Ellisha Dickerson Independent Study

laurelsandwichΛογισμικό & κατασκευή λογ/κού

25 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

308 εμφανίσεις




Ellisha Dickerson


Independent Study



“What are the right tools for Internal
Control Reporting?”



Dr. Sam Hicks


May 1, 2004


2



What are the Right Tools for Internal Control Reporting?



I. Sarbanes
-
Oxley Act, Section 404


The Sarbanes
-
Oxley Act, an
act passed in 2002 to protect investors by improving the
accuracy and reliability of corporate disclosures, and associated regulations from the Securities
and Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB)
have fundamentall
y changed what companies need to accomplish around financial reporting by
increasing the formality and scope of processes and controls. Section 404, Management
Assessment of Internal Controls, of the Sarbanes
-
Oxley Act directs the SEC to issue rules
manda
ting that companies’ annual reports contain an internal control report that



states the responsibility of management for establishing and maintaining an adequate
internal control structure and procedures for financial reporting; and



contain an assessment,
as of the end of the issuer's fiscal year, of the effectiveness of its
internal control structure and procedures for financial reporting (FindLaw).

Section 404 requires executive management of publicly held companies to begin certain actions
such as includ
ing in their annual reports an assessment of whether their systems and financial
reporting procedures are capable of providing accurate and complete financial statements. This
section of the Sarbanes
-
Oxley Act directs the SEC
to require each issuer to dis
close whether it
has adopted a code of ethics for its senior financial officers and the contents of that code. It also
directs the SEC to revise its regulations to require immediate disclosure "of any change in, or
waiver of," an issuer's code of ethics (A
ICPA).


3

II. Software Categories

Complying with Section 404 of the Sarbanes
-
Oxley Act has become a real struggle for
many companies.
A growing number of software vendors are now offering applications
designed to help companies comply with the financial rep
orting requirements of the Sarbanes
-
Oxley Act. Software vendors are producing point solution applications, which focuses on
specific areas, such as internal accounting controls, communication and collaboration, regulatory
and technical reference, and data

mining.
Vendors are offering applications that use word
processing, spreadsheets and diagramming/flowcharting tools to document the processes and
internal controls, organizing the information according to user specifications. Some offer the
ability to v
iew best practices for internal controls or the Committee of Sponsoring Organizations
(COSO) Integrated Framework (McCann and de Mesa Graziano
)
. Other solutions provide for
testing certification of controls by the business owner and the auditor. The majo
rity of the
products offered are Web
-
enabled, allowing a company with more than one location to use the
package with minimal information technology staff.

These tools offered by vendors can be divided into 4 categories: generic tools, document
management
and workflow software tools, data mining, file retrieval, pattern recognition and
business intelligence software tools, and business performance management tools
(Winters)
. (See
Exhibits for sof
tware listings in each category. Also see Solution for softwa
re companies and list
of functionalities.
)

Generic tools

Generic tools enable users to document internal controls, reduce potential risks and
provide some level of comfort that compliance initiatives are in place (Winters). Generic tools
are usually alrea
dy built into a company’s general accounting systems. The capabilities of

4

generic tools are limited, provide companies with the most basic level of assurance, and apply to
a given point in time, meaning that the software is not dynamic.

Document manageme
nt and workflow software tools

Document management and workflow software tools address straightforward functions
such as report tracking. These products monitor workflows and processes to make them more
event
-
driven and thus easier to manage. They allow
users to perform detailed indexing and
searching of multiple document types, including emails, flowcharts and narratives. Companies
using these tools can better categorize internal control types, test their effectiveness, and analyze
risk and controls alo
ng with many other functions.

Data mining, file retrieval, pattern recognition and business intelligence software tools

Software tools in this category assist companies in gathering data from separate systems,
and organize the data, which helps the company

with analysis. This enables companies to detect
patterns in financial statement data, which improves the effectiveness of internal controls and the
accuracy of financial information.

Business performance management tools

Tools classified in this section p
rovide management with real
-
time, enterprise
-
wide data.
These tools can interact with other softwares and systems and provide one repository for all
company information, facilitate the development of consistent and more efficient processes, help
optimize
information timeliness and accuracy and promptly notify management of compliance
problems and supply the means to resolve them, all of which enable the company to respond
rapidly to changing business conditions.


5

III. Softwares and how they help comply wi
th Sarbanes
-
Oxley

The softwares tools mentioned above could play a valuable role in helping companies
comply with Sarbanes
-
Oxley. Companies can choose software tools whose functions can
include supporting compliance, and enhancing communication with inves
tors, employees and
regulators, which make financial statements clear and easier to analyze. The software tools
can increase the efficiency of the company also. To demonstrate this, the software tools
mentioned in the Exhibits will be further discussed t
o indicate how the particular software
helps companies comply with Sarbanes
-
Oxley.

A. Generic Tools


Accounting Softwares


Creative Solutions Inc.


With a stronger emphasis on accountability and compliance, many companies are
assessing their policies and
practices in regards to the engagement process to ensure ultimate
efficiency and conformity to changing auditing and accounting regulations and standards.
Creative Solutions Inc. provides companies with a comprehensive engagement management
system that is

designed to handle a company’s compilation, review, and audit engagements
(
www.creativesolutions.com
). The software is considered the ideal tool to move a company
easily into paperless processing.

Engag
ement Solutions offers sophisticated trial balances capabilities, advanced
reporting, and diagnostic features that allow a company to track the entire engagement
process. The software helps companies implement a paperless engagement workflow. It also

all
ows companies to assign multiple staff members to specific workpapers within the same
engagement at the same time and provides flexible security options for giving staff access to

6

engagement data. Engagement Solutions provide companies with interim financ
ial statements
and reports. Review notes can be also be added to the workpapers or folders in an
engagement. The software integrates with Practitioner’s Publishing Company’s (PPC)
practice aids, the industry’s leader in practice guidance content, along w
ith Microsoft Excel
and Word.

Hyperion Solutions Corporation


Hyperion, the global leader in Business Performance Management software,
developed the Hyperion Financial Management product, a complete solution designed to help
customers quickly and efficien
tly meet the certification requirements mandated by the
Sarbanes
-
Oxley Act (
Beaudett
). Hyperion Financial Management allows companies to
quickly collect and analyze their financial information, review the detailed management
information behind the numbers

and track the complete audit trail before signing off on the
financial reports. As a result, it is much easier for companies to meet compliance standards

including increased reporting requirements and shorter reporting windows

while ensuring
that managem
ent has the information it needs to confidently certify annual and quarterly
results.


Hyperion Financial Management provides pre
-
packaged features for Sarbanes
-
Oxley
compliance, including:



Support for required CEO and CFO certification: This software
e
nsures that all
submissions are completely loaded, reviewed, approved and electronically signed
off prior to the consolidation results. It supports complete disclosure control
processes.


7



Required internal control reporting: This software is fully complia
nt with U.S.
GAAP, International Accounting Standards and local statutory requirements for
financial consolidation and reporting. It provides automated detection controls and
mandatory review and approval procedures to reduce control risk.



U.S Auditing St
andards support: This software is a comprehensive, Web
-
based
application that allows companies to centrally manage and collaborate on financial
information and processes with global employees, branch offices and partners.



Accelerated reporting: This soft
ware helps companies comply with shorter filing
cycles through a collaborative approach that can take weeks out of the process by
ensuring that the right information is submitted the first time. Dimensions for
profitability and external reporting reduce th
e need for additional reporting
systems and the reconciliation procedures they typically require.

Hyperion’s Sarbanes
-
Oxley compliance
-
ready solution makes it easy for companies to
meet their global regulatory requirements including Sarbanes
-
Oxley, the Int
ernational
Accounting Standards and Basel II. Hyperion also plans to support the XML
-
based
Extensible Business Reporting Language (XBRL) standard that it is developing along with a
group of other vendors. Company officials said the specification, which is

still being
finalized, should help further improve the accuracy and speed of financial reporting (
Songini)
.

