The Sarbanes-Oxley Act of 2002 is now four years old, and companies, accountants and agencies are still arguing about who should have to comply and how those who are subject to the act can meet the compliance regulations.Smaller public companies are howling at what they see as onerous costs in implementing SOX measures and software. The good news is that there is finally lots of software available to help companies of all sizes in complying with SOX.
Of course, SOX is a large act, and as such, there are a considerable number of concerns in complying with the requirements. Still, most compliance efforts center on Sections 302 and 404. These sections mandate that public corporations maintain reliable and effective internal controls, and that management be able to state that these internal controls are in place and that they have been examined for effectiveness.
That's where things still tend to get a bit dicey, because SOX doesn't specifically state how an individual firm goes about achieving this. Solutions range from sophisticated audit software like ACL Service's ACL (Audit Control Language), CaseWare's IDEA, and reporting and data-mining software like Datawatch's Monarch Pro, to software packages like Sage's FAS Compliance Advisor, which concentrates on SOX compliance in a very targeted area.
SAS Institute, best known for its statistical analysis and data-mining applications, has put this expertise to good use in its SAS for Sarbanes-Oxley Compliance, a data integration tool for the enterprise.
On the high end, one product worth watching is Movaris OneClose, which now incorporates the popular Certainty application. OpenPages Financial Controls Management is another package to keep your eyes on.
Packages that are targeted at users of specific financial applications are also gaining in popularity. SAP purchased Virsa Systems, and now sells the company's products under its SAP Solutions for GRC division. Oracle e-Business Suite users will find LogicalApps Active Governance an interesting choice, as well as Oracle's own PeopleSoft Internal Controls Enforcer.
Corporate users are also turning to more general risk management software, which goes beyond just testing and documenting for SOX. Paisley Software's Risk Navigator and Focus fall into this category. Software oriented for IT compliance use, such as Tripwire Enterprise, from the company of the same name, is an example. EProcessManager Suite addresses the entire process management system, which is also an important part of compliance in many companies.
Regardless of the road you take, there are numerous solutions, with many vendors taking an active interest in this lucrative market. The real challenge for the future is in providing a SOX compliance solution that's effective, affordable and can be implemented in a timely manner.
