ROI on SOX Software (Reduced External Audit Fees??) 1720
TubaSox last edited by
My company is in the process of selecting a software package to use for our Sarbanes 404 compliance. We have narrowed it down to two pacakges either OpenPages or Paisley. I am now trying to compute the ROI for our CFO.
For hard dollar savings I have reduced IA Travel and reduced Copies and Overnight charges.
For soft dollar savings I have reduced Admin time in IA and at our business units. I am not anticipating cuts since the BU people our fractional accross 50 business units and the IA people will go back to doing what they did prior to SOX.
I was wondering for anyone who has implemented a Sox software package what other areas of ROI did you use? I am particually interested in if you were able to reduce External Audit fees?
DeboC last edited by
I’ve used estimates of time saved to calculate returns. Consultant time is of course the most tangible saving.
The ROI was pretty easy to justify in my cases - seeing that the product was almost free.
harrywaldron last edited by
Hi David and welcome to the forums
Briefly, the following are some thoughts on SOX 404 compliancy software and potential savings opportunities:
- The COBIT 4.0 standards for IT are probably the most widely used ‘yardstick’ in determining SOX 404 compliancy. COSO standards compliment these IT guidelines from a financial workflow standpoint. While SOX doesn’t mandate a particular standard, most external auditors use COBIT and COSO guidelines in SOX based audits based on my tracking of activities in the forums. Both products should be evaluated to ensure they can help support these standards.
- In my 30 years of IT experience, I’ve often found it useful to ask vendors for 2-3 references using the product in production. I’ll usually set up ‘structured interviews’ by phone lasting around 10 minutes where I ask each reference a list of questions prepared in advance. Here you want to know the good, bad, and ugly related to their experiences in the ‘real world’ using the product (i.e., hopefully not too much in the last 2 areas). Even there you have to be careful, as a vendor will share their best references.
- Securing software on a 90 day trial basis as proof-of-concept can sometimes determine if there’s a good fit. Your company must devote resources to making it work during the period, but it can provide an ‘escape clause’ if the software isn’t a good fit or was hyped beyond it’s realistic capabilities.
- Software automation can help particularly in areas of change control, change management, workflow automation, testing, audits, etc. Thus, where manual laborous tasks are present, these are good candidates for automation and result in the ‘hard dollar savings’ noted.
- Both tangible and intangible costs are difficult to estimate in advance. There’s also extra costs in automation (e.g., resources, software, time away from other projects, training, support, etc). However, sometimes you have to implement solutions that will cost the company more, as SOX requirements add extra work/costs for a business. If you can ultimately save USDUSDUSD with a tool verses a manual approach, then you may need to implement it anyway.
- If software automation makes external audits go smoother, it can potentially lower external audit fees. I remember someone sharing that SOX fees have doubled with SOX compliancy in recent years. While, you may not be able to reduce fees substantially with software automation, these tools might help in ‘cost avoidance’ (e.g., where the audit firm has to expend and bill for extra resources for a manual approach verses information captured more concisely in an automated tool).
- I’ve always found it a good practice to look at the business needs 1st and then seek software tools that can help, rather than taking a software tool and retrofitting around it. This sounds like the approach taken and in any study it’s good to show the alternative of ‘not doing anything’ weighed as an option against the 2 product finalists.
I hope some of these ideas might help and good luck on your evaluation