Big4Guy

Some of our clients approached us for help with complying with Section 404 of the SOX monster. Now, in any 404 implementation, the first and foremost requirement Documenting Processes and Controls. This is the most time consuming task of the whole process. However, I have personally done some research on the tech tools available to facilitate 404 documentation. Our clients demanded that such software which could help in 404 documentation should enable collection, tracking, support multiple users accross locations and be web based. I am discussing some of such softwares available for Section 404 compliance.

Paisley Consulting's Risk Navigator is a excellent product for 404 implementation. It allows user to identify significant accounts & processes. These can be documented with help of a word processor, spreadsheet ir flowchart. Information stored can be retieved by user in multiple views such as location wise, COSO framework or financial statement account wise. This is a very good product and I have worked on it personally. I would give it a rating of 4 out of 5.

Open text corporation has a software called Livelink which helps in documenting process controls. It allows users to document controls on the basis of five areas namely, risk assessment; control activities; information and communication; control team and roles; and monitoring and audit. These are nothing but COSO componenets. I would give it a rating of 3 out of 5.

Oracle Corp.’s Internal Control Manager is another excellent 404 software. The IC Manager works along with Oracle Tutor. Tutor is the central location for process documentation, which is organized by process flow. The advantage of IC Manager is that it covers ERP specific processes. Even customized processes can be defined. Once all data is entered, variables such as GL accounts, process risk etc can be taken from the software on basis of which potential mitigating controls can be identified. I have not used this product, however companies using it are very satisfied. Rating of 4 out of 5.

Microsoft Corporation’s SharePoint Portal Server, a document-sharing intranet portal developed and marketed by the company, can be used to organize internal control documentation and to facilitate quarterly updates. In fact, Microsoft Corp also uses the product internally to organize control documentation under transaction billing cycles. This gives it a rating of 4 out of 5.

My advise is any product that you go for make sure it suits your company's requirements. It's easy to get lost with so many products available. So ask for demos. And finally, Consider your company's practical scenarios before choosing one.