Lawson Software, Inc.



Lawson Software, Inc. helps service organizations meet Sarbanes
-
Oxley Act's
reporting and compliance requirements using
the company's integrated business process
software solutions.
Lawson offers a comprehensive, integrated set of reporting solutions that
are a central component of Enterprise Performance Management. Lawson Reporting Suite

8

exceeds simple information access
, delivering information
-
rich notifications to decision
-
makers and enabling immediate, real
-
time collaboration.
Lawson Software supports
companies by supplying them with integrated Retail Operations (Merchandising/Category
Management) Retail Enterprise (F
inancials, Human Resource, Procurement) solutions that
can be process
-
flow controlled and can be tracked with proactive, alert
-
based exception
reporting enabled with root
-
cause analysis capabilities. Lawson provides real solutions that
will help clients m
eet reporting, internal controls and operational integrity requirements
(
www.lawson.com
). The Reporting Suite allows cross
-
functional
data, both structured and
unstructured, to merger in order to provide sharply focu
sed snapshots comprising, financials,
customers, internal processes and human capital. The key benefits from using this product
includes:



Improved dissemination and access to information improves participation and
accountability



Information quality and ab
ility to take fast appropriate action reduces operating costs




Timeliness and accuracy of information strengthens corporate governance




Shortened cycle times for planning and forecasting improves service


Microsoft Corp.


Microsoft Corp.’s Office Soluti
on Accelerator, specifically developed for complying
with Sarbanes
-
Oxley,
is designed to help partners build solutions based on the Microsoft
Office System
. According to the article written by Microsoft Corp,
companies using an
Office
-
based solution can d
ocument and review their internal financial controls and use the
Microsoft Office Solution Accelerator to help meet other compliance requirements mandated
by the Sarbanes
-
Oxley Act, with no extra cost. Office Solution Accelerators allows multiple

9

individu
als or teams in multiple locations to collaborate on intelligent task management and
reporting.

Office Solution Accelerators constitute an integrated set of software components,
templates and best
-
practices guidance designed to solve specific problems com
mon to
organizations (
www.biz.yahoo.com
). Each accelerator is designed to help develop a solution
to a problem, enabling individuals and teams to accomplish a specific task, such as
streamlining recruiting function
s, consolidating administrative tasks, creating customized
reports or writing proposals.

Microsoft’s Office Solution Accelerator offers many functions. These functions include:



Document and Information Management. The Office Solution Accelerator
provid
es intelligent information storage, categorization, and search with Extensive
Markup Language (XML) data structuring and a familiar user interface.



Process Automation and workflow. The software gives the employees the
appropriate alerts, materials, and ro
uting information needed to initiate and
complete a task.



Communication and collaboration. It allows timely information sharing between
employees, task assignments, and document versioning making it easier to
collaborate on projects.



Monitoring and repo
rting. The software provides dashboards and reports to
monitor project status and enable access to critical data for real
-
time decision
-
making.

With the Office Solution Accelerator, a company can:



Provide real
-
time visibility into processes, risks, and c
ontrols from a single point
of access.




Manage and use information to effectively make decisions, not just collect data.


10




Reduce costs by facilitating and accelerating the compliance process.




Establish a flexible foundation for long
-
term compliance initia
tives.


The Office Solution Accelerator for Sarbanes
-
Oxley is one of the first deliverables
under a larger compliance initiative from Microsoft (
www.microsoft.com
). Other current and
future offerings will provide
customers with cost
-
effective solutions useful in other
compliance initiatives, such as document and e
-
mail retention.

Peoplesoft Inc.


PeopleSoft Inc., the world's leading provider of application software for real
-
time
enterprises, announced that its Fina
ncial Management applications best practice functionality
assists companies in complying with the internal control assessment requirements of Section
404 of the Sarbanes
-
Oxley Act (
www.5peoplesoft.com
). PeopleSo
ft's Financial Management
Solutions has key functionality, such as commitment control and automated workflow, which
helps assign approval authorizations, segregates duties and eliminates the potential for human
intervention and error. The new solution hel
ps organizations adopt best practices for
corporate governance by providing investors and regulators with real
-
time disclosures,
improved transparency and automated workflows that expedite preparation of SEC reports.


PeopleSoft also has another product
designed to help companies comply with
Sarbanes
-
Oxley.
The PeopleSoft Enterprise Internal Controls Enforcer is designed to
automate and enforce internal controls required under Section 404. The Enterprise Internal
Control Editor uses the next
-
generation
monitoring and diagnostic capabilities, allowing
companies the ability to reduce the cost of complying with the new regulation. It also drives
accountability deeper throughout the organization with real
-
time visibility into the
performance of internal con
trols (
www.peoplesoft.com
).


11

Oracle Corp.

Oracle's Internal Controls Manager version 2 is designed to help organizations comply
with financial regulations by monitoring business processe
s and automating controls.
The
application documents and tests the internal controls of an organization.
Internal Control
Manager allows the user to identify audit attributes, like specific general ledger accounts and
process owners, associated with each process. The product will
provide the infrastructure
needed to establish a certifiable auditing process, along with special controls to alert users to
potential risks for fraudulent reporting or misinterpretation. It also allows for identification
of those risks and mitigating co
ntrols. Companies can link documentation directly to the
procedures so users can access information such as who is responsible for a particular phase
of the process, when the last audit was performed, or how revenue is being booked.
Management can get al
erts in the form of portal screen prompts in case of potential reporting
errors
--

for instance, if an expense was marked as an asset in a procure
-
to
-
pay application
(Songini).

SAP AG


Working in close collaboration with leading consulting and auditing fi
rms, SAP has
tailored financial compliance capabilities to comprehensively address companies’ SOA needs
and reduce the complexity of meeting today’s most pressing business challenge
(
w
ww.sap.com/company/press/press.asp?pressID=2514
). Building on the inherent control
principles and existing capabilities for Sarbanes
-
Oxley compliance in mySAP Financials and
mySAP ERP, SAP has added new functionality for the management of internal contro
ls and
“whistle blowing,” and enhanced the solution’s Audit Information System
--

offering
companies a straightforward, closed
-
loop solution for Sarbanes
-
Oxley compliant accounting,

12

reporting, and performance management
(
www.sap.com/company/press/press.asp?pressID=2514
).



mySAP Financials and mySAP ERP create a sound internal control environment;
produce accurate and timely financial statements, he
lp ensure public trust, and mitigate and
monitor risk across the enterprise. mySAP Financials have many key features including:



Management of Internal Control (MIC): This feature provides documentation of
internal disclosure controls and procedures, regu
lar assessment and/or testing of the
design and effectiveness of the controls. It also provides a management report on
status of internal controls, gathering of control assessments and associated findings or
deficiencies to support certifying officers’ si
gn
-
off, and provides auditors with access
to the final assessments in the internal control system, which supports the required
attestation report on management’s control over financial reporting (Jourdan).



Audit Information System (AIS): This feature prov
ides structured monitoring and
reporting controls, including a drill
-
through audit trail to the document level, support
management and auditors in ensuring that no material, untrue statements, or omissions
are made.



Business Warehouse



SEM Balanced Scorecar
d

mySAP Financials
offers a set of foundational controls for reporting, security, and
document flow, as well as a rich set of capabilities to support auditing, risk management,
consolidations, and performance measurement.

Communication and collaboration to
ols


13

Akonix


Most regulators have indicated that Instant Messaging (IM) is subject to the same
records retention, audit and other policies as email communications. Additionally, customer
confidentiality requirements have important implications for IM
(
http://www.akonix.com/products/regulatoryCompliance.asp
). Akonix L7 Enterprise
solution’s logging, archiving and reporting features meet core records retention requirements
and its gran
ular real
-
time policy engine can be used to ensure confidentiality requirements are
not breeched by IM communications. Akonix L7 can also capture and log traffic on private
enterprise IM systems such as Lotus Instant Messaging (formerly SameTime) and Reut
ers
Messaging, providing a unified source for a searchable IM archive. A data warehouse is
available to create reports, review monitored traffic, supervise, and review employee IM use
for regulatory compliance.


The core L7 Enterprise solution can be ext
ended with Akonix's Compliance Manager,
delivering a web based workflow system for industries with supervisory requirements.

The
system allows review, escalation and audit with multiple roles and advanced capabilities.
Optional connectors offer simple int
egration with leading email archiving and storage
providers including Legato, iLumin, Iron Mountain, KVS, Persist and ZANTAZ, allowing
organizations to leverage existing investments and unify IM archiving with existing email
systems (
http://www.akonix.com/products/regulatoryCompliance.asp
).

FaceTime Auditor


FaceTime’s products, the IM Director and the IM Auditor, are
designed to help
companies manage and control IM for regulatory comp
liance. IM Director is an enterprise
-

14

class application that gives IT professionals the tools they need to safely embrace the growing
use of instant messaging (IM) in corporations. IM Director provides companies with:



Communication Logging: IM Director
r
ecords conversations across all IM networks.



Centralized Management and Control: This product has the capability to map IM
buddies names to employee Ids, control IM usage through web
-
based administration,
and interoperate with and control all popular IM
networks and clients.


IM Auditor addresses the regulatory compliance needs of financial services firms,
healthcare organizations and other businesses that must adhere to government regulations
(
www.facetime.com
).
IM Auditor extends the capabilities of IM Director by adding specific
features that are important for regulatory compliance. A key capability of IM Auditor is:



Regulatory Compliance Workflow:
IM Auditor records, stores and supervises
messages generated o
n financial services specific IM systems. This provides
corporate compliance a single enterprise
-
wide IM compliance solution while enabling
IT management to gain control of all IM communications through a single user
interface (
www.facetime.com
).

IM
-
Age Solution, Inc.


IM
-
Age Solutions, Inc.
offers enterprise solutions to ensure security, compliance and
productivity for public instant messaging communications. Their product, IM
-
Policy
Manager v4.0, logs, reports, a
nd alerts on IM conversations on AOL, MSN,
ICQ, Yahoo!, and
Sametime.
IM
-
Policy Manager
provides an efficient, cost effective way to meet regulatory
requirements to capture and log IM traffic.
IM
-
Policy Manager authenticates internal and
external IM user
s, logs peer
-
to
-
peer IM sessions, forwards high priority IMs to an inbox, user
or department, encrypts authorized conversations and files sent over IM, and manages the

15

productivity of authorized IM users.
The software allows for blockage of IM usage by us
ers,
group, or IM client type, file transfers to reduce network traffic and viruses, and
unauthorized,
encrypted content.

IMlogic


IMlogic has released the IM Manager 6.0, the company's enterprise
-
class IM
management solution that provides the centralize
d infrastructure for managing, reporting,
securing, and enabling employee IM usage across multiple IM networks. IM Manager 6.0
offers companies with real
-
time line of business policy enforcement, role
-
based provisioning
and authentication, and mission
-
cr
itical systems management for corporate instant messaging
usage. The software enables enterprises to enforce access control, authentication, security,
and compliance policies in real
-
time across line of business groups, automating traditionally
time
-
inten
sive provisioning and policy enforcement tasks generally undertaken by
information technology administrators (
www.imlogic.com/press_60.htm
).


IM Manager 6.0 introduces powerful capabilities including:




Real
-
Time Line of Business Policy Enforcement:
IT administrators can control
internal and external IM access, restrict file transfer and messaging capabilities, and
enforce compliance regulation based on "line of business" rules.



Role
-
Based Provisioning

and Authentication:

IM users can be authenticated and
automatically provisioned based on their business role within the organization.



Mission
-
Critical Systems Management:

IT administrators can ensure that IM is
delivered as an enterprise
-
class service w
ith a new systems management dashboard
that allows for real
-
time monitoring, diagnostics, and recovery of IM usage within the
enterprise.


16



Enhanced Enterprise IM Management and Security:
IM Manager 6.0 offers security
for IM, including integration with mul
tiple AV scan engines and the addition of
multiple content filtering lexicons.

Irons Mountain


Designed specifically to comply with new and emerging requirements from
regulatory agencies,

Iron Mountain's E
-
Mail Archiving Services allows companies to
outsou
rce their email archives. The company provides a highly secure, auditable, and cost
-
effective solution for storing, searching, and retrieving significant e
-
mail records.

Its internet
-
based archive service consolidates electronic records
-

e
-
mails, image
s, electronic statements,
and more
-

into a unified, browser
-
accessible archive for fast and easy search, retrieval, and
management. Iron Mountain Digital Archives cost
-
effectively archives, manages, and
protects one of a company’s most important assets
-

e
-
mail
-

while providing them with a
critical advantage: the ability to quickly retrieve and use their e
-
mail records whenever and
wherever they need them
(
www.ironmountain.com/services/svc3.asp?svc1_content=4&svc2_code=11&svc3_key=47
).

Iron Mountain writes all records submitted to the Digital archives to WORM optical disk, a
high
-
capacity removable disk that provides fast access to information. To hel
p comply with
Sarbanes
-
Oxley,
the Digital Archives utilizes hardware that automatically verifies the
accuracy of the recording process, and keeps an audit trail of all system actions to verify the
integrity of archived records. This audit trail history is

searchable and auditable.

KVS


Email archiving and content management software provider
KVS created the flagship
product Enterprise Vault, which offers a total archiving platform and unique framework
to

17

tailor a custom archiving policy for emails, file sy
stem documents, instant messages and
Microsoft SharePoint Portal Server documents.

Enterprise Vault allows companies to
streamline and reduce the ongoing cost of information storage for the enterprise and
simultaneously keep it instantly accessible for us
ers and the organization
(
www.kvsinc.com/fw/main/default.asp?DocID=1653
).
One of the major benefits of email
and content archiving is the ability to maintain a long
-
term repository of c
orporate records,
which will become vital in the event of litigation or regulatory compliance. The Enterprise
Vault Business Accelerators address this by enabling an organization to exploit archived
content for compliance and legal protection (
Dunwoodie).


Content is archived into the
Enterprise Vault Repository where access is controlled through standard authentication
mechanisms.

The lifecycle of retention and disposition is managed and content is indexed so
that it may found quickly when required.
Us
ing Enterprise Vault, companies can:



Transform information into an enterprise asset that assists knowledge transfer and
ensures compliance with statutory requirements




Search and retrieve content instantly



Increase information worker productivity by autom
atically moving information into
storage, and eliminating e
-
mail message and content storage responsibilities from
users



Reduce e
-
mail/content administration and storage costs



Protect and secure corporate e
-
mail resources and content, with optimized backu
p and
recovery


18

Legato


Legato’s EmailXTender family of products
provides both enterprise data storage AND
content management for electronic messaging. EmailXtender is a comprehensive, policy
-
based system that automatically collects, organizes, retains an
d retrieves email
messages/attachments and supports Microsoft Exchange/Outlook, Lotus Notes/Domino,
UNIX Sendmail and Bloomberg Mail. The product makes enterprise email easier because it:



Automatically copies every email and attachment into an Enterprise
Message Center



Generates a full
-
text index of all messages/attachments



Enables administrators, supervisors, and users to conduct intelligent search/retrieval



Reduces email server stress and bottlenecks by seamlessly extending email message
stores into low
-
cost and high
-
capacity storage devices

EmailXtender provides companies with fast
and efficient access to email messages
and attachments through user authentication, saving valuable time and money. The
EmailXtender

also has an enhanced ability to survive v
irus attacks through superior email
server management.

Based on the capabilities of the EmailXtender, the
EmailXtender Archive Edition is
the simple yet powerful solution for email storage management in support of Microsoft
Exchange and Lotus Notes/Domi
no environments. It delivers scheduled
-
based archiving
allowing organizations to offload and archive email messages from email servers, freeing up
space and improving overall system availability (
www.legato.com/products/emailxtender/
).

