SOX tool 273



  • Hi everybody.
    we’re currently in the beginning of the SOX compliance process. Our consultants advised us to use a repository tool to document and support the process.
    I know that there are several tools like SAP, SAS, Oracle etc., but not aware whether it is worth to use them or not.
    Could anyone give an advice on the issue?
    Thanks a lot,
    Iren



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • Interesting question. This is something I’ve been looking at in my own organisation. I think you need to consider a few factors:

    • How large is your organisation
    • Is it international or geographically dispersed
    • How many processes will you end up documenting
    • How are you going to document these processes.
      I have seen a variety of tools, some are merely online repositories and to be honest I’ve found these not to be value for money as they have limited functionality.
      The better tools are ones which aid you in preparing the process documentation in a robust searchable format, perhaps allowing you to share control information between processes. Whether you need this depends on how large your project is.
      Tools I have seen (and I am making no specific recommendations) are:
    • Movaris Certainty
    • Certus
    • OpenPages
    • Kilclare Visual Assurance
    • Documentum
    • SAS
    • Paisley Consulting
    • Netviz
    • Protiviti Sarbox Portal
    • eproject
    • axentis
    • casewise
    • PwC TeamMate
      I believe that KPMG and Ernst and Young also have tools.


  • Like i said in my other posts…
    i would look at your size of the organisation…the only caveat is that if u decide to use a tool u are subject to all the problems of General Computer Controls…
    ie… selection of software , defining requirements, implementation, testing, training, documentation …
    not something you’d want to do in the first year of SOX…
    u should try to keep it simple…and assess the value of the too, before u use it.
    Btw, we bought Movaris …but its sitting on my shelf right now b/c I stopped the implementation until next year.
    good luck
    tristanatbui.com



  • the only caveat is that if u decide to use a tool u are subject to all the problems of General Computer Controls…
    ie… selection of software , defining requirements, implementation, testing, training, documentation …
    not something you’d want to do in the first year of SOX…

    GCC on your SOx tool - that’s open to debate. Ultimately the way that you manage your internal control project does not have a financial statements impact. I have yet to see any auditor insist that the SOx tool is in scope for GCC. If you followed that through, so would your process if you were using word/excel/access as an alternative.
    Also, if you were going to buy a tool I would hope that there would be a selection process anyway, no need for that to cause a big overhead.
    And ultimately use of a tool is all about cost/benefit. I work for a very large global company and we would not be able to deliver the project without a tool.



  • Denis,
    I think you misunderstood yoda’s reply. He is not saying you must apply GCC to the process of selecting and implementing any given tool because of SOX. Rather I believe he meant that as it is essentially a software implementation it should be subject to the same processes and controls all software selection, and implementation projects should follow.
    I’m afraid that if you or your organization are looking at GCC as only being required for that portion of your systems environment having something to do with financial statements then you are missing the point of IT governanace and missing out on a prime opportunity to take some real benefit from all the work you have to do to satisfy GCC for SOX.
    OK, I’ll get off my soapbox now.



  • Fletch, I understand what you are saying but bear in mind that these are two seperate issues:

    1. What do you HAVE to do for SOx; and
    2. What do you want to achieve in terms of wider governance issues
      Many Companies (not mine) are just struggling achieve the former.


  • We checked out every tool in the market and didn’t like what we saw and decided to take matters into our own hand. we developed our own tool from scratch and are very happy with the sucess. We just launched a tool back in Oct of last year and couldn’t be happier. i can always give you more info if you want.



  • We haven’t found any tools yet either, so we’re in the process of finalizing a document cabinet in our document retention software for SOx
    Wouldn’t mind having a look at what you’ve done, redsoxrule. It may be able to give our Engagement department some ideas for further developments.
    If you don’t want to post anything, feel free to send what you feel you can disclose to me at irquim_at_irquim.com
    Thanks



  • I had to manage a roll-out of a tool where every IT guy could say ‘that’s shitty’ from the very first beginning. Developing such a tool demands strong business understanding and these guys earn more money in business consulting than designing a tool.
    Adapting a common web-based groupware application (e.g. open source) would be a 4 weaks task for a good team but i am sorry to say that i haven’t found such a thing.
    😢 😢


Log in to reply