Sarbanes-Oxley Sparks Forensics Apps Interest

Vendors offer monitoring tools to help identify incidents of financial fraud

Most companies working on Sarbanes-Oxley projects are focused on documenting their internal controls to meet the compliance deadlines that start taking effect late this year. But the law's requirements are generating interest in using computer forensics tools to help identify potential cases of financial fraud.

For example, Avery Dennison Corp. is piloting software announced last week by Oversight Technologies Inc. that can be used to monitor finance systems for irregular transactions. Mark Van Holsbeck, director of enterprise security at Avery Dennison, said the software should reduce the amount of time workers at the Pasadena, Calif.-based maker of adhesive products now spend poring over printouts of financial data to determine whether any information has been altered or corrupted.

Avery Dennison's use of the Oversight tool wasn't driven by the mandates of the Sarbanes-Oxley Act, Van Holsbeck said. But the technology should help the company satisfy components of the financial reporting law, he added.

Similar Conclusion

Other users are expected to come to the same conclusion about computer forensics tools, which can track how data is used and modified.

Meta Group Inc. analyst John Van Decker said he expects to see an uptick in forensics technology investments related to Sarbanes-Oxley starting this summer. And Michael Rasmussen, an analyst at Forrester Research Inc., estimated that about a third of the clients he works with have put an investigative response plan in place, including the use of business intelligence tools and other technologies to monitor ERP and e-mail systems for evidence of potential wrongdoing.

Tracy Austin, CIO of Mandalay Resort Group
Tracy Austin, CIO of Mandalay Resort Group
Universal Health Services Inc., a King of Prussia, Pa.-based company that operates hospitals and other medical facilities in various states, already has several fraud-detection systems in place that should now be able to help it meet the mandates set by Sarbanes-Oxley, said CIO Linda Reino.

For example, to prevent altered paychecks from being cashed, Reino said Universal Health has a homegrown system running on an IBM AS/400 server connected to applications at the bank that supports Universal's payroll operations.

Manny Abascal, a partner at Latham & Watkins LLP in Los Angeles, said that continually reviewing financial data will be a key facet of Sarbanes-Oxley compliance. "Some companies are thinking ahead so that if they find themselves in this position [where fraud is suspected], they're better able to find the data," he said.

Pricing for Oversight's monitoring tools starts at $85,000 and, depending on the number of end users, can go up to about $200,000, according to CEO Patrick Taylor.

Other vendors of forensics tools include Guidance Software Inc., Consul Risk Management Inc. and Addamark Technologies Inc., which this week plans to announce upgraded software for storing system log data.

Mandalay Resort Group in Las Vegas provides gaming agencies with information to demonstrate its data-protection procedures. But CIO Tracy Austin said those efforts haven't used computer forensics, and the hotel and casino operator hasn't made plans to invest in the tools to aid in Sarbanes-Oxley compliance. For now, Mandalay "is primarily focused on documenting internal controls," Austin added.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon