< Back

What is the single most challenging Sarbanes-Oxley issue today?

Alberto Yepez
Thor Technologies

My team and I have spent a tremendous amount of time over the last year listening to the challenges that CFOs and CIOs across our customer, prospect, and partner eco-system are grappling with regarding Sarbanes-Oxley compliance.

Our research tells us that the biggest Sarbanes-Oxley challenge they currently face is how to implement and enforce internal controls for establishing and managing accountability, based on clear and intelligent business processes. By mapping compliance efforts to IT's ability to create operational efficiencies, organizations can fulfill section 404 and other Sarbanes-Oxley requirements in a cost-effective, secure manner by streamlining existing processes and workflows via automation.

One of the first and most critical internal controls that must be met is the ability to determine who in the organization has access to what, and why  a challenge that can be solved with enterprise provisioning. Enterprise provisioning systems are increasingly being deployed by publicly-traded organizations to ensure compliance with Sarbanes-Oxley due to their ability to automatically apply policies and rules governing who can access what systems, what privileges a user has within those systems, detect system users who are not properly authorized, and automatically manage and update user rights and privileges across the enterprise.

By providing an automated platform to dynamically manage "who has access to what," enterprise provisioning aligns the agendas of the CFO and the CIO. By delivering the CFO with the necessary internal controls and audit infrastructure required for compliance, and the CIO with a policy-driven, automated platform that streamlines workflows and business processes for managing access, provisioning has emerged as one of the few compliance-driven IT investments that offer a clear, quantifiable Return on Investment that significantly reduces the initial and ongoing cost of audit and S-OX compliance.

Additionally, provisioning systems provide information that has become particularly useful in determining compliance to section 404 because it provides a detailed "policy history" or audit trail of all authorized users, how and by whom they were authorized  valuable information in determining if proper procedures are followed to reduce the risk of fraud and to ensure that sensitive data is not accessible without appropriate authorization.

However, the challenge of compliance is not purely the ability to satisfy the compliance criteria, but to do so in a manner that is cost effective and beneficial to the firm. If the cost of compliance is too high, the firm actually takes a step back in its ability to effectively compete in the marketplace.

Thor Technologies helps companies meet this challenge head on. Our solutions are designed to automate internal controls and to drive operational costs down. In order to expedite organizations' ability to execute on an IT-driven compliance strategy, we developed a product called Xellerate Audit and Compliance Manager that packages the key provisioning functionality necessary to align these two, seemingly unaligned goalswhich make S-OX compliance such a daunting assignment for management teams.

Alberto Yepez brings significant experience building successful global businesses in enterprise security and infrastructure software. Prior to joining Thor as Chairman and CEO, Alberto was Entrepreneur-in-Residence at Warburg Pincus, a global private equity firm and lead investor in successful software businesses (e.g. BEA and Veritas).

Alberto was co-CEO and member of the Board of Directors of Entrust, Inc, (NASDAQ: ENTU), a leading provider of information security solutions, which he joined after the successful merger of privately held access management vendor enCommerce, Inc. Alberto co-founded and was Chairman and CEO of enCommerce from its inception. In addition, Alberto held senior management positions at Apple and other Silicon Valley startups. He is currently in the Board of Directors of Vitria Technology (NASDAQ: VITR) and the Securities Industry Middleware Council (SIMC). Alberto attended the Kellogg School of Management and holds a B.S. degree in Computer Science, Computer Engineering, and Electronic Physics from the University of San Francisco.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY