a business management package can point to where you are going. "It helps regardless of whether you have to comply with HIPAA, FDA, or SOX," he says.
SOX has created a compelling case for public and private SMBs to have adequate controls in place that examine their overall processes, which has been a challenge for organizations. But it's exactly how applications help businesses with compliance that is not well understood.
Many accounting software and CRM vendors tout the ability of their applications to help meet SOX requirements. A lot of tools available weren't designed just for SOX. But they can help a lot. For example, e-Synergy, the online application from Exact Software, is a collaboration tool with a workflow engine and it can also generate financial reports.
"Its features were not developed exclusively for SOX," says Chris Lenzo, director of product strategy for Exact North America. "They are also instrumental in compliance with HIPAA, ISO, and FDA Part 11."
The workflow engine lets management verify actions. Requests can be traced and the company can put together "a fairly comprehensive audit trail of people involved in the event, people that have reviewed and signed off on the event," says Lenzo. Versions of any associated documents can be controlled and there are electronic signatures. The financial report generator can "also deliver reports via a browser-based interface that is tightly integrated to the Macola back office," he says.
Similarly, Epicor's Web site discussion of how its products stack up against SOX includes both its Epicor Financials and the Clientele CRM package. Financial reporting and built-in workflow approval are part of the benefits that the company cites.
For Microsoft, the main product that addresses SOX doesn't come out of the MS Dynamics financial line. It is the Microsoft Office Solutions Accelerator for Sarbanes-Oxley, which comes out of the same group that produces Office applications like Word and Excel. Introduced in March 2004, the Accelerator, built on Windows SharePoint and Office InfoPath, uses Office's capabilities in the areas of document and information management, process and workflow automation, communication and collaboration, and monitoring and reporting.
SOX compliance is often more about process than about software, notes Dave Coulombe, general manager of the Fargo Development Center for Microsoft Business Solutions.
The Accelerator, which works with Dynamics GP, can be downloaded free of charge by customers of Microsoft Office System, and was designed to help Microsoft partners build customizable solutions. It uses software components, templates, and architectural guidance to help them with those tasks.
SWK Partners with CPA Firms for SOX Work|
For VARs, Sarbanes-Oxley has opened up an opportunity to work to apply their technology skills. It's not a big change, says Jeff Roth, CEO of SWK Technologies, a Livingston, N.J.-based Sage Software reseller. What SOX represents is an opportunity to work with CPAs to meet the needs of companies that have both IT and non-IT needs. Together, the two kinds of firms hope to provide a complete service.
In many ways, the business simply plays to the capabilities already present in the Sage Software accounting software line. The SOX requirements are the same as requirements that "are applicable to most, if not all, MAS 90 clients," says Roth. These requirements include security controls over which employees have access to which information.
But it's not about the software because much of what resellers like SWK does is about analyzing the processes at a businesses. Roth says that he has examined a variety of software and has not found any products that can automate the processes.
SWK works with CPA firms to split the business, with SWK handling the compliance with 11 IT controls under SOX, while the accounting firms take care of the duties that fall under their purview. The checklist includes operations and internal control monitoring, physical environment and access, user access and network security, segregation of duties, program change management, problem management, back-up, disaster recovery, operations, software licensing and service-level agreements, and database management.
Prices range from $25,000 up to and well into the six-figures. Of the firm's $4.2 million in revenues last year, approximately 5 percent was from its consulting services related to Section 404. The reseller works with the firms in a variety of ways. In some cases, SWK handles the work under its own name, directly billing the client. In other engagements, it performs the work under the CPA firm's name.
Microsoft's SOX benefits go beyond that. In a discussion posted in December on the Microsoft Dynamics Web site, CPA and consultant Carlton Collins noted the use of the audit trail in Dynamics NAV (then called Navision), as well as the drill-down and drill-around tools.