|
|
|
Features
< Back
Sarbanes Oxley : Technology : Business Process Management
Business Process Management Software and Sarbanes-Oxley
Business Agility & Operational Visibility Meet Enforcement of Internal Controls
By
Jeffrey Mills
|
|
Jeffrey Mills
VP Channel Development & Partner Enrichment
Bluespring Software
|
The biggest ?pain point? companies have sustaining Sarbanes-Oxley compliance is enforcing internal controls for those processes that are highly manual and span multiple systems. Expected behavior is well documented, but actual behavior is difficult to track. And even when it is, its post-mortem rather than putting you in a position to ?course correct? as events unfold??.before costly mistakes occur. Business Process Management (BPM) software provides companies with an internal control framework that enforces SOX-related policies, procedures and laws across all of the automated activity and all of the manual activity that impacts SOX compliance. No gaps.
Visibility
It is hard to enforce what you can?t see. While business rules have been put in place to make sure that activities inside of an ERP application follow SOX rules, the majority of business activities that affect compliance occur outside of the application. A SOX-impacting process may begin inside of an ERP tool, but often involves a whole host of people who do not have that ERP on their desktop. As a result, people make business by manipulating Excel spreadsheets, emailing them around for consensus and collaboration, holding meetings and making judgment calls. Each and every occurrence results in a compliance ?blackout? where you hope expected behavior occurs, but you have no ability to track what is actually occurring. BPM software provides the ability to track and audit every step of a SOX-impacting process, including all of the emails that have been routed around, all of the Excel spreadsheets that have been manipulated and all of the judgment calls that were made along the way (who made the call, what was the basis of their decision and when a decision made). No visibility gaps.
Internal Controls
Key to SOX compliance is the ability to make sure that all policies, rules, procedures and laws are adhered to at each and every moment a business activity occurs that impacts compliance. Talk about a challenge. Most businesses have taken advantage of the Workflow and business rules capabilities of enterprise applications to enforce compliance for business activity that occurs inside of those applications. For business activity that occurs outside the enterprise application, processes have been documented and expected behavior has been communicated to employees whose role impacts compliance. Here in lies the problem. Since we have established that most business activity occurs outside of the enterprise application, companies have a limited capability to enforce their internal controls across the majority of their business. BPM software solves this problem because it enforces internal controls across the extended enterprise; all of the people, departments and systems who impact the company?s SOX compliance. No control gaps.
Auditability
What if a business could reduce the risk and cost going into its annual SOX audit? The risk is directly associated with how much visibility and control companies have across all of their SOX-impacting business activities going into the audit. The cost is directly associated with how much time an auditing firm needs to spend with their client in order to make sure that a business has control over its financial affairs. BPM software reduces your SOX risk exposure and lowers the cost of your SOX audit. The risk is reduced because internal controls now span both automated and manual business activity. The cost is reduced because the auditor spends less time evaluating the control environment, monitoring transactions cycles and gathering information. BPM brings an audit capability ?out of the box? meaning that a company knows it is operating in compliance going into the audit. Risk reduced.
Sustainability
Establishing SOX compliance is one thing. Sustaining SOX compliance is a far greater challenge. People join and leave companies. Internal policies and operating procedures are updated over time. Laws are rewritten and new laws are introduced. Keeping up with the changes poses two difficult challenges to the enterprise. First, change is painful. An IT project is typically commissioned which means finding scarce resources, gathering requirements, some custom coding of technology and then, weeks or months later, a need for users to relearn a part of their jobs. Secondly, by the time the changes are put into place, the changes themselves are already likely to be outdated. BPM software?s agile nature helps companies keep up. It was developed with the notion that processes and the rules that drive those processes will ultimately change over time. With BPM, change is not painful. In fact, it allows companies to make changes in a matter of hours or days, as opposed to weeks or months. In addition, changes are mostly transparent to the user because BPM software doesn?t ask people to change the way they work; it changes around how people work. Never obsolete.
Simplicity
Deploying technology to solve business problems like SOX compliance traditionally involves weeks-to-months of requirements gathering and weeks-to-months of IT development work. Not so with BPM software. Compliance-related processes and the business rules that form the internal controls are designed, deployed and changed from a single desktop without writing code, meaning that deployments occur in days or weeks and updates occur in hours or days. BPM software interoperates with enterprise applications (i.e. CRM, ERP, etc.) through the use of web services, meaning that integrations are a snap and the technology ?plays nice? with a company?s underlying IT infrastructure. No code deployments.
ROI on SOX Compliance
American companies spend more than $1 Trillion dollars each year on SOX compliance and now business leaders are demanding a return on their investment rather than absorbing the cost. BPM software drives down operational costs while ensuring SOX compliance. As a result, BPM delivers ROI in three ways. First, companies realize an immediate ROI through the introduction of automation into SOX-impacting processes. For example, work traditionally performed by people (i.e. rekeying of information) and rework resulting from poor information sharing can be wiped out. Secondly, incremental ROI is achieved as a company refines its business processes over time. Third, given that money is going to be spent on SOX compliance audits, BPM software reduces that burden by better preparing your company going into the audit. Auditors have ready access to the information they need and will spend less time (which means less cost) certifying your compliance. Immediate and iterative ROI.
BPM software delivers business value and makes a company?s SOX compliance efforts sustainable at the same time. What does BPM bring to a company?s SOX compliance efforts?
? No visibility gaps
? No control gaps
? Risk Reduced
? Never obsolete
? No code deployments
? Immediate and iterative ROI
Jeffrey Mills
VP Channel Development & Partner Enrichment
Bluespring Software
Jeffrey D. Mills is the vice president of channel development and partner enrichment at Bluespring Software.
He began his career with 3M Corporation building eBusiness infrastructure. After 3M,
Jeff joined Net Perceptions where he built analytics-based solutions for the industrial marketplace.
Jeff is a graduate of Miami University in Ohio and is president of the Cincinnati chapter of the International Association of Microsoft Certified Partners (IAMCP).
Bluespring Software is a business process management (BPM) technology provider. Our product, BPM Suite, helps businesses design, deploy, manage, and update their business processes. Enterprise applications such as CRM, SFA, and ERP all launch critical processes that are largely ignored from an automation and management standpoint. Bluespring's BPM Suite enables you to model and execute processes around those enterprise applications, which increases efficiency and helps to enforce compliance with corporate standards.
For more information, please visit the company?s web site at http://www.bluespringsoftware.com.
|
|
|
|
|