WiredRed


e/pop Professional developed by WiredRed is a secure, company
-
wide instant
messaging (IM) system.

e/pop Professional instant messaging delivers messages fast to

19

multiple recipients throughout an organiz
ation’s network. Combined with an e/pop server,
e/pop Professional provides a secure, reliable, scalable, and centrally managed instant
messaging solution.

e/pop Servers offer a built
-
in security system for organizations requiring high level
security.


The server security policy defines the level of security required by all connecting
e/pop clients and pipes. RSA encryption is combined with RC4, DES or AES encryption to
secure the connection and maximize performance. RSA is used to authenticate connect
ions
and secure communications while exchanging passwords and security keys
(
www.wiredred.com
). It provides a high level of security for mission
-
critical business
information traveling over unsecured networks.

The

e/pop server and server management console application allow the IT
administrator to manage users throughout the e/pop directory. Each user is tracked in the
system, along with their account login information and profile if they have been assigned.
From

the management console an organization can control security policies, groups, profiles,
connections, pipes, and monitor e/pop traffic over its wide area network. The console can be
used over the Internet or from another location to manage all the servers

in an e/pop
organization. It includes easy
drag and drop functionality for user profiles and group
management in multiple directories.

ZANTAZ


ZANTAZ developed Digital Safe™ services to meet the most conservative
interpretation of SEC 17a
-
4 regulatory requirements. The Digital Safe service meets the
requirements of regulated industries such as financial services, insurance, pharmaceuticals,
energ
y, telecom and others, as well as government agencies. It is designed to help companies

20

increase productivity and become more competitive by providing anytime access to their
documents and messages. Digital Safe services provide comprehensive, secure and

scalable
digital archiving capabilities for all electronic documents including email, non
-
email
electronic documents, attachments, trade confirms, statements, mainframe reports, order
tickets and instant messages (
www
.zantaz.com
).

Digital Supervisor Solution is a service that is included within Digital Safe services.
Digital Supervisor
provides an easy
-
to
-
use and comprehensive solution to retention and
monitoring requirements of NASD and SEC rules.

Using Digital Supe
rvisor supervisors can
quickly monitor inbound and outbound communications

effectively and efficiently. Digital
Supervisor offers
companies:



Flexibility



End
-
to
-
end email sampling, monitoring, archiving and compliance solution



Content sampling to allow au
thorized supervision to periodically check content of
email messages and attachments



Automated reporting documents supervisory activity



Real
-
Time Message Capture meets standard of evidence



Security, scalability and reliability

Another service provided with

Digital Safe services is the Audit Support Service.
This service allows organizations to quickly and accurately respond to audits and/or
litigations. The ultimate goal of Audit Support Services is to help companies comply with
audit requirements in the
most time efficient and cost effective manner possible. Audit
Support Services help companies to:



Search historical and current documents in a single online archive


21



Eliminate business disruptions



Ensure that critical business data is properly handled to a
void loss of critical
documents



Ensure a rapid response to audit and discovery requirements

Regulatory and technical references


The companies listed in this section provide the latest information on new government
regulations and how to comply with these
new regulations. These companies provide
softwares and/or references to indicate how to gather information and create intelligence
within an organization.

BNA Inc.

BNA’s Corporate Accountability Report provides companies with timely news of
significant
legal developments concerning officers and directors, executive compensation,
financial reporting, corporate disclosure, shareholder rights, auditing and accounting,
corporate ethics codes, pension reforms and administration, professional responsibility, a
nd
other matters. The Corporate Accountability Report allows a company to adapt to new
changes in many fields by providing objective coverage. It provides your company with

the
many provisions of the Sarbanes
-
Oxley Act and any related measures that will
help your
company comply with the new regulations.

Factiva


Factiva Client Solutions utilizes years of strategic and technological expertise to work
within a company’s existing environment to orchestrate an information roadmap
(
www.factiva.com
). Factiva, a pioneer in Enterprise Information Architecture, revolutionizes
the way a company gathers information and creates intelligence. Factiva helps retrieve

22

information from across an organization, no matter the content
or format, normalizes it and
presents the information in a clear format, relevant to the users. Its standards
-
based workflow
products provide developers with tools and capabilities needed to embed content and
functionality into applications such as portal
s, intranets, or customer relationship management
systems (CRMs). The users get access to relevant and related information from all sources in
their everyday applications.


Factiva Publisher provides a single point of access to internal and external new
s and
information on your intranet. It delivers the critical business information from nearly 9,000
sources in 22 languages, which allows companies to make better business decisions. Factiva
Publisher reduces the time users spend seeking information by p
roviding the right information
within a company’s portal, and provides powerful functionality and customization.

Factiva Fusion, a content intelligence service, categorizes content using its
customizable business taxonomy, Factiva Taxonomy, and unifies dis
parate content sets
throughout the organization. Factiva Fusion works within an organization’s existing
infrastructure and applications, supplying XML web services and an enterprise
-
compatible
information security model. It increases the productivity and

accuracy of your organization’s
knowledge workers by making internal and external information easier to find through
content analysis and application of a customizable business
-
focused taxonomy in a
standardized, easily searchable format (
www.factiva.com
). Factiva Fusion Enables intelligent
integration of information at the point of decision into workflow applications, such as portals
and CRMs, and
streamlines the process of finding relevant, actionable information
so users
can spend less time looking for information and more time using it to make better business
decisions.


23

LexisNexis

LexisNexis,
recognized as one of the top innovators in knowledge management, is a
leading provider of legal, news and business infor
mation services.
LexisNexis
®

Total Search
i
s a web browser
-
based
application that

uses its integrated search functionality to expand the
boundaries of the LexisNexis
®

Total Research System. This allows users to search the
lexis.com

service and a law firm’
s internal work product simultaneously, fully utilizing the
intellectual property and collective expertise already residing within a firm. LexisNexis Total
Search allows a company to stretch the boundaries of the research world and to actually take
custom
ers beyond research. LexisNexis Total Search is one of several superior products and
services offered by LexisNexis as an integrated platform of offerings for customers that go
beyond legal research. These include tools for electronic discovery, electroni
c filing and court
access, getting and keeping clients, time and billing management, disaster recovery and
system hosting capabilities.

LexisNexis is helping companies manage their knowledge.

LexisNexis introduced LexisNexis


Publisher, an
advanced content

management tool
that offers an easy way to deliver crucial, comprehensive and on
-
point information to your
web site or intranet visitors. Publisher is a publishing tool that, with a single interface,

allows
you to tap into a full array of respected news
sources (
www.lexisnexis.com
). Publisher is
powered by
www.nexis.com

and uses the filtering precision of LexisNexis Smart Indexing
Technology
™.
With LexisNexis Publisher an organization can enhance the value of the
information by adding comments and links to direct users to related internal or external
documents.


24

WG&L

WG&L’s Checkpoint combines comprehensive tax information and research wi
th the
speed and power of the Internet to deliver accurate and up
-
to
-
date federal, state and local, and
international tax research. Checkpoint subscribers get unparalleled access to information,
insights and tools on tax, pensions, benefits, estate planni
ng and corporate finance topics.
Checkpoint® is quite simply the most complete and authoritative tax research tool available.
One centralized, integrated and customizable online service provides the entire spectrum of
tax information you need: complete ta
x law, expert analysis, practitioner insights, tax related
news, cases, rulings and more (
www.riahome.com/brands/default.asp
).

B. Document Management and Workflow Software Tools

Documentum

Many c
ompanies are using the Documentum repository to establish and manage
internal controls documentation, and securely store all unstructured, Sarbanes
-
Oxley related
content.
Documentum provides companies with a platform with common content repository
and con
tent, collaboration, and process services that can be leveraged by all applications
provided by Documentum, their partners, application developers, or companies that build
their own applications and customizations
(
www.documentum.com/products/platform/index.htm
)
. Documentum’s architecture has three
fundamental elements: content repository, content services, and content applications.



