1 Doculabs White Paper Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment The Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) has ushered in sweeping changes to corporate governance, putting compliance issues at the forefront for U.S. public companies. As organizations begin to develop strategies to meet these and other new regulations, technology has a key role to play. Meeting the ongoing requirements of Sarbanes-Oxley requires technology that can simplify the auditing of internal controls and reduce the costs of compliance in the new regulatory environment. This white paper presents Doculabs' perspective on the challenges that organizations face today as they begin to develop a long-term strategy for compliance. It was commissioned by Hyland Software, Inc., provider of the OnBase software solution for enterprise content management. Hyland now offers the OnBase SOX Solution to help organizations meet the tactical requirements of Section 404 compliance, with the added advantage of integrating these efforts with enterprise content management as part of a more strategic initiative across the enterprise. Hyland is a founding member of the Compliance Consortium, an international organization whose mission is to promote effective and efficient enterprise governance, risk, and compliance management Doculabs, 120 South LaSalle Street, Suite 2300, Chicago, IL 60603, (312) , Reproduction in whole or in part without written permission is prohibited. Doculabs is a registered trademark. All other vendor and product names are assumed to be trade and service marks of their respective companies.
2 2 Doculabs White Paper Hyland Software at a Glance Hyland Software, Inc Clemens Road Westlake, OH Phone: URL: Founded: 1991 Employees: 336 Office Locations: Corporate Headquarters and Corporate Sales Office: Westlake, Ohio Table 1: Hyland Software at a Glance Product Overview: The Sarbanes-Oxley Act presents significant implications for how U.S. public companies document their business processes and internal controls. Hyland s OnBase SOX Solution provides a flexible solution for helping to meet the Sarbanes-Oxley requirements, with imaging and workflow capabilities that reduce the costs of Section 404 compliance. The product can be deployed within an organization s existing infrastructure or through a hosted option, supported by Hyland Software s data centers. Moreover, the OnBase SOX Solution can serve as the foundation for future expansion, as part of an overall strategy for enterprise content management.
3 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 3 What s Inside The New Regulatory Environment Provides an overview of the new generation of regulations and the challenges presented by Sarbanes-Oxley and other new-generation regulations Sarbanes-Oxley: Background and Context Provides information on the Sarbanes-Oxley Act of 2002, its major provisions, and the specific challenges of compliance with this regulation An Enterprise Approach to Compliance Highlights the need for organizations to take an enterprise approach to meeting the requirements of Sarbanes-Oxley and the role that technology can play in such an approach Hyland s OnBase SOX Solution Provides an overview of Hyland Software s solution to assist with Sarbanes- Oxley compliance, including a discussion of key functionality and its potential as a foundation for enterprise content management Doculabs Final Word Provides a summary of Doculabs perspective on the compliance challenges that organizations face today and technology s role in addressing those challenges
4 4 Doculabs White Paper The New Regulatory Environment Regulatory compliance has always been a part of the cost of doing business. Organizations in nearly every industry from financial services and insurance, to manufacturing, to healthcare are subject to a variety of government and industry regulations that impose requirements on how they should conduct their businesses, with clearly defined penalties for companies that fail to comply. Many of these regulations, such as state filing requirements or fair lending laws, are well known, having been in place for some time; most businesses have been able to meet the standards of these long-standing regulations through time-tested practices or by relying on the domain knowledge and experience of corporate legal staff to deal with periodic regulatory reviews. The advent of a new generation of regulations, however, has threatened to change that culture. Chief among these new regulations is the Sarbanes- Oxley Act of 2002 (Sarbanes-Oxley), which applies to all U.S. publicly traded companies. The emergence of Sarbanes-Oxley and other wide-ranging regulations has moved governance, risk, and compliance concerns to the forefront for organizations, both in the U.S. and worldwide. Clearly, business is now operating in a new regulatory environment. What implications does this new environment present for businesses? And how can a company effectively manage risk in the face of these new rules and mandates, when the new generation of regulations may well present a higher cost of doing business? The Challenges of the New Regulatory Environment One of the major compliance challenges in this new regulatory environment is the evolving nature of enforcement standards. Similar to other new generation regulations such as HIPAA, Gramm-Leach-Bliley, and the USA Patriot Act, the standards for Sarbanes-Oxley are still evolving, with sections that have yet to go into effect. Moreover, all Sarbanes-Oxley provisions are subject to further clarification by the U.S. Securities and Exchange Commission (SEC), as final rules are issued on additional sections of the law; in fact, it is possible that even privately held companies may be held accountable to similar standards in the future. From the standpoint of the regulated community, however, this incremental development of enforcement standards creates considerable uncertainty, as the costs of compliance become far less predictable. Organizations that until recently could readily project their compliance costs now find that they must develop new policies and procedures at costs that are difficult to predict.
