Software tools can help businesses steer through the minefield of meeting compliance regulations and offer real cost savings, analyst firm Butler Group said last week.
When organisations first began to get to grips with Sarbanes Oxley two and a half years ago, there were very few software tools to help them, said Tim Jennings, research director at Butler Group.
Businesses relied on simple software tools, such as Excel spreadsheets, to collect data, produce documents and assist in analysing the compliance of their IT systems when they met the first round of Sarbanes-Oxley compliance.
But suppliers are beginning to offer more sophisticated tools that could make compliance easier in future, said Jennings.
These range from software that automatically checks the compliance of large ERP systems, to software to produce Sarbanes-Oxley documentation, process control and manage documents.
It is still too early to make a business case for investing in software to help with compliance by looking at return on investment, as it is not yet clear what the on-going costs for businesses to stay compliant will be, said Jennings. But there is a case for investing in the right software tools as a way of reducing the potential risks a company is exposed to, he said.
"I have seen very few people who have made a formal return on investment case for compliance. The question is whether you should do the maximum or the minimum to comply. My suspicion is that those who do the minimum will end up spending more over the longer term," he said.
Companies with complex ERP systems could benefit from automated tools capable of identifying compliance policy breaches, Butler Group said.
A typical SAP system can generate tens of thousands of transactions that need to be checked for compliance - a task that is virtually impossible using manual techniques.
"You have to make sure for Sarbanes-Oxley that the right people have access to information. You have to make sure that people do not have access to information that could produce a conflict of interest," said Jennings.
Potential conflicts could include, for example, the same member of staff having the ability to add a new supplier to a payment system and to authorise payments to that supplier, or a systems administrator having powers to rewrite sensitive company data. These problems could lead to an organisation failing a Sarbanes-Oxley audit.