A vendor that makes database security and compliance products today unveiled a set of pre-configured reports that automate the process of generating audit reports needed to comply with the Sarbanes-Oxley Act.
IPLocks has developed about 20 pre-configured reports detailing controls companies use to prevent unauthorized changes to data or fraudulent transactions. These allow internal auditors to generate reports by "pointing and clicking," instead of sifting through mountains of information, company officials say.
"Many of the Sarbanes-Oxley auditors, this is a big part of their job, sifting through reams of data and attempting to filter some of that data," says Adrian Lane, chief technical officer of IPLocks.
IPLocks is initially making the reports available at no additional charge to companies that use the IPLocks Database Security and Compliance Solution. The reports will remain free until mid-2007. IPLocks marketing director Tom Yates says he doesn't know what the price will be after that time.
The pre-configured control reports, which are being called "SOX-in-a-Box," include the following:
* Abnormal termination of database activity reports, which identify failed routine transactions and processes between the IPLocks application and a database, such as failed financial transactions and login attempts.
* Abnormal use of service accounts reports, which identify service accounts and related transactions that originate from locations other than the application server.
* End-of-period adjustments reports, which track changes to the general ledger at the end of each month.
IPLocks says it consulted with the Big Four the Big Four audit firms when developing the pre-configured compliance reports. Lane says many companies could get away with having fewer controls than they do now, partly because too much emphasis is placed on network controls, instead of database controls.
"The automation allows us to do it more efficiently," Lane says. "What we're finding is less controls are appropriate. If your controls are intelligently designed and implemented, you can get away with fewer."
IPLocks customers include more than 100 companies worldwide, including at least 10 who are already using the SOX-in-a-Box add-on, Lane says. Pricing for corporations with eight to 10 databases, including professional services, customization and the creation of special controls, would run from about $100,000 to $150,000, according to Yates.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.