Public Company Automates Complex Controls For SOX
iAutomate Accomplishes the Impossible

The Problem
Automating Internal Controls to Comply with Sarbanes-Oxley Section 404

When the new VP of Accounting joined this public company he made a surprising discovery. An extraordinary set of internal controls was used to create payable invoices and these controls were entirely manual and undocumented.

The nature of the company’s business itself demands that the business rules change multiple times throughout the billing cycle. Since the corresponding processes and resulting controls change as frequently, the rules and controls are nearly impossible to document.

Before his arrival, the company contracted a solution provider to automate these processes within a custom application. The application failed. The dynamic nature of the environment presented more problems than could be solved with the provider’s technology. Since Sarbanes-Oxley mandates the documentation and monitoring of controls and rules, the need to find a solution was not only imperative, but worrisome.

The Risk
Failed Sarbanes-Oxley Audit

The new VP faced several risks if a solution wasn’t found, not the least of which was a failed Sarbanes-Oxley audit. Employees were very responsible, but with so much data and such dynamic business rules, clerical error could easily lead to over or under payment. Undocumented controls were maintained by memory, so staff absence or departure would leave further vulnerability.

The Goals
Security Sensitive & Adaptable Controls Automation

The VP of Accounting wanted to find a product that could:

The Alternatives

The Consequences

Continue with existing method
  • Would result in a failed Sarbanes-Oxley audit.
  • Would further the risk of knowledge loss due to employee turnover.
  • Could continue to support potential clerical errors.
  • Would maintain an already lengthy monthly close.
  • Would carry forward an extensive (3-4 month) employee training process.
Use Another vendor
  • Previous attempts with other vendors had failed because of the complex
    business processes within a dynamic rules environment.
  • A fast solution was needed. The company had already survived a failed attempt that took 6 months.
  • The solution needed flexible, leading edge technology that most vendors cannot apply.

The Solution – iAutomate
Customize Anything

MENTIS' iAutomate service creates entirely dynamic, custom applications for organizations whose labor intensive processes make compliance difficult and/or which are no longer cost effective. The MENTIS pre-built framework components work independently from customizations and are built on the Oracle technology stack. This allows a quick ROI and no need for additional maintenance and support costs.

iAutomate Results
Automate & Document the Most Complex Internal Controls

Within 8 short weeks, Mentis was able build an entirely dynamic, custom application using the iAutomate product for this client. All rules and exceptions are now maintained online while all internal controls are automated and consolidated into one single source database, providing an audit trail of database activity.

To completely fulfill Sarbanes-Oxley requirements, the auditors requested that multiple levels of security be enforced as well. Reliance on manual controls now greatly reduced through automation, users can be identified and duties separated by responsibility (administrator, super user and user). Changes, additions and deletions of users and business rules; as well as control over the types of reports that can be run by a given user are now compliant with the requirements of Sarbanes-Oxley. This separation of responsibilities assures that no one user has “too much” access. The client was able to pass their audit easily.

Since all controls and rules are maintained within a database, the transfer or absence of an employee no longer creates the risk that important knowledge will be lost. New employees need not endure the four-to-six month training period in order to understand and memorize the rules. Now, there is no training involved; the application does the work.

MENTIS was able to provide the overall solution to the client in a very short time-frame because of the pre-built framework components that work independently from the customizations needed. The solution was also built on the client’s existing technology stack (Oracle application technology on an Oracle database) so that there was no additional cost to the client as far as maintenance and support. IT did not have to change any code or process and could add the iAutomate product into the backup process naturally.

This client’s return on investment was under five months.

 

Legislation brought into Compliance
Sarbanes-Oxley

 
© 2008 MENTISoftware. All rights reserved. Terms of Use Privacy Policy 212-861-2235 info@mentisoftware.com