Sarbanes Oxely (SoX) software tool evaluation help. 1326

  • You also have to remember that SOx tools are under rapid development, and new versions are coming all the time.
    A report that is 1 year old might consider a version 1 application, while the newest version might be v2 or even v3. New functionality is added all the time, and things mature on each other, making for more possibilites as well.
    My personal opinion is that you should look for information that is maximum 6 months old. Anything else is probably out-of-date when comparing new comers to the big corporations.

  • Have you tried or looked at SecurTrac from Extracomm. It’s a great tool to track everything and meet SOX compliance.

  • Irquim, Milan,
    Yes … you are right … reports of old date is of no use.
    Anyway … we have been analysing our requirements and would like to conclude among 3 vendors, Openpages, ControlCase, Paiseley depnding on how they fit to the requirements.
    General trend, as we know, is that tools cannot suit organisational unique requirements.

  • ControlCase is semingly much flexible software. Other two softwares evalution can be found out in the links (see other topics)
    Hope this helps,

  • OpenPages is a leading best-of-breed vendor in the SOX compliance solutions space. Our evaluation resulted in OpenPages achieving the highest scores in business functionality and current offering.
    Pros: This results from a number of factors, including good configurability and user interface, strong reporting capabilities, and functional support for project management. OpenPages also delivers value-added controls content within the product.
    Cons: OpenPages is typically deployed as a standalone solution, and content integration is not well-supported, so companies with broader content and compliance strategies may find it less appealing.
    Paisley Consulting was an early mover in SOX compliance solutions and leads in product maturity and installed base.
    Pros: Its product has good depth in its internal controls framework, reporting and delivered content. A recent OEM partnership with EMC/documentum has strengthened the offering for content, document, and records management.
    Cons: Despite these strengths, there are some trade-offs in workflow, flexibility, and usability.
    I also came across a solution called Conformus from a company called Stridus which has superb automation for testing controls capability and other customizable integrated features.
    Hope this helps.

  • Steve,
    Many of the larger organizations are using a tool called Open Pages to manage their compliance programs for financial statement / operational risk. Open Pages is highly configurable and has a slick user interface. Check it out.

  • Steve,
    May I ask what software package you’ve chosen? Have you chosen one yet? Are you a small corporation or a larger firm? (i.e. what was your budget range?) How have you rated the software you have evaluated?
    We are also looking for software ourselves and would like to get some opinions.

  • Gartner did a financial compliance software package magic quadrant last year. Might want to look at Oracle ICM as well unless you’ve already ruled it out.
    AMR’s isn’t accessible for free. I think you can pull Gartner’s off their website without a fee.
    Anyone know which ones AMR ranked highest?
    Anyone know why AMR included Protiviti and Gartner didn’t?
    Do you know the name of the Gartner’s resesarch?

  • Does anyone have any comment on Paisley Consulting’s FOCUS and/or Risk Navigator products? We’re doing some due dilligence research on both products and I’d really appreciate some other customer’s feedback. For instance, did anyone find any holes in the software that Paisley failed to mention in the sales pitch? How easy was it to implement the software: did all branches of your company embrace it equally, or was it mostly relegated to the Finance department? Any other general comments would be most helpful.
    Many thanks.

  • Hi Albie and welcome to the forums 🙂
    Below are 5 quick tips for evaluating any software product. If the vendor has references using a product in production, it’s always beneficial to call 2 or 3 contacts and ask a series of standard questions in a short structured interview. Also, if you can conduct a 30 day free trial evaluation this might also determine if it’s a good fit.
    P.S. You might want to use the Search button above and enter ‘Paisley’ as a keyword to look for SOX related posts here.

  • Thanks, harrywaldron.
    We’ve already done some of the 5 general steps that you described in your other post (including demo’ing the product and doing external research in various sources). Now we’re at a point where we’re trying poke holes in the software before we decide whether to buy it. It represents a significant investment of time and money and we want to be sure that it’s right for us. Thanks again.
    If anyone else out there has a comment on Paisley’s SOX software solutions, please do share.

  • Hi,
    A good way and source of information to identify application flaws (undocumented software features) may be to conduct a search for any online forums that are specifically created for the product (example XYZ SOX IT Tool UserGroup). Once logged on as a free member, you can read all of the messages about the product.
    This Forum is more general in nature and to my knowledge, does not contain significant technical specs and/or user reviews for SOX IT Tools.
    Reading the messages in an online forum that is specifically created by a user(s) to share knowlede about the product will likely turn up a lot of insightful information…repeated messages about application issues, user comments, etc.
    Before I buy IT hardware, I conduct a google search for the exact product number and brand and usually turn up interesting info…the product stinks, over-priced, bad customer support, etc… Too bad that they don’t cover SOX IT Tools.
    Good luck,

Log in to reply