Compliance Software

Who are CODA, why should people consider your company when looking for software to assist in their task of complying with Sarbanes-Oxley?
CODA is a financial solution software vendor. We design, build, implement and support packaged financial accounting applications encompassing GL,AP,AR, Procurement, Analytics and Reporting and most recently Business Process Automation for compliance. We have always been focused on finance since our start up in 1979 in the UK and here in the USA in 1988. We have 2500 customers with installations in over 100 countries . We have implemented CODA in a variety of different industry sectors by customers attracted to the level of flexibility and sophistication of analysis that CODA gives to them. Our European heritage means that we have always operated within a host of different regulatory environments but Sarbanes-Oxley has created an enormous need for software solutions to assist in the ongoing requirements of compliance. We have always focused on producing solutions primarily for the CFO and the finance team and felt that this latest demand (for compliance software) was one that fell squarely within our area of competence. In fact several of our existing customers approached us to help with their issues as they trust our understanding of the requirements of the finance function within business organizations.

What do you think are the lessons learned by those organizations that have now undergone year 1 of SOX compliance?
Automate or drown in a sea of laborious, time consuming paper chasing!

That’s it?
In a nutshell yes. Businesses had to feel their way towards compliance in year 1. The external auditors were being very rigid - due in part to the strict oversight of the PCAOB - in their interpretation and certification of controls and so no one was taking any chances whatsoever. Many organizations had to set off on a “journey of discovery” to ensure that they adequately documented all of their processes. Therefore the level of documentation relating to procedures and key controls (and the amount of testing of those processes and controls) undertaken was monumental. Most peoples’ reaction to this was “we can’t do that again for year 2!” So the solution was to find ways to automate as much as possible the work done manually in year 1.

To validate this CODA commissioned a survey of compliance officers to learn from their experiences. Among the detail we received were the following facts:

• Every respondent was satisfied with the results of their compliance, i.e. they had achieved compliance, but without exception they were unhappy with the process they had undergone to achieve compliance.
• When asked to list and rank the pains of Year 1 compliance, #1 was the amount of time taken (#2 & #3 were variants of time).
• Costs incurred came in at #5

So what are people looking for?
Some are looking to automate the recording of all aspects of controls testing. They see the solution being a move of all the audit related documents, lists of controls, test plans test results out of MS Word and MS Excel and into a dedicated on-line repository. Others are looking to get templates of best practice controls to improve their compliance processes. Some are using document imaging or the more comprehensive enterprise content management systems in a bid to automate at least some areas of their process controls.

Aren’t these only partial solutions?
Yes they are but it is difficult to envision one all-encompassing piece of software that will magically solve all your compliance issues - the Sarbanes-Oxley panacea! Many organizations have disparate systems supplied by different vendors, running on different platforms. Even those using a single vendor’s ERP system still experience the same challenges with interfaces to feeder, reporting and consolidation systems. The only way they see to connect all of these together for compliance purposes is from an audit perspective. Implement a comprehensive documentation repository which will improve recording and future access to the types of controls and tests created and performed.

So what is CODA doing to solve this problem?
Two things:

1. We are using our background in building transaction processing systems (GL/AP/AR) to automate financial processes at the transactional level.
2. We are using the one system common to more than 95% of American business desktops, Microsoft Office, as our “platform” to deliver the solution.

Our product, CODA-Control Manager, is a web-based financial and business process automation tool that enables the user to:

• Model both recurring, calendar driven processes such as the monthly period close and financial reporting cycle and processes whose timing is event driven such as new hires, new capital projects or the opening of a new business unit. These processes could be financial in nature or relate to other areas of the business procedures administered by Human Resources for example.
• Design electronic “forms” that support specific business processes. The form therefore embeds process specific logic and validation eliminating error prone re-keying of data.
• Ensure that all rules relating to corporate authorization policies are automatically enforced via configuration of the authorization engine included within the software.

CODA-Control Manager enables the majority of the system creation to be done by accounting rather than IT professionals. As a result, the people responsible for ensuring compliance with financial processes are given the tools to model those processes directly into the system. We use SharePoint™ as a collaborative web portal, InfoPath™ for electronic forms, regular e-mail for the form delivery and task notifications, and we have built a business process modeling and workflow/authorization engine using Microsoft .Net architecture.

Do you have to be an existing CODA GL/AP/AR customer to use CODA-Control?
Not at all. Granted some of the automation may be easier for existing CODA users but CODA-Control can be used stand-alone and as long as your systems are accessible via industry standard Web Services methods you can achieve the automation I have described. CODA-Control Manager can be used irrespective of whether you are using SAP, Oracle, Great Plains, your own home grown financials or indeed a combination of all of these.

So what does CODA-Control give me?
It gives you a powerful compliance tool. It’s an intuitive, rapidly deployed solution designed for the finance function that can model, implement and control not only financial but all processes across the business. It means that your processes become visible, repeatable, consistent and auditable. These are all essential qualities if you want to ensure and demonstrate compliance to both internal and external auditors. This process automation reduces the number of detective controls in place in the business and so reduces the amount of time that has to be spent by staff documenting and proving that processes are in place and are compliant. Cost savings are achieved both by reduction of staff time dedicated “just” to compliance and in reduced level of testing and re-testing required. Also, because it’s the finance team who are now able to model and maintain this automated environment, process modifications and improvements can be rapidly implemented as the needs of the business evolve.

What if I have yet to file for Sarbanes-Oxley so I’m just about to embark on the journey?
If you have still to start your year 1 Sarbanes-Oxley compliance work the chances are you need to ensure all your processes are thoroughly documented and that you have identified and can validate by testing, all the key controls required to manage the enterprise risks. CODA has partnered with Control Solutions International to provide a toolset for those organizations who are still at this stage. Control Solutions is a specialist Internal Audit Consulting organization with over 800 staff worldwide, and with 250 clients it has helped succeed in Year 1 Sarbanes-Oxley compliance. The first tool, CODA-Control Architect, delivers the SOXlite™ methodology from Control Solutions enabling an organization to benefit from all that prior experience. By the use of COSO based templates Control Solutions has selected, it provides a fast track to effective controls and processes. The second tool, CODA-Control Assessor, helps an organization test and remediate its controls. It is a shared, online control center for the ongoing evaluation, assessment, testing and reporting of internal processes and controls.

So do you think CODA has the silver bullet for Compliance software?
No, but I don’t think any software vendor can provide you with that for the reasons I explained earlier. What I do think CODA is providing is a comprehensive compliance framework based on our proven expertise of supporting the finance function. By exploiting the latest Microsoft technologies we can deliver a practical, rapidly deployed and cost effective compliance solution to “Make SOX Stick!”.