5 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 5 Add to this uncertainty the compliance challenges presented by global regulations. Today, many companies operate in numerous jurisdictions, potentially in different countries, and are subject to a wide range of enforcement standards. Frameworks such as the Enterprise Risk Management Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in the U.S. and the Basel II Accords in Europe are now helping to drive business compliance activities worldwide. Finally, the new regulatory environment is particularly onerous for smaller public companies, many of which do not have the infrastructure in place to handle the costs of complying with new regulations. With respect to Sarbanes-Oxley, the SEC makes no distinction among the approximately 14,000 U.S. organizations that publicly trade their stock. Of these organizations, the vast majority are small-cap and mid-cap companies, for whom compliance costs may well have a significant impact on the bottom line. A further consideration for smaller organizations is that the effort involved in scoping, managing, and completing compliance activities can present a distraction to a company s core business a loss of focus that, for many small businesses, may also lead to a loss of competitive advantage. For more information on the Compliance Consortium and its areas of interest, visit the web site at These companies are hoping that regulators will provide guidance by endorsing or certifying sets of standards, processes, and procedures that can serve as best practices, or ideally, as templates for compliance. This role is also being filled from a technology standpoint by organizations such as the Compliance Consortium, an international membership organization designed to promote effective and efficient enterprise governance, risk, and compliance management. A number of technology, content, and services companies are participating in the consortium to identify best practices for applying technology to compliance business processes and for exploiting those best practices to improve overall business performance.
6 6 Doculabs White Paper Sarbanes-Oxley: Background and Context Of the laws that constitute this new generation of regulations, Sarbanes- Oxley is clearly the one getting all the attention and for good reason, given its breadth and its applicability to all U.S publicly traded companies. Sarbanes-Oxley, or, more technically, the Public Company Accounting Reform and Investor Protection Act of 2002, is the result of federal legislation sponsored by Senator Paul Sarbanes and Representative Michael Oxley. It was developed in response to issues raised by fraudulent accounting practices, such as those involved in the Enron, Tyco, and WorldCom scandals, and the questions concerning governance in American corporations that arose in response to these events, threatening to shake investor confidence in the financial markets. The legislation passed the U.S. Senate unanimously, after which it was approved in the House of Representatives and was signed into law on July 30, While Sarbanes-Oxley applies to all publicly traded companies in the U.S., it is emerging as a de facto standard for other entities. In the insurance sector, for example, organizations are gearing for a set of financial reporting requirements that will apply to both public and private companies. Perhaps the most disconcerting aspect of Sarbanes-Oxley is the relative novelty of the regulation, and the implication that the law represents a fresh departure from previous standards. Historically, U.S. regulations for most industries have tended to evolve from preexisting case law and statutes. Organizations could generally take safe harbor by conforming to standard practices or customs, characteristic of the company, its peer group, and its industry. The passage and enactment of Sarbanes-Oxley, however, reflected a conscious decision that in the wake of highly publicized accounting abuses and fraud, the regulatory bodies would not tolerate business as usual. What emerged from the legislation is a set of sweeping standards standards that provide limited visibility on what Sarbanes-Oxley means for organizations in terms of best practices, tools, or approaches, given the absence of case law and limited interpretive regulations. But Sarbanes-Oxley also has had the effect of changing the focus of management: away from the narrow issue of shareholder accountability, and toward broader responsibility for the actions of the organization and its agents. Indeed, while Sarbanes-Oxley places new and potentially burdensome requirements on companies, it has also fostered a new perspective on compliance and corporate governance a perspective that furthers the interests of U.S. organizations in the long run. The Major Provisions of Sarbanes-Oxley Sarbanes-Oxley sets forth stricter guidelines for financial reporting and mandates obligations and accountability for CEOs, CFOs, and their accounting firms, with criminal penalties if financial reports are found to be fraudulent. The principal objective of the regulations was to renew investors trust in corporate executives and their financial reports. Toward this objective, one of its requirements is that public companies institute procedures for keeping track of all financial information from the moment of inception to the time it is submitted in an annual report to the SEC.