Content repository: Documentum provides a universa
l repository capable of storing
and managing all content types including documents, scanned images, Web pages,
XML, rich media, records, engineering drawings, reports, and many others. Its unique
object
-
relational architecture allows for the storage and m
anagement of an unlimited

25

number of objects of any type in its repository. This enables organizations to leverage
sophisticated architectures and storage systems to account for their performance,
geographic distribution, business continuity, globalization
, and security requirements.



Content Services: The Documentum content server
comprises the core of all content
services provided by Documentum and provides a
variety of content services
common
to all content types. Content services deliver native stora
ge of diverse types of
content, access control, versioning, search, workflow, and many other services
(
www.documentum.com/products/platform/index.htm
)
.



Content Application: Content a
pplications leverage the
Documentum Application
Program Interface (API) in order to have access content in the
Documentum
repository and Documentum content services
.
API provides developers with an easy
-
to
-
use environment to build or customize content app
lications.

Documentum allows a company to
protect and authenticate sensitive content exchanged
across public networks. It also allows companies to extend process automation beyond the
corporate firewall by enabling inter
-
enterprise workflow, allowing pa
rtners and remote project
teams to easily contribute content to a common, trusted repository, which reduces the cost of
archiving and managing records.

eFileCabinet


eFileCabinet is a paperless document storage software solution that enables a company
to r
educe the cost to comply with Sarbanes
-
Oxley. It is a web server and a database server
that is installed on one of a company’s computers.
In the database, each one of a company’s
clients receives a drawer in the eFileCabinet, and each drawer has dividers

for year and type
of work. Papers, files, and documents can all be scanned into the computer, saved as image

26

files, and added to eFileCabinet (
www.efilecabinet.com/FAQ2.htm
).

eFileCabinet documents
ca
n be accessed from other computer workstations on the network using
an

Internet browser.

EMC Centera

EMC Centera’s
Centera Compliance Edition is purpose
-
built to solve regulatory, such
as Sarbanes
-
Oxley, and IT challenges, while addressing the need for l
ong
-
term records
management. Centera’s online, magnetic disk
-
based architecture provides the advanced
retention and disposition functionality that compliance applications demand
(
http
://www.emc.com/news/press_releases/viewUS.jsp?id=2030
)
.

It provides organizations
with faster access to their records while guaranteeing authenticity through Centera’s
automated system of continuous data integrity checking. It also has retention protect
ion that
ensures that records cannot be prematurely erased. Upon expiration, records can be deleted
and destroyed beyond recoverability, in excess of federal standards, ensuring that records
cannot be retrieved

guaranteeing confidentiality.

FileNet

FileNe
t Compliance Framework is designed to help companies manage critical
document lifecycles, enforce and monitor processes for compliance, and respond to audits and
inquiries.

The framework helps them address a wide range of compliance and risk
management le
gislation requirements while reducing the total cost of compliance and
corporate governance initiatives
(
www.filenet.com/English/Products/compliance/compliance.asp
). FileNe
t Enterprise Content
Management (ECM) solutions deliver a comprehensive set of capabilities that integrate with
existing information systems to allow organizations to manage their content, integrate
business processes, and provide the full
-
spectrum of conn
ectivity needed to simplify their

27

critical and everyday decision
-
making. The framework is divided into four solutions, each
focusing on an ECM capability:



FileNet Business Process Manager
automates, streamlines and optimizes business
processes by managing

the flow of work between people and systems. Its ability to
handle millions of transactions and thousands of users enables businesses to increase
process performance, reduce cycle times, and improve productivity.



FileNet Content Manager
provides control,

access, and sharing of content in a secure
and highly scalable environment. Content Manager integrates easily with existing
desktop and business applications for easy collaboration, and it manages all events in
the content lifecycle

from creation to revis
ion, approval to archival.



FileNet Forms Manager provides everything needed to easily design, deploy and
process electronic forms (eForms) across the organization to speed business decisions.
Forms Manager quickly transforms cumbersome paper forms into ful
ly interactive
eForms that directly connect to the applications that drive the business, reducing costly
errors, streamlining operations and increasing overall customer responsiveness.



FileNet Records Manager provides capabilities to administer the lifecyc
le of critical
records, enforce processes for records management, respond to audits and inquiries,
and demonstrate proof of compliance. FileNet Records Manager helps companies
organize, securely store and quickly retrieve essential company records.

GoFile
Room


Immediatech, the leading provider of document management solutions for CPA firms,
developed a hosted web
-
based, also referred to as ASP, document management system known
as GoFileRoom (GFR), that provides organizations with flexible indexing for effi
cient

28

searching, viewing, annotating, emailing and long term archiving. It also provides complete
tracking and audit trail of document activity from the moment a document enters the system.
The core of the system is an online document repository that can

be organized in a similar
way that a paper folder. The repository can be divided into sections and subsections, and
contains all documents.

GoFileRoom goal is to make indexing an easy and efficient process. Many features
are provided to speed up the p
rocess and minimize data entry, which includes but not limited
to:



Parent
-
Child indexing feature simplifies the process by showing the user only relevant
lists to choose from



An interface with your existing systems automatically captures index information



Drop
-
down lists are defined for each index field



Complete document history (audit trail) shows all viewing and index modification.



Notes can be posted and viewed on documents.



Search results are displayed with all corresponding index information and may be

sorted in ascending or descending order.



Import engine that allows for the automatic importation of documents generated by
other customer systems.

GoFileRoom also includes a complete, easy
-
to
-
use System Administration module
that controls the set up and c
onfiguration of drawers as well as users and their security rights.
Document viewing and editing and other functions can be restricted by user groups, drawers
or specific documents (
www.im
mediatech.com/gofileroom
-
features.htm
).

An advanced

29

password administration module is also provided to maintain passwords and their expiration
dates.

IBM/Lotus

Recently, IBM, the
leading information technology company
,

announced
new
software designed to

help organizations that are faced with meeting government and industry
regulations by enabling them to automate tasks associated with managing, retaining, and
securing business information. The software not only helps increase business efficiencies so
co
mpanies can gain deeper insight and predictability on their business information, but also
helps address the information requirements of regulations affecting their businesses. The
softwares, IBM Content Management for Message Monitoring and Retention, IB
M Lotus
Workplace for Business Controls and Reporting, and IBM Tivoli Security Compliance
Manager, are designed to help companies with financial reporting standards (
www
-
306.ibm.com/software/swnews/swnews.nsf/n/mmaa5s4lhu?OpenDocument&Site=default
).




IBM Content Management for Message Monitoring and Retention helps manage
archival and retention of correspondence su
bject to government regulations. The
solution, which consists of an advanced indexing capability, provides for the
surveillance and archiving of inbound, outbound, and internal email messages. It also
intelligently scans and analyzes electronic messages
by identifying and flagging
content for further review.



IBM Lotus Workplace for Business Controls and Reporting is an integrated set of
products and services to help companies manage internal controls and data
requirements. The tool allows companies to id
entify, assign, test, and monitor
business controls.


30



IBM Tivoli Security Compliance Manager provides automated security policy
compliance audits, helping organizations to identify security vulnerabilities and policy
violations. Automated scans of servers
and PCs check to see if systems comply
with

policies, then give security officers and compliance auditors detailed information
about the security health of their organization.



IBM Lotus Domino Document Manager improves an organization's efficiency through
enhanced collaboration and information management. It offers complete document
life cycle management
-

from authoring through review, approval, distribution and
archiving
-

for every user and every document in the organization.

