Computerworld - Most companies working on Sarbanes-Oxley projects are focused on documenting their internal controls to meet the compliance deadlines that start taking effect late this year. But the law's requirements are generating interest in using computer forensics tools to help identify potential cases of financial fraud.
For example, Avery Dennison Corp. is piloting software announced last week by Oversight Technologies Inc. that can be used to monitor finance systems for irregular transactions. Mark Van Holsbeck, director of enterprise security at Avery Dennison, said the software should reduce the amount of time workers at the Pasadena, Calif.-based maker of adhesive products now spend poring over printouts of financial data to determine whether any information has been altered or corrupted.
Avery Dennison's use of the Oversight tool wasn't driven by the mandates of the Sarbanes-Oxley Act, Van Holsbeck said. But the technology should help the company satisfy components of the financial reporting law, he added.
Similar Conclusion
Other users are expected to come to the same conclusion about computer forensics tools, which can track how data is used and modified.
Meta Group Inc. analyst John Van Decker said he expects to see an uptick in forensics technology investments related to Sarbanes-Oxley starting this summer. And Michael Rasmussen, an analyst at Forrester Research Inc., estimated that about a third of the clients he works with have put an investigative response plan in place, including the use of business intelligence tools and other technologies to monitor ERP and e-mail systems for evidence of potential wrongdoing.
Tracy Austin, CIO of Mandalay Resort Group
For example, to prevent altered paychecks from being cashed, Reino said Universal Health has a homegrown system running on an IBM AS/400 server connected to applications at the bank that supports Universal's payroll operations.
Manny Abascal, a partner at Latham & Watkins LLP in Los Angeles, said that continually reviewing financial data will be a key facet of Sarbanes-Oxley compliance. "Some companies are thinking ahead so that if they find themselves in this position [where fraud is suspected], they're better able to find the data," he said.
Pricing for Oversight's monitoring tools starts at $85,000 and, depending on the number of end users, can go up to about $200,000, according to CEO Patrick Taylor.
Other vendors of forensics toolsinclude Guidance Software Inc., Consul Risk Management Inc. and Addamark Technologies Inc., which this week plans to announce upgraded software for storing system log data.
Mandalay Resort Group in Las Vegas provides gaming agencies with information to demonstrate its data-protection procedures. But CIO Tracy Austin said those efforts haven't used computer forensics, and the hotel and casino operator hasn't made plans to invest in the tools to aid in Sarbanes-Oxley compliance. For now, Mandalay "is primarily focused on documenting internal controls," Austin added.
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