7 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 7 Sarbanes-Oxley stipulates that public companies that do business in the U.S. must certify the accuracy of financial statements filed with the SEC, including material facts related to the organization s operations and financial condition. A key section is Section 404, which requires public companies to include with their annual report to the SEC a separate report on the assessment of the effectiveness of their internal controls. Additionally, the entity s external auditors must annually attest to and report on the assessment made by management. Section 404 relies on a definition of internal controls offered by COSO. From the standpoint of U.S. publicly traded companies, Section 404 of Sarbanes-Oxley requires that a company and its affiliates have a documented set of internal rules that control how data is generated, manipulated, recorded, and reported. Specific to Section 404 compliance is the ability to document business processes and internal controls, which involves both the management of documentation and the testing of those internal controls. Consequently, Section 404 is likely to represent the most time-consuming and costly of Sarbanes-Oxley compliance efforts. Within organizations, many business units and departments have relied on desktop productivity tools such as standalone spreadsheets to document their internal controls. These tools and the associated manual processes will not be adequate for the documentation of controls and processes that is required for Sarbanes-Oxley compliance. In essence, Sarbanes-Oxley is concerned with information transparency and accountability, and presents new requirements for how public companies record, track, and disclose financial information. In the past, U.S. public companies were required to disclose information for specific major lifetime events, such as incorporation and successive efforts to raise capital through the public markets. In contrast, Sarbanes-Oxley now places organizations on notice that they can be held accountable for the broad range of day-to-day activities that can impact financial performance. This new attention to the tracking of information relating to day-to-day operations has public companies attuned to new levels of regulatory scrutiny that also extend beyond Sarbanes-Oxley. The Challenges of Sarbanes-Oxley Compliance Not surprisingly, the initial passage of Sarbanes-Oxley created some confusion in the regulated community regarding the measures that would be required to ensure compliance. Organizations that had governance structures in place were uncertain as to their ability to adopt those structures to the rapidly changing regulatory environment. For many of these companies, governance and compliance had been the responsibility of individual business units or departments, with multiple policies and procedures throughout the organization. Moreover, many of these business units and departments tended to rely on desktop productivity tools such as standalone spreadsheets to document their internal controls. In the new regulatory environment, these tools and the associated manual processes are not adequate to the task of Sarbanes-Oxley documentation of controls and processes.
8 8 Doculabs White Paper Another challenge is the ongoing nature of Sarbanes-Oxley compliance. The effort involved in meeting the new financial reporting requirements is not a one-time event. While public companies are required to document their internal controls in the first year, they must also test these controls annually thereafter on an ongoing basis. Certainly the expenses of Year 1 Sarbanes- Oxley compliance are likely to be high; after all, most organizations have hundreds, potentially thousands, of controls to document and test in order to comply with Section 404. But Sarbanes-Oxley requires that organizations perform compliance work on a continual basis to annually document and attest to the effectiveness of their internal controls. However, the most immediate challenge for organizations is meeting the deadline for initial compliance with Section 404. Once organizations have achieved the basic statutory requirement of documenting existing processes, the challenge, going forward, lies in continued testing of these processes, ensuring that management continues to monitor and track compliance activities, and that employees continue to be apprised of their responsibilities to aid in the compliance process. In 2003 and 2004, most companies focused on Section 404, and many have struggled to determine what will be required to implement the internal control assessment and reporting process. While there was general agreement that technology could play a central role, particularly with respect to Section 404 documentation requirements, there was considerably less consensus surrounding which technologies to invest in. In fact, many public companies chose to respond to the requirements of Sarbanes-Oxley regulations by taking a wait-and-see approach: they opted to use existing tools to document their business processes and internal controls and thereby meet Sarbanes-Oxley Section 404 regulatory requirements. Amid this uncertainty, and in response to initial feedback from the regulated community, the SEC extended the initial deadline for compliance to the end of the 2004 fiscal year. Under further rulings from the SEC, companies with market capitalizations in excess of $75 million have to comply for fiscal years ending on or after November 15, 2004; smaller businesses and foreignowned companies have until July 15, Thus larger companies are now completing their first filings under Sarbanes-Oxley; smaller companies are now preparing for their first filings, and will soon be in a position to assess their needs for a more strategic approach to governance, risk, and compliance.
9 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 9 An Enterprise Approach to Compliance In this new regulatory environment, how can an organization effectively manage the concerns and the costs of governance, risk, and compliance? Just as important, how can an organization derive value from its investment in compliance? Doculabs believes that the new generation of regulations demands an enterprise approach to compliance activities and enterprise-wide management. Many of these new regulations span all departments and divisions of an organization; business processes and internal controls cross multiple departmental boundaries. As a result, compliance is no longer the responsibility of a core team of legal staff and individuals under the direction of a corporate officer. Rather, this responsibility has been extended to a wider range of employees in operations and finance, and potentially to a range of third parties as well individuals that may be acting as agents on behalf of the organization, or that may hold key pieces of information related to a material transaction that affects the organization. Sarbanes-Oxley has given rise to a new conception of the compliance function one that requires an operational and technology foundation capable of driving consistency throughout an organization s processes and controls. As such, Sarbanes-Oxley presents a number of challenges involving processes and documents and the consistency with which they are handled across an organization. Specifically, Sarbanes-Oxley requires that organizations or their accounting firms: Control the way they process, distribute, retain, and access key financial information and supporting documentation in their day-to-day operations Institute controls that enhance the transparency of communications, bringing to light any material deficiencies and highlighting key information that may be material to compliance Establish a compliance program that informs employees of their responsibilities Establish and maintain processes to ensure that the compliance program is followed, with periodic program review Maintain all work papers and information related to audit reports Together, these requirements underscore one of the central tenets of the Sarbanes-Oxley regulations: while ultimate accountability rests with corporate officers, the responsibility for compliance also extends to line-ofbusiness operations and to the wider range of personnel who engage in business activities that have an impact on financial operations.