C.
Data Mining, File Retr
ieval, Pattern Recognition and Business Intelligence Software


Tools


Data mining, file retrieval and pattern recognition tools

ACL

ACL Services Ltd, the global provider of Business Assurance solutions to financial
executives and audit professionals,

launch of its newest client server solutions, ACL Server
Editions. The Server Editions enhance the ability of auditors, assurance analysts, and
financial decision
-
makers to gain immediate access and greater visibility into corporate data
by connecting th
e processing power, speed, and reliability of server technology to reduce
audit and compliance review cycles from months and weeks to days.
(
www.acl.com/About_ACL/pr.aspx?ID=42
). The Server Editi
on has the capability to read
and analyze data
,

which
enables financial decision
-
makers to assure the effectiveness of
internal controls, reduce risk, detect fraud, minimize losses, and enhance profitability. ACL
server software features read
-
only access
that ensures data integrity by never compromising
source data. It conforms to established data access profiles and security mechanisms,

31

eliminating the need to modify enterprise applications or networks. Its technology also
enables the independent testin
g and validation of transactions against business controls and
operational policies.

ACL also offers a suite of Continuous Controls Monitoring solutions for financial
managers accountable for the effectiveness of internal controls policies and management

(
http://www.acl.com/Business_Environment/Sarbanes
-
Oxley.aspx
).

Continuous Controls
Monitoring independently and continuously checks and validates all transactional data against
control parameters, business rules, and historical data trends, to identify transaction
anomalies.

With Continuous Controls Monitoring, management
has

timely notification of
control breaches and quantified potential exposure through a browser
-
based interf
ace, to
enable follow
-
up investigation, analysis, and remediation.

CaseWare’s IDEA


CaseWare Idea Inc., a Toronto
-
based developer and marketer of fraud detection
software and other highly specialized analytical tools for accountants and auditors, announced

IDEA Data Analysis Software,
software

developed to allow companies to
read, display,
analyze, manipulate, sample, or extract from data files from almost any source. IDEA can be
used to satisfy financial statement objectives, identify fraud incidents, man
age reports,
perform analysis on data, and provide review of system logs and access rights for security
purposes.


An optional component to IDEA, CaseWare Examiner, allows users to mine security
and other log files created by Windows XP, 2000 and NT for d
eviations from corporate
policy, security breaches, inappropriate usage and other useful audit and management analysis
(
www.caseware
-
idea.com/fsr.asp?surl=
%2Fproducts%2Fidea%2Fmoreinformation%2Easp
).

32

IDEA, with Examiner, allows for the importation of logs and extraction of other system
information to perform a series of analyses to profile the information in a meaningful way.
This component allows for the

comparison of trends and patterns in financial statement
accounts. Another optional component, DATAS, allows an organization to perform a suite of
analytical subroutines that use digit and number patterns to detect fraud, error biases,
irregularities, an
d processing inefficiencies.

Business intelligence

Business Objects/Crystal

BusinessObjects Enterprise 6.1 is a
business intelligence (BI) software, which consists
of applications that make computer systems more attuned to customer behavior. It is geare
d
to helping enterprises make more informed business decisions about what to offer their target
audiences. The software allows users to
sort and filter data,
add and remove report data, and
include simple calculations without switching to a sophisticated
report
-
authoring
environment. It includes Online Analytical Processing (OLAP), which is a category of
software tools that provides analysis of data stored in a database. OLAP tools,
usually used in
data mining,

enable users to analyze different dimension
s of
multidimensional data.
BusinessObjects Enterprise 6.1 provides enhanced performance and analysis features,
increased data integration productivity, streamlined dashboard personalization and superior
enterprise deployment capabilities.

BusinessObject
s Data Integrator, included in
BusinessObjects Enterprise 6.1,
offers a
graphical user interface (GUI) and bundles data preview and profiling directly into the
extraction, transformation, and loading (ETL) environment to reduce design and data
validation t
ime (Boulton).


33

Cognos Inc.

Cognos Inc. has developed several new business intelligence technologies. The first
technology,
Cognos’ ReportNet 1.1, is an enterprise business intelligence (EBI) and corporate
performance management system that increases an
enterprise’s efficiency through its Web
-
based report and query authoring environment, extensive multi
-
lingual support and Web
Services
-
based architecture to meet the needs of today's multi
-
national, diversified
enterprises. ReportNet 1.1 provides enterpri
ses with a comprehensive reporting coverage.
Another technology, Cognos PowerPlay, is an OLAP (online analytical processing) software.
With Cognos PowerPlay, a user can perform his/her own multidimensional analysis, create
reports, and share them to mak
e better decisions. PowerPlay allows anyone at any business or
technical skill level across the company to explore large volumes of summarized data with
sub
-
second response times.

Cognos Visualizer is another technology that uses sophisticated visual re
ports
("visualizations") to communicate complex business data quickly and intuitively. It is an
integrated component of the comprehensive business intelligence from Cognos. The
dashboard views allow users to see the significant trends and relationships i
n their business
performance with complex data presented in a simple visual format. Cognos Visualizer's
statistical charts measure mean, median, standard deviation, percentiles, variation, and
frequency distribution
(www.cognos.com/news/releases/2004/0316_1.html
)
. Cognos
Visualizer provides broad
-
based support for quality methodologies like Six Sigma, the
rigorous performance measurement system designed to drive continuous process
imp
rovements toward a goal of zero defects in products and services.


34

Cognos also offers an integrated set of Analytic Applications that come with pre
-
built
reports, performance indicators, and connections with underlying data sources from ERP
vendors.

They

package reporting and analysis, scorecarding, and planning capabilities for the
areas of customer, supply chain, and financial/ operational analysis.

SAS Financial Management


SAS Financial Intelligence provides companies with solutions for consolidation,

reporting, budgeting and planning, activity
-
based modeling, and advanced analytics. SAS
Financial Intelligence combines a foundation for integrated, enterprise
-
wide financial
intelligence with specific solutions that create financial transparency and ena
ble:



Regulatory compliance
: With documentation of disclosure controls and procedures
and powerful consolidation technology, SAS helps you achieve financial transparency
and close your books faster in order to meet new reporting deadlines.



Formulation, exe
cution and measurement of strategy
: SAS Financial Intelligence
allows companies to create metrics for monitoring and controlling the performance of
all business processes. These performance indicators provide better visibility into
corporate strategy and
initiatives.



Budgeting and planning
: Automate and decentralize the planning process while
building proactive budgets based on integrated, accurate and predictive information.



Cost and profitability analysis
. This helps companies understand the costs and
profitability of products, suppliers, channels, partners and customers. Companies can
use this information to create more accurate forecasts, budgets and simulations.


35



Consolidation
: Many organizations have disparate operational systems and general
ledger
s. SAS can access, consolidate and clean all their disparate data, helping them
close their books faster and spend more time on valuable analysis.

SAS Financial Intelligence will help companies ensure compliance, efficiency, profitability
and overall per
formance.

D. Business Performance Management and Real
-
Time Compliance Tools

Business Performance Management (BPM)

Fuego


Fuego’s Business Process Management System software helps companies automate
and manage controls over high
-
risk financial accounting a
nd reporting processes. Using
Fuego, companies can:



Completely customize control process designs and control parameters



Integrate with existing enterprise software and legacy applications



Manage processes

using an active/preventative control approach



Man
age workflows, collaborations, and approvals through a single application

Fuego allows companies to model their critical financial processes and execute them as
supervisory control applications giving them the power to enforce, automate, audit, and
manage
financial controls (
www.fuego.com/products/solutions/sarbox.html
).


GEAC Enterprise Solutions


GEAC Performance Management, an open, web services based architecture, provides
companies wi
th a single management system with built
-
in intelligence that promotes integrity
to help them comply with government regulations. It is designed to improve enterprise
business performance by allowing a company to create a unified business process across

36

m
ultiple systems, route tasks to the appropriate user or role with approval steps as needed, and
easily analyze processes to improve performance and ensure corporate goals are met.


