As companies seek to make Sarbanes-Oxley (Sox) compliance more efficient and sustainable, they are investing in a new wave of Sox-related software, says Paul Hamerman, vice president, enterprise applications at Forrester Research.
“During the first cycle of Sox 404 compliance, companies were under time constraints and weren’t familiar with the new regulations,” Hamerman says, referring to a requirement that publicly traded companies identify, test and document internal controls to prevent errors or fraudulent activities that affect the accuracy of financial statements. “As a result, they had to invent something on the fly or relied on in-house tools such as Excel spreadsheets or audit tools.”
These makeshift tools weren’t reusable. Moreover, while they captured the necessary data needed for compliance, that information couldn’t be presented in a format that was useful from a management perspective, Hamerman says.
In contrast, the emerging second wave of compliance software will provide continuous controls monitoring and automation, as well as applications for documenting and evaluating internal controls and managing overall Sox compliance and governance processes.
Vendors that provide controls monitoring and automation software to optimize controls include Approva, ACL Services, Logical Apps, Oversight Systems and Virsa Systems, which was recently acquired by SAP. The leading vendors in compliance management include IBM, Paisley Consulting and OpenPages.
According to Hamerman, the overall market for Sox-related solutions was $200 million in 2005. This year, it will reach approximately $290 million. Hamerman predicts that the market will peak in 2009 at $376 million, followed by a period of consolidation and repositioning into broader governance, risk and compliance areas.
