RealTime IT News

Oracle Software Polices the Compliance Police

Oracle unveiled the second version of its Internal Controls Manager (ICM), an application that gives a global view on compliance efforts within the organization.

First released in August 2003, the ICM gives IT managers and auditors a top-down view of the steps companies are taking to ensure they are providing internal controls within the company, and monitoring the compliance of those controls.

These days, when company executives think compliance, they think of Section 302 of the Sarbanes-Oxley Act of 2002, which states:

"The CEO and CFO of each issuer shall prepare a statement to accompany the audit report to certify the 'appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer.'"

It's slightly different than the widely reported Section 404 measures of the Sarbanes Oxley Act, which calls for an annual report by company managers assessing the its internal control mechanisms, and corroboration by an auditor.

An industry niche was formed in the wake of this Congressional piece of legislation, as companies scrambled to meet the Section 404 deadline, which comes due July 15 for smaller companies and after Nov. 15 for companies with more than $75 million in market capitalization.

Oracle was one of the software companies that assembled an application to meet the needs of audit-minded public companies, releasing ICM v1 in August 2003, and then padding its Oracle Treasury application.

Both the Internal Controls Manager and Treasury fall under the E-Business Suite 11i9, an enterprise applications suite released in May 2003 for download and enhanced to meet federal compliance guidelines.

Steve Miranda, Oracle's vice president of financials applications development, said that while most companies are looking for software to abide by federal guidelines, ICM and its related components drive indirect value into the company's bottom line.

"When you get into implementing new controls, you can look at corporate governance as a way of driving efficiency," he told internetnews.com. "Because as you have to normalize your process or modify your process to mitigate against some risk, you're hopefully able to leverage that effort into something that we've been touting as best business practices, to combat information fragmentation and to get information to all the managers in an organization."

The latest iteration of ICM gives more control over the oversight process, particularly in tracking the lifecycle of projects within the enterprise. Managers throughout the process, from design conception to end-of-life, can now certify (or document issues) their work, which can then be assessed by auditors and executives from a financial statement perspective.

The ICM has also been more tightly integrated with Oracle Projects, so the audit trail itself can be treated as another project within the company.

Another key enhancement to the ICM is the ability of corporate headquarters to apply global processes at the local level. If a new report needs to be created, rather than wait for regional offices to apply the changes, ICM allows the corporate office to apply the new process without changing local variations.

With everyone looking deep into the business process, from the auditor to the CFO, Miranda said an indirect benefit to the compliance software comes into effect, streamlining the process by making sure the process itself is viable.

"That's where you get into indirect revenue generation, when you put in place the infrastructure processes and tools to help you measure performance throughout the organization," he said.