SAP is bolstering regulatory compliance capabilities within its enterprise resource planning (ERP) suite, mySAP ERP, through a reseller partnership with software maker Virsa Systems Inc.
Under the terms of the agreement, SAP will offer Virsa Systems' Compliance Calibrator as an add-on to the mySAP ERP and its SAP R/3 software suites. SAP will begin marketing the product with its own compliance features immediately in the United States and expand to Europe next year, said John Robertson, senior vice president of business development for customer solutions and operations at SAP.
The software specifically addresses Section 404 of the Sarbanes-Oxley Act, which requires a company to file a report by management on the company's internal control over financial reporting and an accompanying auditor's report.
"It's going to be a very easily adopted product," Robertson said. "Our expectation is that this combined solution is going to reduce the time to compliance … and give a great deal of confidence to our customers."
Fremont, Calif.-based Virsa Systems was founded in 1996 as an SAP security and controls consulting company. It now develops and markets regulatory compliance software and has produced a risk assessment tool for SAP customers in addition to the Compliance Calibrator.
The Compliance Calibrator provides real-time, continuous detection for conflicting authorizations and other issues to guard against financial fraud. The software monitors internal controls and mitigates segregation of duties between users.
General Mills, which runs a variety of SAP software versions, including SAP R/3 version 4.6c, mySAP ERP and several of its components, has implemented Compliance Calibrator to meet Sarbanes-Oxley compliance requirements. The software runs inside of SAP so it fits the company standards, which are ABAP based, said Mike Carr, director information systems at General Mills.
"It doesn't just take a sampling of last week's data like other products I've seen," Carr said. "It's actually running live and that helps us."
The software can be installed on existing hardware and works in conjunction with other SAP tools for compliance management, said Ray Lane, former Oracle Corp., chief executive and a member of Virsa Systems board of directors. Virsa has seen a surge in interest in its product and has partnered with PriceWaterhouseCoopers in the United States, but it needs to be competitive on a global scale at well, Lane said.
"Public companies are paying the price for egregious executive behavior," Lane said. "Costs are climbing rapidly … No chief executive wants to go on the record opposing good governance and investor protection."
The mySAP ERP software suite has reporting, consolidation and analysis tools included, though some companies are turning to third-party vendors for compliance support.
SAP financial software contains an audit information system. It allows companies to extract data from the system and conduct reporting from a transactional level, as well as the macro level, to help prepare an internal report on a company control system.
SAP has also enhanced its applications to meet the new whistle-blowing requirements of the Sarbanes-Oxley Act, which provides protection to employees reporting corporate and securities fraud by publicly traded companies.
The software vendor created an audit portal where employees can log in anonymously and report potential acts of fraud to a company audit department or internal control board. New functionality also allows companies to provide audit information outside of financial operations, such as company travel, which may affect overall business operations.
Virsa which specializes in Sarbanes-Oxley compliance, is one of dozens of vendors seeking its share of the multi-billion dollar compliance business.
According to a study released this week by Boston-based AMR Research, the cost of compliance over the next five years will reach the $80 billion mark. The firm estimates that organizations will spend close to $15.5 billion on compliance-related activities in 2005.
The study, "Spending in an Age of Compliance, 2005," is based on a survey of over 225 business and IT leaders compliance spending priorities.
Though an average company will spend between $250,000 and $500,000, leading businesses are using these mandates as an opportunity to identify and transform business areas that need improvement, according to AMR.