IBM Debuts Sarbanes-Oxley Software For Federal Government Agencies

IBM on Wednesday unveiled software to help U.S. government agencies comply with a mandate to assess the effectiveness of internal financial-reporting controls, just as the private sector has had to do under the Sarbanes-Oxley Act.

The mandate, issued in January by the Office of Management and Budget, is in the form of a revision to Circular A-123, which implements the Federal Manager's Financial Integrity Act of 1982. The revision, Appendix A, requires agencies to provide an assurance statement on the effectiveness of internal controls over financial reporting. It has a compliance deadline of Oct. 1, the start of the 2006 fiscal year.

IBM has adapted its Workplace for Business Controls and Reporting software, a business-process management system used in financial management, for government use. It's built five financial-statement formats issued by the OMB into the system, and a "linking matrix" that connects specific line items to a financial control system. The matrix "allows financial managers to identify those line items having the largest dollar impact, and to focus on the key controls associated with those items," says Rebecca Buisan, market manager at IBM Workplace Software Solutions. The product is being evaluated by several government agencies.

Although numerous business-process-management software products have been released for Sarbanes-Oxley compliance, IBM's is the first geared toward the government, says Bob Markham, principal analyst at Forrester Research. In the past, auditors have borne the brunt of ensuring that financial controls are in place; the IBM software allows the agencies to do this work themselves, he says.

Agencies are scrambling to meet the Oct. 1 deadline, much as private companies were scrambling a year ago to comply with Sarbanes-Oxley section 404. "I've attended seminars recently [on Circular A-123] for government agencies that have been standing-room only," Markham says.

IBM has beefed up the product's analytics capabilities, for both government and private-sector companies, by integrating its Alphablox software, which embeds analytic reports into existing business processes and makes information available to a wide spectrum of users. It also has implemented "process choreography" -- workflow tools enabling the automation of business processes. If a control has a certain keyword, then the system automatically applies predefined workflow rules, Buisan says.

The product incorporates the internal controls framework published by the Committee of Sponsoring Organizations, or COSO, an umbrella group of accounting and financial management organizations. The framework forms the backbone of Sarbanes-Oxley's section 404, and the Government Accountability Office, the investigative arm of Congress, has adopted the COSO framework for the federal government.

Sarbanes-Oxley compliance spending totaled $5.5 billion in 2004, according to AMR Research, and is projected to rise to $6.1 billion in 2005 as companies add to or improve on their initial compliance efforts.