To help companies meet the requirements of Sarbanes-Oxley and other regulations, Pegasystems Inc. (Nasdaq: PEGA), the leading provider of smart business process management (BPM) software, today announced the release of its Control and Compliance Solution Framework.
Built upon SmartBPM technologies, this new framework helps companies more easily comply with Sarbanes-Oxley by automating the process of creating, managing, testing and auditing business controls.
"Business Process Management software can help companies not only with internal policies and processes, but it can also help account for the operational and real-time information mandates imposed by the adoption of Sarbanes-Oxley," said Jim Sinur of Gartner. "Compliance is a complex challenge, but by implementing BPM, companies can minimize business risk while maximizing business value."
"Sarbanes-Oxley is creating formidable challenges for small and large public companies alike." said Jo Hoppe, CIO, Pegasystems. "The internal and external costs associated with compliance management are staggering. Most publicly traded companies are also struggling with the opportunity costs associated with SOX compliance as significant numbers of IT and Finance staff are redirected to compliance management projects. In 2004, we conducted over 2,000 self-tests of our own control procedures and quickly realized that one manual Sarbanes-Oxley review was one too many. In response, we harnessed the power of our own rules-based BPM platform to automate many of the manual procedures associated with SOX compliance. By implementing SmartBPM for compliance, companies can ensure that the right policies are not only written, tested and reviewed, but also that associated remediation plans are executed by the right person in the proper time frame."
The framework, which incorporates the COSO, COBIT and ICFR regulatory standards, goes beyond Sarbanes-Oxley to give customers the visibility and automation needed to realize best-in-class business controls. Capabilities include, for example, the generation of self-tests and remediation plans for exception management; event escalation and notification; access request approval flows; and documentation of authorizations and control approvals.