Q

Sarbanes-Oxley compliance: GRC technology vs. spreadsheets

Learn why Sarbanes-Oxley (SOX) compliance technology, such as GRC management platforms, is better than spreadsheets for meeting Sarbanes-Oxley requirements.

My company has been meeting Sarbanes-Oxley (SOX) requirements through manual spreadsheet-based processes. This year, we hope to automate these processes. What kind of technology is out there now to help with SOX compliance?
Why spreadsheets are not great for Sarbanes-Oxley (SOX) compliance

Spreadsheets are a thorn in the flesh of risk and compliance. I have seen organizations with upwards of 40,000 spreadsheets collected for Sarbanes-Oxley, as control questionnaires are sent to nearly everyone in the organization. The questionnaires come back and the compliance team scratches their heads and says Now what? How do we manage and report on this data?

It gets worse . . . auditors can step in and cry 'foul.' It is difficult to provide non-repudiation within spreadsheets in a scalable context. Basically, one can not go back and truly state that "this person answered this compliance (a legal process) on this date and time, and we know this is the original answer and it has not been modified." Spreadsheets do not have this level of authentication, access control and audit trail. There are spreadsheet management solutions that do provide authentication, access controls and audit trails -- but they are cumbersome to use for broad compliance purposes. Plus, there are technologies with integrated content and workflow that can be more easily managed.

GRC technology for Sarbanes-Oxley compliance

To replace spreadsheets I would look towards governance, risk and compliance (GRC) management platforms. Vendors in this space include Axentis, BWise, MEGA, MetricStream, OpenPages, Paisley and QUMAS. These vendors, and many more, have integrated content and workflow technologies to manage GRC assessment processes. They are a much better choice over the use of spreadsheets for Sarbanes-Oxley compliance.

More information about Sarbanes-Oxley compliance

This was first published in February 2008

Dig deeper on Financial reporting and compliance data management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchAWS

SearchContentManagement

SearchOracle

SearchSAP

SearchSOA

SearchSQLServer

Close