Beyond Sarbanes-Oxley – The Benefits of BPM for Compliance

Sometimes an investment in one area can pay off big in another. Take the example of compliance and the money that organizations are spending meeting regulations such as Sarbanes-Oxley (SOX). While companies might view SOX investments as addressing specific regulatory requirements, such investments can actually be a gateway to enterprise-wide risk management and better business process management. By using business process management (BPM)-based SOX solutions, organizations can not only meet these immediate regulatory requirements, but can put in place an internal control framework that supports future change, helps eliminate any deficiencies in controls, improves inefficient business processes, and helps to manage and reduce risk across the enterprise.

This is particularly important since compliance requirements are growing at a rapid pace at most enterprises. Between external regulatory compliance requirements like Sarbanes-Oxley, HIPPA, and The Patriot Act, and internal compliance standards, business and IT managers must find ways to address immediate regulatory and compliance requirements while ensuring that such solutions will be compatible with future compliance requirements. That’s why forward-looking organizations are looking to solutions such as business process management (BPM) that can not only meet their initial regulatory needs, but provide the framework for strategic risk management and process control.

This paper explores the evolution of SOX and compliance requirements and identifies how BPM can successfully address those requirements. It also introduces HandySoft BizFlow BPM as one solution for managing both tactical and strategic compliance issues. Business managers can use this report to begin a conversation about how best to manage compliance within their organizations, especially managing compliance with BPM.

Click here to download the complete Upside Research report on Handysoft

Share

BPM and the Maturing SOX Market

Government regulations and mandates are nothing new. Even before the English put a well-known tax on tea in the 1700s, American companies have been complying (or in that case, rebelling against) government regulations.

While no one has rebelled against it, the Sarbannes-Oxley Act of 2002 is one recent regulation that is impacting almost all U.S. companies. A series of questionable business practices in a limited number of high profile companies through the 1990s and early 2000s led the government to significantly tighten the reporting requirements and certification of controls and procedures for public companies in 2002, resulting in the Sarbannes-Oxley Act of 2002.

Intended to restore public confidence in corporate governance, the Sarbannes-Oxley Act (also commonly know as SOX) required all public companies, and many private ones, to improve the transparency and accuracy of financial accounting. For example, the act required CEOs and CFOs to sign off on their companies’ financials and to certify their financial controls and procedures. As a result, over the past couple of years public companies have been working to meet these new requirements through increased definition, accounting, and reporting of their financial processes.

SOX compliance includes different aspects (such as Section 302’s quarterly reporting requirements and 404’s annual reporting requirements with its evaluation of internal controls), but it all boils down to being able to define your financial processes, report on them, and manage change (and compliance) over time.
For many companies, SOX is a perfect opportunity to move towards a business process management platform. While initial requirements, such as defining processes and reporting on them, don’t require true business process management capabilities, the fit is obvious: by using a BPM solution to define and monitor their financial and reporting processes, organizations are automatically ready to take the next step of using a BPM product to manage change over time. Using a BPM solution as the underpinning for SOX compliance provides organizations with increased flexibility and potential competitive advantage in being able to reduce the cost of compliance over time (through automation) as well as the ability to ensure compliance even when financial or business structures are changing.

Realizing this opportunity, a number of BPM products have added support for SOX, including companies such as Handysoft, which has even built separate SOX-specific applications based on their BPM platform. In fact, Handysoft recently released version 2 of its SOXA Accelerator, highlighting the increasing maturity of BPM-based SOX solutions. Handysoft’s SOXA Accelerator 2.0 provides a number of new features, including compliance dashboards (making it easy for corporate managers to understand the status of the financial reporting systems), and SOX frameworks from major audit firms. Additional updated capabilities include new rollup and certification capabilities for section 302 and 404 compliance that allow business unit managers or executives to determine if material changes have taken place, as well as increased visibility and reporting options that provide pre-configured reports and key performance indicators for more rapid understanding of financial reporting status.

Upside Uptake
Upside Research believes that Handysoft’s SOXA Accelerator 2.0 is a sign of the maturing BPM/SOX market. It provides solid support for the required regulation compliance, but it can do much more. What’s more important is that companies begin to realize that they can take SOX compliance to the next level that by investing in a product such as Handysoft’s SOXA Accelerator (or other BPM/SOX solutions), they can lay the foundation for a dynamic business process management solution that provides benefits beyond compliance.
Modeling, auditing, and reporting on your financial processes is simply the first step-although it’s the big one for SOX compliance. Smart organizations will realize that once they’ve implemented it via a BPM solution, they’ll have the ongoing capability to dynamically modify, monitor, and manage those processes over time. More importantly, a BPM-enabled SOX solution provides the foundation for extending business process management beyond the financial reporting arena and linking it even more closely with other business processes, providing a way to reduce costs, institutionalize best practices, and provide a dynamic platform for increasing revenue.

While Upside Research believes that SOX solutions like Handysoft’s SOXA Accelerator are good, they are only the first step. Organizations must move beyond the mandated SOX reporting functions to utilizing the true business process management capabilities that underlie BPM-based SOX solutions. And, as with any technology solution to a business problem, organizations should not view the SOX solutions as a band-aid to fix their corporate financial processes, but rather an opportunity to review and create best practices around financial reporting.

Share