Oracle unveiled the second version of its Internal
Controls Manager (ICM), an application that gives a global view on
compliance efforts within the organization.
First released in August 2003, the ICM gives IT managers and auditors a
top-down view of the steps companies are taking to ensure they are providing
internal controls within the company, and monitoring the compliance of those
controls.
These days, when company executives think compliance, they think of Section
302 of the Sarbanes-Oxley Act of 2002, which states:
“The CEO and CFO of each issuer shall prepare a statement to accompany
the audit report to certify the ‘appropriateness of the financial statements
and disclosures contained in the periodic report, and that those financial
statements and disclosures fairly present, in all material respects, the
operations and financial condition of the issuer.'”
It’s slightly different than the widely reported Section 404 measures of the
Sarbanes Oxley Act, which calls for an annual report by company managers
assessing the its internal control mechanisms, and corroboration by an
auditor.
An industry niche was formed in the wake of this Congressional piece of
legislation, as companies scrambled to meet the Section 404 deadline, which
comes due July 15 for smaller companies and after Nov. 15 for companies with
more than $75 million in market capitalization.
Oracle was one of the software companies that assembled an application to
meet the needs of audit-minded public companies, releasing ICM v1 in August
2003, and then padding its Oracle
Treasury application.
Both the Internal Controls Manager and Treasury fall under the E-Business
Suite 11i9, an enterprise applications suite released in May 2003 for
download and enhanced to meet federal compliance guidelines.
Steve Miranda, Oracle’s vice president of financials applications
development, said that while most companies are looking for software to
abide by federal guidelines, ICM and its related components drive indirect
value into the company’s bottom line.
“When you get into implementing new controls, you can look at corporate
governance as a way of driving efficiency,” he told internetnews.com.
“Because as you have to normalize your process or modify your process to
mitigate against some risk, you’re hopefully able to leverage that effort
into something that we’ve been touting as best business practices, to combat
information fragmentation and to get information to all the managers in an
organization.”
The latest iteration of ICM gives more control over the oversight process,
particularly in tracking the lifecycle of projects within the enterprise.
Managers throughout the process, from design conception to end-of-life, can
now certify (or document issues) their work, which can then be assessed by
auditors and executives from a financial statement perspective.
The ICM has also been more tightly integrated with Oracle Projects, so the
audit trail itself can be treated as another project within the company.
Another key enhancement to the ICM is the ability of corporate headquarters
to apply global processes at the local level. If a new report needs to be
created, rather than wait for regional offices to apply the changes, ICM
allows the corporate office to apply the new process without changing
local variations.
With everyone looking deep into the business process, from the auditor to
the CFO, Miranda said an indirect benefit to the compliance software comes
into effect, streamlining the process by making sure the process itself is
viable.
“That’s where you get into indirect revenue generation, when you put in
place the infrastructure processes and tools to help you measure performance
throughout the organization,” he said.