Sarbanes Oxely (SoX) software tool evaluation help. 1326
steve_ross_ca last edited by
Anyway my view is that most of the vendors which Gartner claims as market leaders are not at all user focussed. They have many many weaknesses that those cannot be implemented at our end.
For example, Gartner or AMR’s list of vendors are having following problems: Account definition is not flexible. access control is not granular enough and more importantly they are sticked to fixed models, when some changes has to be done at our end, ‘no market leader’ makes sense at all.
Most of them have single view of controls …
AuditMan last edited by
you can forget Paisley and Control Case. Paisley has no references and ControlCase isnt a leader. We selected a company from Cleveland, Ohio - Axentis and they got us live in 45 days - they also help with more than SOX.
IrquiM last edited by
You also have to remember that SOx tools are under rapid development, and new versions are coming all the time.
A report that is 1 year old might consider a version 1 application, while the newest version might be v2 or even v3. New functionality is added all the time, and things mature on each other, making for more possibilites as well.
My personal opinion is that you should look for information that is maximum 6 months old. Anything else is probably out-of-date when comparing new comers to the big corporations.
INeedSOX last edited by
Have you tried or looked at SecurTrac from Extracomm. It’s a great tool to track everything and meet SOX compliance.
steve_ross_ca last edited by
Yes … you are right … reports of old date is of no use.
Anyway … we have been analysing our requirements and would like to conclude among 3 vendors, Openpages, ControlCase, Paiseley depnding on how they fit to the requirements.
General trend, as we know, is that tools cannot suit organisational unique requirements.
jakob_ken last edited by
ControlCase is semingly much flexible software. Other two softwares evalution can be found out in the links (see other topics)
Hope this helps,
Soxerer last edited by
OpenPages is a leading best-of-breed vendor in the SOX compliance solutions space. Our evaluation resulted in OpenPages achieving the highest scores in business functionality and current offering.
Pros: This results from a number of factors, including good configurability and user interface, strong reporting capabilities, and functional support for project management. OpenPages also delivers value-added controls content within the product.
Cons: OpenPages is typically deployed as a standalone solution, and content integration is not well-supported, so companies with broader content and compliance strategies may find it less appealing.
Paisley Consulting was an early mover in SOX compliance solutions and leads in product maturity and installed base.
Pros: Its product has good depth in its internal controls framework, reporting and delivered content. A recent OEM partnership with EMC/documentum has strengthened the offering for content, document, and records management.
Cons: Despite these strengths, there are some trade-offs in workflow, flexibility, and usability.
I also came across a solution called Conformus from a company called Stridus which has superb automation for testing controls capability and other customizable integrated features.
Hope this helps.
ucjjg last edited by
Many of the larger organizations are using a tool called Open Pages to manage their compliance programs for financial statement / operational risk. Open Pages is highly configurable and has a slick user interface. Check it out.
LowEndUser last edited by
May I ask what software package you’ve chosen? Have you chosen one yet? Are you a small corporation or a larger firm? (i.e. what was your budget range?) How have you rated the software you have evaluated?
We are also looking for software ourselves and would like to get some opinions.
TT last edited by
Gartner did a financial compliance software package magic quadrant last year. Might want to look at Oracle ICM as well unless you’ve already ruled it out.
AMR’s isn’t accessible for free. I think you can pull Gartner’s off their website without a fee.
Anyone know which ones AMR ranked highest?
Anyone know why AMR included Protiviti and Gartner didn’t?
Do you know the name of the Gartner’s resesarch?
Albie last edited by
Does anyone have any comment on Paisley Consulting’s FOCUS and/or Risk Navigator products? We’re doing some due dilligence research on both products and I’d really appreciate some other customer’s feedback. For instance, did anyone find any holes in the software that Paisley failed to mention in the sales pitch? How easy was it to implement the software: did all branches of your company embrace it equally, or was it mostly relegated to the Finance department? Any other general comments would be most helpful.
harrywaldron last edited by
Hi Albie and welcome to the forums
Below are 5 quick tips for evaluating any software product. If the vendor has references using a product in production, it’s always beneficial to call 2 or 3 contacts and ask a series of standard questions in a short structured interview. Also, if you can conduct a 30 day free trial evaluation this might also determine if it’s a good fit.
P.S. You might want to use the Search button above and enter ‘Paisley’ as a keyword to look for SOX related posts here.
Albie last edited by
We’ve already done some of the 5 general steps that you described in your other post (including demo’ing the product and doing external research in various sources). Now we’re at a point where we’re trying poke holes in the software before we decide whether to buy it. It represents a significant investment of time and money and we want to be sure that it’s right for us. Thanks again.
If anyone else out there has a comment on Paisley’s SOX software solutions, please do share.
milan last edited by
A good way and source of information to identify application flaws (undocumented software features) may be to conduct a search for any online forums that are specifically created for the product (example XYZ SOX IT Tool UserGroup). Once logged on as a free member, you can read all of the messages about the product.
This Forum is more general in nature and to my knowledge, does not contain significant technical specs and/or user reviews for SOX IT Tools.
Reading the messages in an online forum that is specifically created by a user(s) to share knowlede about the product will likely turn up a lot of insightful information…repeated messages about application issues, user comments, etc.
Before I buy IT hardware, I conduct a google search for the exact product number and brand and usually turn up interesting info…the product stinks, over-priced, bad customer support, etc…epinions.com. Too bad that they don’t cover SOX IT Tools.