Digital Edition

SYS-CON.TV
AptSoft Prevents SOX 404 Errors
"Cop on the Beat" Approach Designed to Help Companies Comply with Sarbanes-Oxley

Companies focused on documenting and automating business procedures are coming up a crucial step short in meeting Sarb-Ox mandates, according to Burlington, Mass-based AptSoft.

According to Section 404, documenting and automating a process does not qualify as verification it is being followed. While it is mandatory companies offer evidence of process adherence, validating this is not an easy task.

In addition, recent Public Company Accounting Oversight Board (PCAOB) guidance underscores the evolving scope of internal control testing procedures, which increases the risk of costly oversights by introducing more subjectivity into the audit. The AptSoft Director for Compliance quick-start framework solves both problems.

Acting like a “cop on the beat,” AptSoft Director for Compliance uses its complex event processing (CEP) capabilities to track myriad patterns of activity and outcomes over time, across any number of systems. Activities and outcomes that deviate from approved procedures trigger automated event alerts that can be logged and investigated. For example, a “revenue recognition” event would be flagged if the documented process includes any sales, contractual, or shipping milestones that have not been met.

“Many businesses are now realizing that a key challenge of Section 404 compliance is not simply meeting this year’s July 15 deadline for non-accelerated filers, but doing it completely and consistently every year from now on,” said Robert Miller, senior audit manager at Braver and Company, P.C. “The dynamic nature of business operations and the introduction of technology to facilitate process change have the potential to further complicate annual compliance verification,” Miller added.

Once in place, however, AptSoft Director for Compliance provides automated, continuous, comprehensive self-auditing of key processes, enabling companies to prove on an ongoing basis that documented policies and procedures are not being circumvented. Outside auditors seeking to verify the efficacy of internal controls can be easily supplied with any and all required evidence, eliminating the risk of subjectivity inherent in audit sampling. This can also help limit the length and scope of an annual audit and significantly reduce its cost. And, since the CEP-based technology in Director can easily adapt to new or revised procedures, it allows businesses to remain nimble and verifiably compliant with regulations.

Operating as part of a Service Oriented Architecture (SOA), CEP is a new class of technology that can identify, correlate, evaluate, and act on the countless “events” crossing an enterprise IT infrastructure. Because it can be dynamically configured to understand patterns, dependencies and hierarchies within and among these events, CEP is uniquely suited to provide the automation and compliance verification of the processes and systems companies rely on to do business.

“The introduction of new and more stringent regulations has helped boost investor confidence and tighten operations but present real cost and agility issues for companies that need to comply,” said Frank Chisholm, president and CEO of AptSoft. “This new quick-start framework can help preserve the benefits of process improvement and reduce the recurring costs associated with annual compliance verification.”

According to a survey conducted by Financial Executives International, from July 2004 to March of 2005 external auditor fees increased by 58 percent. The survey of 217 public companies with average revenues of $5 billion found auditor fees for Section 404 compliance averaged $1.3 million.


About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...