The
software provides drill
-
down capabilities to view underlying transactio
nal data and allows top
management to understand the factors contributing to the summary of financials, and has
built
-
in textual capabilities to provide insight into operational performance. GEAC
Performance Management allows for the integration of nonfin
ancial data that ultimate impacts
financial performance. It also provides ad
-
hoc analysis that enables executives to analyze
data by multiple perspectives for improved understanding of reported results
(
www.am
ericas.geac.com
).


GEAC Performance Management helps companies improve their disclosure controls
and procedures by delivering a comprehensive application for business performance
management that provides a single, transparent view of data to all users o
f the system. It
provides guided workflow capabilities to ensure understanding and tracking of processes and
deadlines throughout the organization. Robust financial consolidation capabilities are also
supported with GEAC Performance Management providing
automated adjustments and full
audit trails.


GEAC Performance Management streamlines the reporting process by integrating data
from multiple general ledgers, chart of accounts, and other sources, and automating internal
and external report generation and
delivery processes.

Savvion BusinessManager 5


Savvion's award winning BusinessManager 5 system allows an organization to
automate and manage people and systems based business processes, integrate with legacy
systems, and deploy them as web based applicati
ons accessible from traditional desktop

37

browsers and Palm Powered products. Savvion BusinessManager enables the extended
enterprise by supporting processes that link to customers, partners, and suppliers leveraging
the Internet. Savvion BusinessManager
is the first BPM system in the industry to deliver true
process lifecycle management, the complete end
-
to
-
end delivery of business processes from
modeling to deployment to management to process improvement
(
www.savvion.com/solutions/
).


The integrated modeling and simulation tools BusinessManger 5 possess enable
business managers to quickly map a process, simulate process execution, and fine
-
tune and
optimize process flow. In addition, a new process repos
itory allows managers to store refined
process models for implementation by IT staff and for reuse across the enterprise. Added
support for swim lanes also allows managers to delineate ownership of each process step for
improved coordination between respo
nsible parties and tighter process management.

The software provides scorecards that can be used when monitoring business activity.
These scorecards help users chart progress in achieving business goals and provide real
-
time
performance statistics that

can alert managers to possible problems. BusinessManger 5
delivers more than 40 reports to management giving them complete visibility into almost any
aspect of a process. The reports provide detailed process metrics that can assist companies in
minimizi
ng “white space,” better allocating workloads, and enhancing attrition planning for
increased productivity (
www.savvion.com/solutions/
).

BusinessManger 5 also provides drill
down capabilities that provide

managers with the underlying data in the reports.

Real
-
time compliance


38

Approva Bizrights

Approva Corporation, a leading provider of enterprise controls management software
for ERP business processes, released
Biz
Rights for Controls Monitoring, version 2.
0.
Biz
Rights for Controls Monitoring is the foundation of Approva’s enterprise controls
management family of products. It allows Global 2000 corporations with SAP R/3 to manage
business risk cost
-
effectively, and ensures regulatory compliance with the S
arbanes
-
Oxley
Act of 2002 (
www.approva.net/news
-
events/release
-
archive/2004
-
04
-
06
-
01.htm
). Key
features of
Biz
Rights v. 2.0 includes the automatic translation of SAP acr
onyms into easy
-
to
-
understand and easy
-
to
-
use terms, thereby significantly improving business users’ ability to
manage business risk and internal controls. It also leverages the Business Controls
Workbench, enabling centralized change and management of bu
siness monitoring rules.
Business rules continuously support detection of segregation of duties and access to sensitive
transaction violations.

The software includes
simulation analysis for proactive risk management, pre
-
defined
approval templates and d
ocumentation of changes to internal controls, and incorp
orates
software directly

focused at Section 404 of the Sarbanes
-
Oxley Act, the Sarbanes
-
Oxley
Compliance Pack. The compliance pack provide rules, reports, compensating controls and
other business con
tent designed to accelerate and manage compliance with various
government and industry regulations. The simulation analysis identifies the impact of
proposed configuration or permission changes, preventing control violations.
The

reporting
and notificat
ion capabilities provided by
Biz
Rights allow constant monitoring of compliance
status and alerts of potential problems (
www.approva.net/products/
).


39

Axentis Enterprise

Axentis provides a comprehensive softw
are application for the comprehensive,
consistent management of governance, risk and compliance. The application, Axentis
Enterprise, fully supports the principles/methodology of COSO and was specifically designed
to automate processes in compliance with
the standard of Effective Compliance Process, as
defined and utilized by the federal government (
www.axentis.com/solutions.htm
). The core
framework of the software is comprised of the following capabi
lities:



Organization Management: Through organization management, companies group
constituencies that share similar behavioral and procedural governance, risk and
compliance responsibilities.



Requirements Management: This capability enables the definitio
n, tracking and
communication of a broad range of managerial and tactical responsibilities. By
leveraging Axentis Requirements Management functionality, organizations can
achieve a manageable collection of responsibilities organized by process, a mechanis
m
to clearly communicate such responsibilities to the appropriate constituencies and
complete visibility into the performance of the process.



Process Management: Process Management serves as a key interface point for
receiving control/process performance
and exception information from other systems
and initiating workflows or functions in other solutions. This enables Axentis
Enterprise to serve as the key framework for consolidating
responsibilities;

driving
many governance, risk, and control management
processes (GRC), enforcing
consistent remediation of issues or incidents and incorporating many applications

40

focused on a broad array or structured processes. Workflow capabilities are included
within process management.



Reporting and Monitoring: Axentis

provides real
-
time monitoring and quality
corporate reporting within and across governance, risk and compliance processes,
allowing companies to identify, assess and mitigate the risks, behaviors and gaps that
adversely impact performance. Real
-
time dash
boards provide rich reporting visibility
into the status of an organization's GRC initiatives and can be viewed by multiple
criteria, including groups, requirements, processes exceptions, investigations,
departments, legal entities, timeframes, etc. These

reports and dashboards clearly
present information so time
-
constrained managers and board members can easily
digest and understand


giving organizations the valuable information they need to
continuously improve.

CARDmap


CARD®map software has been desig
ned to help organization meet its risk and control
governance responsibilities and improve business performance.
CARDmap is a web
-
enabled
software program that allows users to chart and monitor any facet of their operation. The
systematic approach allows

users to create an accurate and up
-
to
-
date survey of their current
performance, risks, controls, and residual risk status.

Business areas or processes can be
detailed on a computerized "card". These cards help assemble a snapshot of all, or any part
of,

their "risk" and "control" map. The software allows them to assess risks and controls,
identify problems, monitor performance, assign responsibility and prioritize action areas. An
integrated database of performance results, loss history, risk exposures
, controls, residual risk

41

status, and action plans for the organization is built to provide the organization with reports of
main business processes.

Centerprise Corporate Control Center

Centerprise’s
Enterprise OpRiskCenter

is an integrated enterprise
-
wid
e operational
risk solution. It includes the four traditional operational risk components: a control self
-
assessment tool, key risk indicator capture and reporting, loss event capture/database and
operational risk analytics for calculating capital, as wel
l as a robust issue action plan tracking
system. It is built on four strong foundation pieces 1) data collection & monitoring, 2)
organizational management and accountability definition, 3) business process management,
and 4)
op risk measurement and repor
ting, w
hich all work together to support and enhance the
operational risk functionality. The data collection and monitoring provides companies with
software system inventory management, which monitors data feeds and data transformations
via message flows.

The organizational management and accountability centerSphere, or a
complete management framework for achieving a new level of integration across the domains
of market, allows companies to define and maintain organizational reporting lines, manage
and de
fine roles, staff assignments and responsibilities, and create queries
for operational risk
exposure indicators by organizational and other reporting dimensions.


The business process
management centerSphere defines and automates workflow, automatically a
ssigns work items
to the appropriate individuals, defines escalation/notification rules and timing, and utilizes
workflow
audit trails to identify operational risks and build risk exposure indicator metrics for
operational risk database.