10 10 Doculabs White Paper One consequence is that the governance concerns ushered in by Sarbanes- Oxley and other new regulations are having considerable impact on corporate culture, as organizations work to evaluate and enhance their existing policies, and to develop and document new procedures and controls. But, to reiterate, the increased demands for personal accountability and responsibility that lie at the heart of Sarbanes-Oxley require a consistency of approach to business practices. For many companies, this means a new vision of business conduct one that integrates good governance practices into a company s core business processes and thus into its culture, and that does so enterprise-wide. The Role of Technology Solutions based on enterprise content management facilitate the management of the documentation required for Sarbanes-Oxley Section 404 compliance. With their ability to manage and track the flow of information, these technology solutions provide the critical capabilities to help meet Section 404 requirements. Storage and archival of financial information and related content is central to the mandates of Sarbanes-Oxley Section 404. Management of this content (including supporting documents and internal and external communications) is thus a key component of compliance. With their ability to manage and track the flow of information, enterprise content management technology solutions provide the critical capabilities to help meet the requirements of Sarbanes-Oxley Section 404 compliance. Compliance with Section 404 requires that organizations document and assess a wide variety of business processes: sales, billing, cash receipts, financial reporting, and purchasing, among others. These processes must be documented and internal control processes tested. Compliance thus requires a means of effectively capturing documents so they can be incorporated into the financial reporting process, and to allow documents to be accessed to highlight potentially material issues. For some organizations, the new level of regulatory scrutiny under Sarbanes- Oxley may mean developing formalized policies and processes where none existed previously. For other companies, compliance will require the formalization of a set of previously ad hoc practices or agreement on a standard to replace multiple approaches to a problem. For all U.S. public companies, however, it requires that organizations formally document the set of policies and processes and ensure that personnel are aware of their responsibilities, both individually and collectively, in line with their respective roles within the organization. For purposes of Year 1 Sarbanes-Oxley compliance, many companies have chosen to approach the documentation of their internal controls using the desktop productivity tools they have always used tools such as spreadsheets, word processing files, and flowcharts. While these tools are functional and familiar to users, the documentation they generate will quickly become unmanageable in the face of the ongoing nature of Sarbanes-Oxley compliance requirements. Solutions based on enterprise content management facilitate the management of the documentation required for Section 404 compliance. Sarbanes-Oxley Section 404 also requires that organizations identify any processes with weak internal controls. The ability to automate such processes using workflow technology enables an organization to strengthen its internal controls and facilitate the ongoing annual testing of internal processes.
11 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 11 Hyland Software s OnBase SOX Solution Hyland is a founding member of the Compliance Consortium, an international organization whose mission is to promote effective and efficient enterprise governance, risk, and compliance management. Together with other Consortium members, Hyland seeks to identify best practices for applying technology to compliance business processes and to exploit those best practices to improve overall business performance. Hyland Software, Inc. (Hyland), provider of the Hyland OnBase software solution for enterprise content management, now offers the OnBase SOX Solution, a solution for Sarbanes-Oxley compliance that is designed specifically to help meet the requirements of Section 404 of the Sarbanes- Oxley regulations. Designed by certified public accountants experienced in Sarbanes-Oxley regulatory requirements, the OnBase SOX Solution enables an organization to document its internal controls and the testing of those internal controls. Key Functionality of the OnBase SOX Solution The OnBase SOX Solution is a templatized solution. It is based on Hyland s OnBase enterprise content management platform, which includes a graphical design utility that allows users to design interfaces for the documentation and testing of internal controls, thereby automating the compliance and audit processes. The OnBase SOX Solution serves as the user interface for documenting controls for governance, risk, and compliance. It allows an organization to house all documentation of processes, sub-processes, and controls for Section 404 compliance, replacing the spreadsheets that many organizations now rely on for this documentation. Designed by CPAs, the OnBase SOX Solution s intuitive interface steps users through the stages of documenting and testing internal controls.
