What to look for in Sarbox tools
- By Alan R. Earls
John Hagerty, an analyst at AMR Research, says Sarbox compliance must address
three issues. First, companies must make sure they document how things
are done. Second, they must make sure their control mechanisms are documented.
Third, they need to test and document those tests to show that the controls actually
“The way people have been testing is by having a person check the established
processes annually, or in some cases even monthly or weekly, and that can be
a real time sink,” Hagerty says. Through 2004, companies pushed to accomplish
these things quickly under the illusion that Sarbox compliance would be like
Y2K—a challenge they could master and then put aside. The reality,
however, is that Sarbox is an ongoing and evolving challenge, he says. That’s
why there is such a demand for automation and for tools to manage the compliance
process, he adds.
Gartner analyst French Caldwell says two other factors that should weigh in
a decision are cost and the stability of the vendor. “I advise clients
to look first for the basic functionality they need, how long it will take to
implement and whether they will really get the benefits they expect at a given
price,” Caldwell says. Further, in such a heated market, Caldwell
warns that some companies, especially small ones, have a strong likelihood of
either disappearing or of being acquired, either of which can affect
the value of an investment in an application.
Back to feature: Tools
to Master the Sarbanes-Oxley Challenge
Alan R. Earls is a technology and business writer based near Boston.