by CIO Staff

Software for Sarbox Compliance

Dec 01, 20032 mins

Almost as soon as the Sarbanes-Oxley Act was passed in 2002, vendors appeared with Sarbanes-Oxley solutions. Almost all of these products predated the passage of the act and have been repurposed to take advantage of this new market. Here are the different types of products.

Business process management

What it does: This is workflow software on steroids. These products link with existing systems and can enforce policies, such as who can approve transactions or what happens when customers return products they’ve already paid for.

How it enforces compliance: Ensures that corporate policies are followed.

Weaknesses: Only puts in place a set of rules. The actual transactions take place in the underlying systems.

Document management

What it does: Establishes a logical way to store and manage documents.

How it enforces compliance: The biggest part of Sarbanes-Oxley compliance is documenting processes.

Weaknesses: Can’t guarantee that the processes are actually followed.

Revenue management

What it does: These systems automatically extract financial information from ledgers or ERP systems.

How it enforces compliance: Removes human error in certifying accounting.

Weaknesses: Doesn’t ensure that the proper processes were followed when the numbers were generated in the first place. Fraud in, fraud out.

Single instance

What it does: Takes all your ERP systems and replaces them with one.

How it enforces compliance: Because every system is integrated and automated, there’s no need for human intervention and no (apparent) opportunity for fraud.

Weaknesses: Breathtakingly expensive, disruptive and time-consuming to implement.-B.W.