12 12 Doculabs White Paper Much of an organization s cost of Sarbanes-Oxley 404 compliance in subsequent years will be associated with the testing of internal controls. For many organizations, this process involves manual retrieval of documents from file cabinets for example, invoices, packing slips, credit memos, and human resources documentation potentially from multiple sites. The ongoing cost and effort of this testing can be considerable. The OnBase SOX Solution includes an imaging component that captures the supporting documents for internal controls and allows these documents to be attached to the specific audit results screen, validating the internal auditor s assertion and expediting subsequent external audits for the testing of internal controls, thereby simplifying the internal audit process and expediting subsequent external audits all of which reduce the cost of compliance. Documents retrieved while testing internal controls can be attached to the audit results, validating the internal auditor s assertion and expediting subsequent external audits. The OnBase SOX Solution is easy to deploy; implementation of the product is a matter of weeks. Like Hyland s OnBase product for enterprise content management, the OnBase SOX Solution has been designed to be point-andclick configurable. Furthermore, the Hyland development team includes subject matter experts experienced in Sarbanes-Oxley compliance from the public accounting arena. The OnBase SOX Solution can be tailored to meet a company s specific view of how internal controls should be documented and tested. With pointand-click configuration, virtually every component of the solution can be modified, added, or removed to ensure that a company is utilizing the exact solution for its particular needs. Finally, the OnBase SOX Solution also provides a flexible reporting capability and the ability to import and export data. The product can be implemented within an organization s existing infrastructure or through a hosted option, OnBase OnLine, supported by Hyland s data centers.
13 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 13 Data fields and sets can be tailored to meet the customer s preferences, such as Control Owner, Method, Type, Mode, Frequency, COSO component, and other useful fields. OnBase: A Foundation for Enterprise Content Management The OnBase SOX Solution provides an enterprise solution to enable organizations of all sizes to reduce the cost and facilitate the effort required for compliance with Sarbanes-Oxley Section 404 and other regulations that are part of the new regulatory environment. But it also provides companies an opportunity to apply the strong content management technology of the OnBase solution to back-office operations, thereby streamlining those operations and, in the process, further improving internal controls. Indeed, many organizations are looking for solutions that cannot only facilitate compliance, but that can also improve the efficiency of their business processes, enterprise-wide. Reviewing their processes as part of their Sarbanes-Oxley 404 compliance initiatives, companies are identifying processes that are manually intensive or that currently have weak controls processes whose controls can be strengthened through automation. And they are looking for enterprise software tools that are flexible enough to be used in a wide variety of applications, from financial reporting and invoice processing, to capital expenditures and human resource processes. The OnBase SOX Solution allows an organization to invest in a software solution that helps meet the immediate needs of Sarbanes-Oxley Section 404 compliance and wider regulatory compliance needs, with the flexibility for concurrent or future deployment of OnBase s content management and workflow components to additional areas of the organization. The OnBase workflow component can also be configured to automate the testing of the controls that are being performed in a given process and to allow real-time auditing of controls, further reducing both the time and cost of such testing. But the modular nature of the OnBase solution allows an organization to invest in the solution that meets its current needs, while also providing the option for easy and cost-effective future expansion and enhancement as part of an overall strategy of enterprise-wide content management.
14 14 Doculabs White Paper Doculabs Final Word Sarbanes-Oxley is nothing less than the centerpiece of the recent financial accounting reforms. As implemented by the SEC, Sarbanes-Oxley presents significant implications for how public companies capture and manage their content and business records. But it is not the only regulation to have such wide-ranging impact, nor are the mandates of Sarbanes-Oxley and other regulations likely to remain static, as the relevant regulatory bodies proceed to make further rulings and clarifications. For these reasons, Doculabs recommends taking an enterprise approach to compliance. In the face of this new regulatory environment, organizations need to define an operating approach that brings company-wide consistency to the management of the compliance function. For organizations considering a compliance initiative, tools such as Hyland Software s OnBase SOX Solution present the further advantages of ease of deployment, ease of use, and potential broader application to enterprise content as part of a strategic initiative for process optimization and cost control. But companies are also seeking cost-effective ways of meeting their regulatory obligations. For regulations such as Sarbanes-Oxley, which present significant requirements involving documents and processes, enterprise content management technology has a more strategic role to play. In addition to improving consistency of processes, organizations that deploy Sarbanes-Oxley solutions based on enterprise content management can also use the technology to make their business processes more efficient across the enterprise. Adopting this broader perspective allows an organization to realize greater business benefits benefits that may well offset the costs of compliance, thereby enabling a company to derive even greater value from its investment. There is a further reason for making the commitment and investment in technology as part of this enterprise approach to compliance: the impact that it can have on the corporate culture. Sarbanes-Oxley and other new regulations have significantly transformed the way that U.S. companies do business. But the new regulatory standards have also altered the expectations of all stakeholders, ranging from investors, to customers and business partners, to employees. As a result of the heightened public scrutiny, public companies must now place a premium on compliance. Many organizations discover that the implementation of a software solution can help to create an environment favorable to the concerns of compliance. Putting in place a tool to assist in the compliance process can help to foster the cultural discipline that is necessary if those new processes are to become institutionalized within an organization, as part of the corporate culture. For organizations seeking to achieve a company-wide commitment to compliance, the investment in a software solution may well provide the impetus to make compliance practices an integral part of the corporate culture.