The last centerS
phere,
op risk measurement and reporting
, allows
companies to control self
-
assessment programs. Other additional features include:



Mapping assistant for capturing loss events from general ledger


42



Unique workflow capability that allows for automated, tiered

escalation and
notification, staff routing and exception handling



Strong foundation in organizational management and data collection



Ability to define multiple hierarchy and classifications schemes



Historic state management



Ability to seamlessly acquire
additional components to manage other enterprise
-
wide
issues (e.g. reference data and business performance)

Certus

Nth Orbits product, Certus, addresses the full range of compliance with Sarbanes
-
Oxley Sections 302 and 404 and is designed to allow Fortune
500 companies to implement
the full COSO framework. Certus enables continuous compliance from risk assessment,
controls documentation, gap management, remediation, testing, and ongoing monitoring.
Companies can quickly implement Certus and leverage work
already done to accelerate
compliance and reduce overall costs. By allowing employees to respond to compliance
activities entirely through their Microsoft Outlook or other popular email tool, Certus
dramatically reduces the costs of training and rollout w
hile enabling distribution and
delegation of compliance responsibilities across the enterprise. Sophisticated reporting
provides aggregate and detail visibility of the project and controls by account, process, status,
location, and business unit so contro
llers and compliance teams can manage effectively and
chief financial executives can certify reliably. It provides a
BPM system with
extensive
capabilities for designing new controls, implementing surveys and assessments, and
automating authorizations and

sign offs. An organization can easily author and formalize
policies and procedures as well with complete version tracking and publishing using the

43

Certus software. Certus leverages scalable J2EE platforms, is available on BEA WebLogic
and IBM WebSphere
application servers, and supports Oracle and SQL Server databases
(
www.nthorbit.com/News/PressRelease_020404.html
)
.

CommerceQuest
TRAXION


CommerceQuest Inc.’s TRAXION Business Process
Management Suite (TRAXION
BPMS), enables companies to design, assemble, execute and optimize processes in a service
-
based architecture for the real
-
time enterprise. The software provides enhanced executive
dashboards and project management capabilities fo
r improved insight into business processes.
TRAXION BPMS is a powerful multi
-
platform solution for business process and resource
collaboration. It acts as both a strategic, comprehensive infrastructure for a business' process
strategy and as a series of
tactical, incremental solutions that enable customers to improve
performance today in a risk
-
free environment. It is seamlessly integrated to ensure
frictionless and rapid deployment of business processes.


TRAXION BPMS provides companies with the follo
wing capabilities:



Analysis and Design: TRAXION BPMS offers a highly intuitive set of process tools
via “The Process Analysis and Design Studio.” The tools allow for highly flexible and
customized business process and resource modeling analysis.



Execution

and Integration: It offers a dynamic set of tactical capabilities via its
“Process Director” toolset.

Process Director contains all the tools required to reach
out to, extract, and manage the coordination of enterprise assets, people, systems and
resou
rces.



Management and Optimization: It offers several powerful tools including, “Process
Monitor” and “Process Simulator” that allows for continuous improvement

44

opportunities via real
-
time access to information across an organization’s activities
and opera
tions.

Compli Enterprise

Compli's Enterprise Compliance Management System is a web
-
based compliance
management system designed to help employers manage compliance enterprise
-
wide in real
-
time. Compli enables organizations to monitor and measure all compli
ance efforts with one
simple program. Compli makes it easy for companies to mitigate organizational risk by
helping to prevent lapses in licenses and certifications, Securities and Exchange Commission
filings or other documentation required by law.

Comp
li's Enterprise Compliance Management System allows companies to take a
proactive approach to risk management organizations by providing the four essential elements
of a successful compliance program (
www.c
ompli.com/product.php
):



Orient:
As employees are hired or change position within your organization, Compli
informs them of job or location specific procedures and policies. All employees have
the information needed to take responsibility for his or her
compliance.



Train:
Compli helps companies assess employee understanding of policies and
company best practices. Areas requiring more intensive training are easily identified.



Document: Compli creates a digital activity record for every employee. All
in
teractions are recorded with time and date, providing a defendable electronic audit
trail.



Report: Companies can monitor compliance efforts daily and analyze their overall
risk exposure over time. Companies may also monitor compliance through exception
r
eporting that identifies pending expirations and lapsed filings by type of filing,

45

department, supervisor, etc., pinpointing areas of exposure that must be addressed to
reduce organizational risk.

Handysoft SOXA Accelerator

SOXA Accelerator, built in partn
ership with Plumtree Software, provides the
capabilities public companies need to establish the exact internal controls and reporting
procedures that the Sarbanes
-
Oxley Act demands. The unique combination of BizFlow's
capabilities for process design, auto
mation, reporting, and monitoring, along with Plumtree's
collaboration, content management, search and personalization, make this the ideal solution
for complying with stringent regulations (
www.handysoft.com/solutions/sarbanes
-
oxley/features.asp
). Some of SOXA Accelerator features include:



Pre
-
built structured workflows
that automatically designate individuals to complete
the tasks necessary to document internal controls, trac
k those tasks, and set alerts for
ensuring that tasks are completed in a timely fashion.



Intelligent e
-
Forms are used for gathering control information and storing all data in a
secure SQL database for future reporting. These forms are delivered in a Web
-
b
ased
application that also allows for ad hoc re
-
routing to other users for collaborative input,
approvals, and adding comments and attaching associated documentation.



Personalized, secure, Web
-
based user interface to allow project participants,
executives
and auditors to easily evaluate and review control information and reports
with a simple view of all accounts/functions, processes, and associated controls with
the ability to drill down into supporting details.



Collaboration
including document version tra
cking, electronic comments, group
calendar, and the ability to assign tasks to team members.


46



Comprehensive, secure search within and across all documents and metadata.



Complete audit trail and visual monitoring of tasks and issues.



Enhanced security includ
ing access authentication, permissioning, PKI support, digital
signatures, and non
-
repudiation if required.



Document management with full version control as an optional add
-
on or the ability to
leverage a company's existing document management system.



Solu
tion customization through process design and modeling, e
-
forms design, and a
configurable user interface.

KnowRisk

CorProfit’s product,
KnowRisk,

is a risk management system with a sophisticated
relational database that allows organizations to develop a d
raft picture of their entire
organization, individual business units or specific projects. KnowRisk allows for the
systematic identification of risks and the development of action plans and risk strategies.
KnowRisk is designed to help progressive organi
zations monitor, compare, guard against and
take advantage of their corporate risks. The heart of KnowRisk is the Knowledge Base. The
Knowledge Base stores the risks identified across the organization, together with the
corresponding consequences and con
trols, which allows the organizations to identify what
controls need to be in place in order to mitigate risk.

KnowRisk is designed to be flexible and customizable. Users can change the
KnowRisk screen display to show any combination of data they want si
mply by modifying
the standard layouts of Profiles, Forms, Reports and Knowledge Base data entry screens.
They can apply filters to reduce overload. KnowRisk provides standard reports giving clear,
concise indications of exposure, the effectiveness of co
ntrols and progress towards mitigation

47

targets. If the standard reports do no meet the organization’s needs, CorProfit Systems can
produce unique plug
-
in reports with the company’s own typefaces and logos
(
www.corprofit.com/software/risk
-
management.htm
).

Magique

Magique, developed by D’Arcangelo Software Services, is an
integrated, enterprise
-
wide risk management and control self
-
assessment system that guarantees to help
organizations i
mprove the accuracy and reliability of their corporate disclosures to comply
with Sarbanes
-
Oxley.
Magique used to help organizations to identify, quantify, assess and
control risks. It has options for control risk self
-
assessment projects, event recordin
g, causes
recording and analysis, action monitoring and a range of risk models
(
www.darcangelosoftwareservices.com/magique/index.htm
).

The software has three risk modules, which
are used to help mitigate the overall risk
of the organization. The first module, the
Magique Risk Manager, helps all business area
managers contribute to the identification and analysis of risk within the organization.
The
Risk Manager provides a variet
y of risk evaluation methods, which are maintained with