Sarbanes Oxely (SoX) software tool evaluation help. 1326



  • We are looking for a SoX tool, features that we particular are:
    Dynamic features with an organized flow to track, manage, maintain compliance with the different regulatory requirements (SoX, COSO, HIPAA). Provides organized flow of information easy to track and tasks (approval of doc…) Ability to control documents independently. Version control of documents and as well as control sheets is a must. E-mail notifications to end users and to administrator (follow up reminders. expiration date, escalation…). Ensuring continuity of documentation and employee communications as process changes occur. Wrokflow is required. Layered access control. etc.
    Considering our requirements we are evaluating 3 softwares : Openpages, ControlCase, Paisely.
    Do anyone of you worked on these?



  • AMR Research published a SOX Tool Review and Comparison on 1/31/05 called Landscape of Sarbanes-Oxley Compliance Tools. The report is 18 pages and contains a product comparison of leading SOX tools.
    Among the tools compared include: Axentis, Certus, HandySoft, IBM, Microsoft, Movaris, OpenPages, Oracle, PaisleyConsulting, PeopleSoft, Protiviti, QUMAS, SAP, SAS, and Stellent.
    CODA-Control presented at a recent SOX Conference:
    sarboxconf.com/EventDetails/documents/SimplyComplyCODA.pdf
    Application Development Trends (ADT) published an article that compares a number of SOX Tools:
    adtmag.com/article.asp?id=11204
    Also, in April 7, 2005, Tech Choices The Forrester Wave„¢: Sarbanes-Oxley Compliance Software, Q1, 2005 The publication seemed to rank in order, OpenPages, IBM, and PaisleyConsulting. The ranking was conducted in 2 dimensions…market presence (strong to weak), and current offering (strong to weak).
    Hope this helps,
    Milan



  • Gartner did a financial compliance software package magic quadrant last year. Might want to look at Oracle ICM as well unless you’ve already ruled it out.
    AMR’s isn’t accessible for free. I think you can pull Gartner’s off their website without a fee.
    Anyone know which ones AMR ranked highest?
    Anyone know why AMR included Protiviti and Gartner didn’t?
    Thanks.



  • Anyway my view is that most of the vendors which Gartner claims as market leaders are not at all user focussed. They have many many weaknesses that those cannot be implemented at our end.
    For example, Gartner or AMR’s list of vendors are having following problems: Account definition is not flexible. access control is not granular enough and more importantly they are sticked to fixed models, when some changes has to be done at our end, ‘no market leader’ makes sense at all.
    Most of them have single view of controls …



  • you can forget Paisley and Control Case. Paisley has no references and ControlCase isnt a leader. We selected a company from Cleveland, Ohio - Axentis and they got us live in 45 days - they also help with more than SOX.



  • You also have to remember that SOx tools are under rapid development, and new versions are coming all the time.
    A report that is 1 year old might consider a version 1 application, while the newest version might be v2 or even v3. New functionality is added all the time, and things mature on each other, making for more possibilites as well.
    My personal opinion is that you should look for information that is maximum 6 months old. Anything else is probably out-of-date when comparing new comers to the big corporations.



  • Have you tried or looked at SecurTrac from Extracomm. It’s a great tool to track everything and meet SOX compliance.



  • Irquim, Milan,
    Yes … you are right … reports of old date is of no use.
    Anyway … we have been analysing our requirements and would like to conclude among 3 vendors, Openpages, ControlCase, Paiseley depnding on how they fit to the requirements.
    General trend, as we know, is that tools cannot suit organisational unique requirements.
    Steve



  • ControlCase is semingly much flexible software. Other two softwares evalution can be found out in the links (see other topics)
    Hope this helps,
    Jaks



  • OpenPages is a leading best-of-breed vendor in the SOX compliance solutions space. Our evaluation resulted in OpenPages achieving the highest scores in business functionality and current offering.
    Pros: This results from a number of factors, including good configurability and user interface, strong reporting capabilities, and functional support for project management. OpenPages also delivers value-added controls content within the product.
    Cons: OpenPages is typically deployed as a standalone solution, and content integration is not well-supported, so companies with broader content and compliance strategies may find it less appealing.
    Paisley Consulting was an early mover in SOX compliance solutions and leads in product maturity and installed base.
    Pros: Its product has good depth in its internal controls framework, reporting and delivered content. A recent OEM partnership with EMC/documentum has strengthened the offering for content, document, and records management.
    Cons: Despite these strengths, there are some trade-offs in workflow, flexibility, and usability.
    I also came across a solution called Conformus from a company called Stridus which has superb automation for testing controls capability and other customizable integrated features.
    Hope this helps.



  • Steve,
    Many of the larger organizations are using a tool called Open Pages to manage their compliance programs for financial statement / operational risk. Open Pages is highly configurable and has a slick user interface. Check it out.



  • Steve,
    May I ask what software package you’ve chosen? Have you chosen one yet? Are you a small corporation or a larger firm? (i.e. what was your budget range?) How have you rated the software you have evaluated?
    We are also looking for software ourselves and would like to get some opinions.



  • Gartner did a financial compliance software package magic quadrant last year. Might want to look at Oracle ICM as well unless you’ve already ruled it out.
    AMR’s isn’t accessible for free. I think you can pull Gartner’s off their website without a fee.
    Anyone know which ones AMR ranked highest?
    Anyone know why AMR included Protiviti and Gartner didn’t?
    Thanks.
    Do you know the name of the Gartner’s resesarch?
    Thanks.



  • Does anyone have any comment on Paisley Consulting’s FOCUS and/or Risk Navigator products? We’re doing some due dilligence research on both products and I’d really appreciate some other customer’s feedback. For instance, did anyone find any holes in the software that Paisley failed to mention in the sales pitch? How easy was it to implement the software: did all branches of your company embrace it equally, or was it mostly relegated to the Finance department? Any other general comments would be most helpful.
    Many thanks.



  • Hi Albie and welcome to the forums 🙂
    Below are 5 quick tips for evaluating any software product. If the vendor has references using a product in production, it’s always beneficial to call 2 or 3 contacts and ask a series of standard questions in a short structured interview. Also, if you can conduct a 30 day free trial evaluation this might also determine if it’s a good fit.
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-p=6508#6508
    P.S. You might want to use the Search button above and enter ‘Paisley’ as a keyword to look for SOX related posts here.



  • Thanks, harrywaldron.
    We’ve already done some of the 5 general steps that you described in your other post (including demo’ing the product and doing external research in various sources). Now we’re at a point where we’re trying poke holes in the software before we decide whether to buy it. It represents a significant investment of time and money and we want to be sure that it’s right for us. Thanks again.
    If anyone else out there has a comment on Paisley’s SOX software solutions, please do share.
    Thanks.



  • Hi,
    A good way and source of information to identify application flaws (undocumented software features) may be to conduct a search for any online forums that are specifically created for the product (example XYZ SOX IT Tool UserGroup). Once logged on as a free member, you can read all of the messages about the product.
    This Forum is more general in nature and to my knowledge, does not contain significant technical specs and/or user reviews for SOX IT Tools.
    Reading the messages in an online forum that is specifically created by a user(s) to share knowlede about the product will likely turn up a lot of insightful information…repeated messages about application issues, user comments, etc.
    Before I buy IT hardware, I conduct a google search for the exact product number and brand and usually turn up interesting info…the product stinks, over-priced, bad customer support, etc…epinions.com. Too bad that they don’t cover SOX IT Tools.
    Good luck,
    Milan


Log in to reply