15 Sarbanes-Oxley: Challenges and Opportunities in the New Regulatory Environment 15
16 About Doculabs Doculabs, Inc., is a technology consulting firm backed by research and extensive client experience. Our services lower the business risk of technology decisions through client-specific recommendations, objective analysis, and in-depth research. Founded in 1993, Chicago-based Doculabs provides consulting services that are based on our fundamental belief that in order to protect a client s long-term interest, technology advisors should not be implementers. 120 South LaSalle Street Suite 2300 Chicago, IL (312) Doculabs at: Doculabs helps clients deliver on their business objectives through customized services that address technology initiatives related to business challenges in areas such as strategy development, technology acquisition, and go-to-market initiatives. Doculabs consulting services are completely objective because the firm does not sell software or integration services. For more than 10 years, our research methodology has provided customers facing mission-critical challenges with the information and advice they need to make confident and well informed decisions. Hundreds of leading organizations within the Fortune 1000 from financial services companies to major technology software providers have turned to Doculabs for assistance with their technology strategies. For more information about Doculabs, visit the web site at or call (312)
engage. empower. evolve. SARBANES-OXLEY COMPLIANCE engage. empower. evolve. OVERVIEW OF THE SARBANES-OXLEY ACT The Sarbanes-Oxley Act of 2002 is the single most important piece of legislation affecting
Impact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit Eva Šimková Hewlett-Packard s.r.o. Vyskočilova 1/1410 14021 PRAHA email@example.com Abstract: The purpose of this paper
Sarbanes-Oxley and Sage MAS 90, 200, and 500 www.sagemas.com Table of Contents Introduction... 3 Separating Truth From Fiction... 3 Impact of Sarbanes-Oxley... 5 Integrated Systems... 5 Security by Design...
Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future BADM 590/395 IT Governance MS1 Professor Michael Shaw Submitted by: Amy Smith BA in MIS University of Illinois at Urbana-Champaign Smith
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
Contracts Management Software as a Tool for SOX Compliance White Paper (281) 334-6970 firstname.lastname@example.org www.prodagio.com In 2002, following the scandals involving corporations such as Enron, WorldCom,
STERLING COMMERCE WHITE PAPER Four Keys to Effectively Monitor and Control Secure File Transfer 2 As more information is digitized and more business data is considered critical, you re spending far more
MANAGE Microsoft Dynamics NAV 5.0 Sarbanes-Oxley Readiness with Microsoft Dynamics NAV White Paper This paper discusses the impact of the Sarbanes-Oxley Act of 2002 (SOX) on businesses and explains how
Reducing Sarbanes-Oxley Operational Risk Using A Document Management System All rights reserved Prepared by: John V. Ashley, CEO, This white paper reviews the Sarbanes-Oxley Act and discusses the reduction
Four keys to effectively monitor and control secure file transfer Contents: 1 Executive summary 2 Key #1 Make your data visible wherever it is in the network 2 Key #2 Reduce or even eliminate ad hoc use
The Upside of Risk: Enterprise Risk Management and Public Real Estate Companies James Barkley, Simon Property Group, Inc. and David E. Weiss, DDR Corp. Introduction: As lawyers, particularly real estate
WHITE PAPER Managing Governance, Risk and Compliance with Enterprise Content Management Research Series: Information Technology Published by Financial Executives Research Foundation, June 2006 EXECUTIVE
SOX and its effects on IT Security Governance Rosslin John Robles 1, Min-kyu Choi 1, Sung-Eon Cho 2, Yang-seon Lee 2, Tai-hoon Kim 1 School of Multimedia, Hannam University, Daejeon, Korea 2 Dept of Information
Accelerating funds Minimizing risk Improving control Compliance with Sarbanes-Oxley and Enterprise Risk Management Creates Best Practices in Remittance Processing for Treasury and Cash Management Executive
FLORIDA SARBANES OXLEY ACT What a Whistleblower Needs to Know Corporations have a legal and moral obligation to both their employees and their investors to ensure that the company is both profitable and
IGG-10012003-03 R. Mogull, D. Logan, L. Leskela Article 1 October 2003 CIO Alert: How You Should Prepare for Sarbanes-Oxley Sarbanes-Oxley is the most sweeping legislation to affect publicly traded companies
What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION
Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
The Impact of Sarbanes-Oxley on the Collections Process A Decision Analytics briefing paper from Experian February 2007 Introduction This briefing paper reviews how the use of an automated debt management
