News Stay informed about the latest enterprise technology news and product updates.

Spending on Sarbanes-Oxley software climbs

The Sarbanes-Oxley software market is still emerging and the picture remains murky -- so buyers beware.

Spending on Sarbanes-Oxley (SOX) technology continues to rise, according to the latest research from AMR Research Inc. in Boston. This year technology purchases are expected to account for 32% of $6 billion in total SOX spending.

That's up from 28% the year before and 21% in 2004 -- when most companies were just becoming familiar with Sarbanes-Oxley requirements.

AMR says 2006 is the year that many CIOs will take a good look at the quick fixes they have used in years past when trying to meet the demands of auditors. Now they'll try to implement software that will provide other benefits.

More on Sarbanes-Oxley

By the numbers: The new SOX breakdown

Executive Guide: Sarbanes-Oxley

"We are seeing a lot of people putting in applications right now -- some of them based in document management systems, some of them based in security, some of them based in process management -- that are really designed to regiment these loosey-goosey fixes that were done for compliance to start with," AMR analyst John Hagerty said.

The problem with understanding the SOX software market, and making smart CIO choices around it, is that the market is emerging, and it's difficult to judge best practices when every company brings a unique set of business processes to the table.

"Different vendors bring different strengths to SOX compliance," Hagerty said.

If companies view SOX compliance as a documented records-management issue, they will be more likely to look for vendors who focus on that. For a business process issue, it's another set.

Vendors compete for SOX business

Gartner Inc. in Stamford, Conn., surveyed 70 vendor competitors in the financial compliance process management (FCPM) field and recently published a Magic Quadrant on the market. The research firm ultimately focused on 18 FCPM vendors that had at least 15 deployments. So far, no one company qualifies as a Magic Quadrant "leader."

"There is no one-size-fits-all approach, because all businesses are not set up to run the same way," explained Tom Eid, Gartner Inc. analyst and co-author of the Gartner Magic Quadrant.

However, six companies were categorized as "visionaries," or vendors that have a solid grasp of the market and are releasing new products to keep pace with compliance needs. Gartner visionaries include: 80-20 Software Inc., IBM, OpenPages Inc., Paisley Consulting Inc., Qumas Inc. and Stellent Inc. Gartner noted that OpenPages "makes more short lists than any other FCPM vendor."

Only Oracle Corp. met the criteria for a Gartner "challenger," or a vendor that is financially viable, has significant market share and the ability to exceed customer expectations on technical functionality. Oracle's Internal Controls Manager will be fused in 2007 with PeopleSoft Inc.'s Internal Controls Enforcer, said Gartner.

Hagerty of AMR Research also likes OpenPages. Two years back, OpenPages announced that it had acquired the rights to PricewaterhouseCoopers' Internal Controls Workbench compliance software -- the sort of acquisitions OpenPages could be poised to make again if other vendors exit the market, says AMR. The research firm said companies with a "broad view of compliance" should consider OpenPages as an option.

Sticking with what you know

The largest category in Gartner's Magic Quadrant is filled with niche players such as Achiever Business Solutions Inc., Axentis Inc., BWise Inc., Certus Software Inc., HandySoft Global Corp. and Methodware Ltd. This group's greatest virtue, according to Gartner, is that these companies can roll out product improvements frequently. On the other hand, some of these niche players have taken novel approaches that are too recent to be deemed successful, e.g Axentis' Software-as-a-Service approach, or have targeted submarkets that don't require much technical depth, e.g. Achiever Business Solutions' small and midmarket focus.

Gartner's Eid recommends starting with the guys you know. "If you're really focused on the bigger companies, like Oracle and IBM and SAP, it is probably best to ride their coattails."

Then again, " if you work with the business process management companies, leverage those to go forward with you," Eid said. "And if you have a good relation with the content managers, an Open Text or Documentum, they will find a way to help you."

Let us know what you think about the story; e-mail: Linda Tucci, Senior News Writer

Dig Deeper on Risk and compliance strategies and best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.