It’s not enough for companies to say they are meeting the
compliance measures imposed as part of the Sarbanes-Oxley Act (SOA),
they have to prove it. SAP officials announced Monday
new tools that further standardize and provide internal checks within
the corporation.
Available early next year, the software integrates with the current
version of mySAP Financials and gives CFOs and CEOs functionality to
show its internal controls are working, as required in section 404 of
the SOA.
Going beyond “mere documentation,” according to the announcement, the
tools — which provide scoping, documentation, remediation and sign-off
functionality — SAP officials said the software can be further used by
external auditing companies.
“By extending functionality in mySAP Financials and mySAP ERP to
comprehensively cover Sarbanes-Oxley requirements, SAP helps companies
reduce costs for compliance while leveraging these investments to
improve business insight and performance across key business
operations,” said Jim Hagemann Snabe, SAP financial and public services
chief operating officer, in a statement Monday.
A new whistle-blowing function lets employees send anonymous emails
through the company portal to executives, a copy of which is stored in
the central database, according to requirements in SOA’s section 301.
The tool can be tied in with the mySAP HR software found in its
enterprise resource planning (ERP) software suite.
Last month, SAP started selling its audit information system, a
workbench application for C-level executives and external and internal
auditors to more quickly sign off and close the books on quarterly and
annual reports.
Software vendors are capitalizing on the business world’s need for
in-depth SOA compliance tools. Nor is SAP the only company coming up
with solutions to the problem; Oracle announced Monday SOA
compliance enhancements to its own software, OracleO Treasury,
adding more internal controls as well as asset-forecasting abilities.
SAP went to PriceWaterhouseCoopers, the noted financial services
company, for help designing the new functionality in the software. The
company went after addressing the specific sections within the SOA that
dictate internal control measures within the corporation.
The company released the results of a survey it conducted in July.
Adding internal controls was found by 76 percent of the respondents as
the biggest cost for SOA compliance. Many companies expect SOA
compliance to take up a little more than 10 percent of their management
controls budget in the next couple years.
The total cost, however, seems largely dependent on the size and of the
company and what they had in place before passage of the Act.
“Larger companies with a well-established corporate recording
infrastructure are better able to handle the added certification and
disclosure requirements of the new law,” said the survey’s author Frank
Brown. “For smaller companies, compliance has been more of a burden.”