IBM Business Consulting Services Anticipating and meeting regulatory compliance Product challenges innovation in in the electronics financial markets industry Executive Brief Introduction Mutual fund companies
Doculabs White Paper: ECM as a Shared Service: The New Frontier Organizations are struggling with the increasing growth of unstructured content: all the word processing files, e-mail, spreadsheets, web
Microsoft SQL Server 2005 Customer Solution Case Study Credit Suisse Develops and Deploys SOX 404 Compliance Solution using SQL Server 2005 Overview Country or Region: Switzerland Industry: Financial Services
A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS Sushma Mishra Virginia Commonwealth University email@example.com Heinz Roland Weistroffer Virginia Commonwealth
Any User. Any Data. Any Deployment. Enterprise Solutions Actuate for: Financial Management Reporting Applications Actuate Financial Management Reporting Applications integrate data from multiple financial
Enterprise 2.0 and SharePoint 2010 Doculabs has many clients that are investigating their options for deploying Enterprise 2.0 or social computing capabilities for their organizations. From a technology
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt firstname.lastname@example.org Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
7Seven Things You Need to Know About Long-Term Document Storage and Compliance Who Is Westbrook? Westbrook Technologies, based in Branford on the Connecticut coastline, is an innovative software company
Security Information Lifecycle By Eric Ogren Security Analyst, April 2006 Copyright 2006. The, Inc. All Rights Reserved. Table of Contents Executive Summary...2 Figure 1... 2 The Compliance Climate...4
UC4 Software: HELPING IT ACHEIVE SARBANES-OXLEY COMPLIANCE Introduction...2 SOX and COBIT: A Brief Review...2 The COBIT Structure...2 Structure of this Document...3 Planning & Organisation...3 Acquisition
Surviving SOX with Scrum Integrating Scrum in IT Governance at Allianz 1 Who are we? Simon Roberts MBA and Dr. Christoph Mathis Independent Scrum coaches and trainers; Scrum since 2002, XP since late 1990s
One source. One amazing service. Procurement Process and the Sarbanes-Oxley Act May, 2005 EXECUTIVE SUMMARY Public companies are spending a great deal of time and effort to comply with the Sarbanes-Oxley
PROTIVITI FLASH REPORT New Internal Control Requirements for Companies with Operations in India November 9, 2015 In the aftermath of major global financial frauds, several countries enacted legislation
Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 email@example.com
The Project Manager's Guide to Sarbanes-Oxley November 2007 EXECUTIVE GUIDE SERIES Executive Guide to Business Process Management for Project Managers Occupational fraud and abuse in 2006 will slice 6%
Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies Dr. Robert A. Howell Distinguished Visiting Professor of
IBM Software Industry Solutions Industry/Product Identifier Contract management's effect on in house counsel Impacting contract visibility, analysis and compliance Emptoris Contract Management Solutions
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
Compliance in the Corporate World How Fax Server Technology Minimizes Compliance Risks Fax and Document Distribution Group November 2009 Abstract Maintaining regulatory compliance is a major business issue
WHITE PAPER Optimizing Your Back Office Through Enterprise Content Management How the paperless office improves productivity, cuts costs and increases revenue opportunities A Datamonitor white paper prepared
Ensuring Compliance to Sarbanes-Oxley through Privileged Identity & Information Management White Paper V Balasubramanian ZOHO Corp. Disclaimer: This document is not intended to be a complete guide or legal
REGULATORY COMPLIANCE Finance Executives Call for Optimizing Processes and Systems A report prepared by CFO Research Services in Collaboration with Oracle Corporation REGULATORY COMPLIANCE Finance Executives
Compliance with the New California Disclosures Act: Issues and Tips by Roy J. Schmidt, Jennifer W. Chaloemtiarana, Gregory J. Conklin, and Russell C. Hansen* The State of California has jumped on the corporate
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,
A Bull Evidian White Paper Summary of Contents Introduction Sarbanes-Oxley Reference Framework IAM and Internal Controls over Financial Reporting Features Improve Efficiency with IAM Deploying IAM to Enforce
Ms. Phoebe W. Brown Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC 20006-2803 Re: Request for Public Comment on Concept Release on Auditor Independence and Audit Firm
White Paper Ensuring Network Compliance with NetMRI An Opportunity to Optimize the Network Netcordia Copyright Copyright 2006 Netcordia, Inc. All Rights Reserved. Restricted Rights Legend This document
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
IBM Software Industry Solutions Management Improving sales effectiveness in the quote-to-cash process Improving sales effectiveness in the quote-to-cash process Contents 2 Executive summary 2 Effective
