Excerpted with permission from the Journal of Accountancy, February 2004
As companies struggle to comply with section 404 of the Sarbanes-Oxley Act--the section that significantly tightened internal control and financial reporting requirements--CPAs can play a valuable role in helping many companies choose software tools to support compliance and enhance communication with investors, employees and regulators.
Ask (and Understand) Before Buying
CPAs can save clients or employers time and money by incorporating these criteria into the evaluation process.
* The software tool's most important functions, not its minor features.
* The vendor's viability as a going concern.
* The vendor's support plans and the software's position in its product line.
* The product's ongoing compatibility with the company's operating systems and its scalability.
* Whether the tool has a Web-based interface that employees can access without installing software on their individual PCs.
* Whether customization of the product is available or required.
* The availability of suitable vendor-supplied implementation services.
* The level of training the vendor provides.
* The extent of integration with other tools--for example, how proprietary is the database, and can users easily link it to other programs?
* Maintenance, support and upgrade costs (direct and indirect for example, hardware and staff).
* Availability of information on any infrastructure and operating system changes or updates that could become necessary.
Except for generic tools--discussed below--many of these products provide a framework for adding modules in the future. The best of them establish and maintain a relationship between the overall business and its core systems and provide an internal control architecture that changes to meet the organization's evolving compliance needs.
Four Categories of Tools
1. Generic Software Tools enable users to document internal controls, reduce potential risks and provide some level of comfort that compliance initiatives are in place. Many companies already have such compliance software built into their general accounting systems. But, since such software is not dynamic--that is, it can't easily adjust to a company's changing business requirements--it provides only the most basic level of assurance and applies only to a given point in time. …