Leading SOX 404 Products 1836



  • I am currently looking for SOX 404 compliance tracking tool to replace the current one. Can anyone tell me who are the top 4 or 5 leading vendors and products??? or where can I go to find any research or article contains this information??? Many many thanks.



  • Moved, wrong forum.
    if you check out the Forrester Wave and Gartner for SOX tools you will get the main players.



  • In evaluating SOX 404 compliancy, an evaluation of the COBIT 4.0 standards would be beneficial as many audit firms use this criteria as a baseline. As you evalute products, I’d recommend:

    1. COBIT compliancy (use search button above and enter COBIT if you’re not familiar with this)
    2. Appropriate fit in your IT infrastructure (e.g., email integration, SAS70, ISO-9000, etc)
    3. Vendors should provide references of folks using the products in production
    4. Contact any references and find out the good, bad, and ugly – hopefully not too much in the latter categories 😉
    5. Google the product name (also do searches where you place ‘issues’ or ‘problems’ after the product name to see what’s publicly out there)
      Good luck to you 🙂


  • Why all the researches online regarding SOX tool were published back in 2005? It would be great to get a current view of the marketplace. Does anyone know who has the most recent research on this? Thanks.



  • We recently went through a selection process and chose OpenPages which was an excellent fit for our, very large and very complex, business. A number of other products were also very good but did not meet our requirements so well.
    Other key players, in no particular order, include:
    Paisley Consulting
    Oracle
    OpenText
    Movaris
    Certus
    Stellent
    OpenText
    Handysoft
    SAS
    I am somewhat confused by the current positioning of the SAP MIC product which I am not sure if it is really being offered at present or whether they are seeking to rtoll it into the offering from Virsa - which SAP acquired.



  • It looks like we will be implementing OpenPages as well, based on the same issues as Denis provided



  • What do these tools do? I know SAS is a statistical tool and I know what Oracle is, but I’m unaware of it’s SOX Tool side.
    Are SOX404 tools also commonly referred to as ‘CAAT’ (Computer Assisted Audit Tools)?



  • Hi - SAS is an excellent reportwriter and likewise Oracle provides sophisticated RDBMS and query capabilities. I think Denis and Milan have most likely identified these as potentially good tools to sample or report business results in an independant manner (i.e., rather than each product having a specific SOX add-on or implementation).
    At both vendor’s sites, you can search on ‘Sarbanes-Oxley’ and get a number of hits which might be helpful in exploring further capabilities for each product.
    Please add ‘www’ and paste into browser
    SAS for SOX
    sas.com/solutions/financial/sox/
    SAS for Oracle
    oracle.com/corporate/executive/sox.html



  • Are SOX404 tools also commonly referred to as ‘CAAT’ (Computer Assisted Audit Tools)?
    Yes – in many cases SOX 404 software would most likely be a subset for the broader CAAT family.



  • Oracle has a tool call Internal Control Manager which is a specific SOX product.
    SAS has a Sox tool as well sas.com/solutions/financial/sox/



  • Hello,
    The Oracle SOX Tool (OICM) is tightly integrated to the Oracle eBusiness Financials Suite (Fixed Assets, GL, AP, AR, etc.)
    Additionally, Oracle offers a product called Oracle Tutor. The product contains 300 policy and procedures that mirror that business process flows in the Oracle financial modules. By simply adding the key controls into these procedures (the processes are in Word format), you can use them as your Sarbanes-Oxley Business Process Documentation.
    Combined, OICM and OracleTutor might be a good consideration if you are an Oracle customer. Even if not, OICM contains an Audit Module that enables you to conduct and document audits, catalog and organize processes, risks and controls, perform the officer certifications, track audit issues, SoD monitoring and reporting, and present risks on an e-dashboard. It also is my understanding that OICM will soon contain a framework for compliance under CobiT 4.0.
    Heppy Auditing,
    Milan
    No, I am not in sales for OICM, just familiar with its functionality. Other SOX Tools are also quite functional…there more than one brand of can opener.


Log in to reply