Publication Date: March 17, 2015 Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical software and services that transform high-volume
The Sarbanes-Oxley Act: Time is not on your side October 2004 Understanding and insuring compliance with the Sarbanes-Oxley Act of 2002 (SOX) can be an enormous undertaking. SOX, almost to understate things,
THOMSON REUTERS ACCELUS ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES PROACTIVE. CONNECTED. INFORMED. THOMSON REUTERS ACCELUS Compliance management Solutions Introduction The advent of new and pending
MAY 30, 2012 New York attorney general offers proposed amendments to state s Not-for-Profit Corporation Law By Michael J. Cooney, Anita L. Pelletier, and Meghan J. Schubmehl New York Attorney General Eric
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
Leveraging Sarbanes-Oxley (SOX) to Build Better Practices Powering Strategies and Managing Risks Using SOX compliance to build disciplined, repeatable, and auditable practices. Running a successful business
A SOX2007.com White Paper SOX 404 and Small Companies: A Cost Effective Approach to 2007 Compliance Background The Sarbanes-Oxley Act (SOX) was passed by Congress in July 2002 to address corporate mismanagement
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
IBM Software A Journey to Adaptive MDM What is Master Data? Why is it Important? A Journey to Adaptive MDM Contents 2 MDM Business Drivers and Business Value 4 MDM is a Journey 7 IBM MDM Portfolio An Adaptive
CLIENT MEMORANDUM SEC ISSUES FINAL RULES FOR NEW CEO/CFO CERTIFICATION UNDER SECTION 302 OF THE SARBANES-OXLEY ACT As noted in our previous client memoranda, the Sarbanes-Oxley Act of 2002 (the Act ) calls
CITY OF SAN ANTONIO INTERNAL AUDIT DEPARTMENT Audit of SAP Customer Relationship Management Project No. AU05-008 Release Date: Prepared By: Patricia Major CPA, CIA, CTP, CGFM Frank Cortez CIA, CISA, CISSP
SAP Brief Analytics s from SAP SAP s for Enterprise Performance Management Objectives Outperform Financial Objectives and Enable Regulatory Compliance Drive better decisions and streamline the close-to-disclose
4th Quarter 2004 REED SMITH LLP INVESTMENT ADVISER NEWS QUARTERLY UPDATE The Investment Adviser News features regulatory and other news items of interest to the investment management industry and investment
Preface The Policy Management Process TM and the associated Effective Policy Management TM Best Practice were developed in 2001, before the large accounting scandals became unfortunate news stories. Reaction
CONSULTATION PAPER ON RISK MANAGEMENT AND INTERNAL CONTROL: REVIEW OF THE CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT June 2014 CONTENTS Page No. CONTENTS... 1 EXECUTIVE SUMMARY... 1 CHAPTER
EFFECT OF THE SARBANES-OXLEY ACT OF 2002 August 15, 2002 President Bush signed the Sarbanes-Oxley Act of 2002 (the Act ) into law on July 30, 2002, after numerous business and accounting scandals had rocked
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
White paper Fitting Your Business Intelligence Solution to Your Enterprise Four options, one right decision. Table of contents Executive summary... 3 The impediments to good decision making... 3 How the
Securing your Corporate Infrastructure What is really needed to keep your assets protected Joseph Burkard CISA, CISSP October 3, 2002 1 Securing your Corporate Infrastructure Management Dilemma or Technical
University of Missouri Kansas City Financial Sub-Certification What is Financial Certification? Process where individuals within the organization provides assurance to verify that the financial statements
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation
Microsoft Dynamics Customer Case Study Customers and Shareholders Benefit as Global Manufacturer Deploys Management Overview Country: United Kingdom Industry: Manufacturing Customer Profile Sevcon is at
2014 SAP AG or an SAP affiliate company. All rights reserved. GSK Vaccines: Easing Compliance with SAP Process Control GlaxoSmithKline Vaccines Industry Life sciences pharmaceuticals Products and Services
Sarbanes-Oxley Assessment Prepared by Cohasset Associates, Inc. Abstract This technical report is an assessment of the EMC Data Domain Retention Lock Compliance edition capabilities relative to the areas
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
The Road to Compliance: Signing Your SOX Certification with Confidence This white paper discusses high-level requirements for complying with the Sarbanes-Oxley Act, with a specific focus on the next major
Preventive Treatment for the Provider s Back-office A Closer Look at Administrative Simplification and the Key Strategies Healthcare Providers Can Take to Prepare By some estimates, nearly a third of every
White Paper The Role of Password Management in Achieving Compliance PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: firstname.lastname@example.org Website: www.portalguard.com