Your Risk Management Magazine
SOX tech failings denied

Font size : + -

email print

Leading vendors of technology solutions for the US Sarbanes-Oxley Act have angrily denied claims that flaws in their products can lead to failed implementations and huge losses, but simmering tensions in the market have been revealed.

Rohit Tripathy, a US Sarbanes-Oxley implementation consultant who claims to be motivated by “genuinely-felt”anguish, claims to have isolated a staggering 14 major problems evident in ‘major Sarbanes-Oxley tools’. “I have been involved in 6 different Sarbanes-Oxley (SOX) implementation projects as a consultant, out of which three clients went for a tool based SOX implementation project,” Tripathy writes in his research.

“In each case, my client spent more than USD 150,000 to procure a web based SOX tool from a leading Sarbanes-Oxley tool vendor. In all three cases, the SOX project team ended up spending inexcusable amount of time feeding data/documents and maintaining the internal controls structures into the tool. Finally the clients gave up, they stopped using the tool, and went back to Excel sheets and Word documents. The tool implementation failed.”

Previous research has suggested some SOX tools have some flaws. A Resources Global Professionals focus group held last year, found that 60 per cent of Australian firms implementing SOX were using solutions that had been developed by big four accounting firms that had a bias towards financial, rather than operational controls. However, Tripathy’s research is the most critical so far. While most vendors named reacted with a mixture of surprise and anger, some admitted there had previously been some shortfalls in their products.

“I have been involved with the design, development and deployment of our SOX product since 2003 and have had a great deal of experience myself working with many, many clients,” said one. “If this research were being published in 2004, it would be somewhat accurate. That said, much has changed since that time and I believe many lessons have been learned by all, not just the software vendors.”

The source added that problems with SOX implementations were not solely due to technology problems. Rather a mix of factors contributed. In the early stages of SOX, vendors were operating against a moving target and dealing with differing opinions from auditors. Additionally, many purchasing decisions were made outside the IT arena, resulting in limited IT support. Finally, the lack of methodology and lack of consistency hampered matters, with individuals from the same audit firm offering different views and direction to their customers.

While that seems an honest appraisal, other vendors were less pleased. “When I first saw this research, I smiled because I thought that I had found a document that would provide me with all sorts of product short comings in our competitors’ offerings, though after I read the section on our product, I realised that Tripathy’s research is so flawed that I would look stupid giving this information to our field,” said one senior executive from a vendor named in the research.

According to all those vendors, Tripathy’s findings are flawed, factually incorrect and motivated by something other than the desire to inform people. However, third parties suggested the research contained, in some areas, “expert advice”. This stand off illustrates in pin-sharp detail the problems many firms have in choosing the right software package for the right project.

Indeed, Tripathy, a former Ernst & Young staffer, admits he works for a company that markets a SOX software solution. So why is this not included in the research? “The selection of tools was limited to the top 10 tools by market share,” Tripathy said. “Our company tool is not a market leader as yet.” He also did not seek the input of the vendors named in the research.

While Tripathy’s motives have been questioned by the vendors, some independent third parties not aligned to either the vendors or Tripathy said the publication of the research and the vendors’ reaction revealed much about the cut-throat world of the SOX software market. One said the report showed “the true picture from the unremittingly positive brochures, leaflets and spin invariably provided by the solution providers’ salespeople from top notch companies”.

The stakes are exceptionally high. According to research, spending on SOX technology will reach close to $2 billion this year, an increase on both 2004 and 2005. Analysts put the increase in spending down to executives reexamining the “quick fixes” they implemented to meet compliance and audit demands.

While the majority of vendors reacted with anger, some were at least a little sympathetic. “Actually, I don’t believe that the author has malicious intent; the poor guy probably just suffered a high percent of failed projects around SOX. I’m sympathetic, actually,” said one.

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.