Home > Ask the Data Management Experts > Governance, risk and compliance Questions & Answers > Sarbanes-Oxley compliance: GRC technology vs. spreadsheets
Ask The Data Management Expert: Questions & Answers
EMAIL THIS

Sarbanes-Oxley compliance: GRC technology vs. spreadsheets

Michael Rasmussen EXPERT RESPONSE FROM: Michael Rasmussen

Pose a Question
Other Data Management Categories
Meet all Data Management Experts
Become an Expert for this site


Tips, expert advice and sample chapters
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 27 February 2008
My company has been meeting Sarbanes-Oxley (SOX) requirements through manual spreadsheet-based processes. This year, we hope to automate these processes. What kind of technology is out there now to help with SOX compliance?

>
EXPERT RESPONSE
Why spreadsheets are not great for Sarbanes-Oxley (SOX) compliance

Spreadsheets are a thorn in the flesh of risk and compliance. I have seen organizations with upwards of 40,000 spreadsheets collected for Sarbanes-Oxley, as control questionnaires are sent to nearly everyone in the organization. The questionnaires come back and the compliance team scratches their heads and says Now what? How do we manage and report on this data?

It gets worse . . . auditors can step in and cry 'foul.' It is difficult to provide non-repudiation within spreadsheets in a scalable context. Basically, one can not go back and truly state that "this person answered this compliance (a legal process) on this date and time, and we know this is the original answer and it has not been modified." Spreadsheets do not have this level of authentication, access control and audit trail. There are spreadsheet management solutions that do provide authentication, access controls and audit trails -- but they are cumbersome to use for broad compliance purposes. Plus, there are technologies with integrated content and workflow that can be more easily managed.

GRC technology for Sarbanes-Oxley compliance

To replace spreadsheets I would look towards governance, risk and compliance (GRC) management platforms. Vendors in this space include Axentis, BWise, MEGA, MetricStream, OpenPages, Paisley and QUMAS. These vendors, and many more, have integrated content and workflow technologies to manage GRC assessment processes. They are a much better choice over the use of spreadsheets for Sarbanes-Oxley compliance.

More information about Sarbanes-Oxley compliance

  • Sarbanes-Oxley compliance software essentials: Build a technology toolbox
  • Defining SOX security controls
  • Database activity monitoring helps USEC with SOX compliance


    • Sound Off! -   


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    RELATED CONTENT
    Governance, risk and compliance
    Chief Compliance Officer: Top three responsibilities of a CCO
    GRC tools for business intelligence security
    Business intelligence security considerations
    Data governance software: The truth about "one-size-fits-all" data governance "solutions"

    Sarbanes-Oxley compliance automation software
    IBM releases compliance warehouse for unstructured content
    BI users can't wean themselves off Excel
    Regulatory compliance
    Database activity monitoring helps USEC with SOX compliance
    Content management software: Who will leverage semi-structured and unstructured data?
    Users wary of Rule 37(f) data retention 'loophole'
    Spotlight on regulatory compliance
    Financial data management tool eases compliance pain
    Security policies: Don't be an army of one
    Strategic IT planning for compliance and beyond

    Governance, risk and compliance software (GRC)
    Risk management surpasses compliance as top GRC priority
    Chief Compliance Officer: Top three responsibilities of a CCO
    IBM releases compliance warehouse for unstructured content
    GRC tools for business intelligence security
    IBM to buy Princeton Softech for data management, archiving and classification
    Regulatory compliance
    Data leakage could be caused by messaging technology
    Regulation redundancy: Money down the drain
    Users wary of Rule 37(f) data retention 'loophole'
    IBM to acquire FileNet, merge content management and BPM

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    compliance  (SearchDataManagement.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2005 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts