The Sarbanes-Oxley Act: Overview and Implementation Procedures Manual

ACL Services Ltd. is a global provider of Business Assurance solutions to financial executives and audit professionals.
John Van Decker, Stan Lepeak The official date for compliance with Sarbanes-Oxley Act (SOX) Section 404, requiring publicly traded US companies to document/certify financial processes, has been extended for companies whose FY04 close is June 15, 2004, or later. This gives most companies extra time to address compliance by leveraging new enterprise risk-management consulting/business applications and offerings from both enterprise (e.g. independent software vendors) and business/IT service providers.
Various compliance point solutions (e.g. from Plumtree, OpenPages, ACL, Steelpoint, and CXO Systems) include tools to manage risk programs, document enterprise business processes, capture/store regulated communications, and track key risk-management indicators. Although some of these solutions will play a longer-term role (e.g. enterprise portals), compliance will ultimately be supported through applications such as enterprise content management (ECM) and enterprise resource planning (ERP; e.g. Documentum and Oracle have announced SOX offerings). However, it will take 1 3 years for enterprise ISVs to penetrate this market. Companies should selectively invest in point solutions to meet near-term regulatory deadlines but recognize that long-term compliance is a comprehensive enterprise-wide effort.
Tax/audit firms (e.g. Deloitte, PwC, KPMG, E&Y) and related compliance vendors (e.g. Protiviti, Jefferson Wells) have SOX service offerings and some supporting software tools. However, these firms' long-term play (except for hybrid Deloitte) will be related to process analysis and risk assessment, not software/IT services. The larger service play (2 3...