MetricStream Extends Compliance Solution for Sarbanes-Oxley

Provider eyes platform to allow companies to attain SOX conformity while laying groundwork for other compliance initiatives

Provider eyes platform to allow companies to attain SOX conformity while laying groundwork for other compliance initiatives

Redwood Shores, CA  March 14, 2005  Enterprise software provider MetricStream has rolled out a new solution for Sarbanes-Oxley (SOX) 404 as part of its Compliance Suite, providing a platform for companies to attain SOX conformity while laying the groundwork for other compliance initiatives in the future.

MetricStream provides solutions to help companies ensure compliance with a variety of regulation, such as FDA's 21CFR Part 11, USDA's HACCP; industry mandates such as Automotive Industry's TS16949/2002 and ISO9000; and corporate initiatives such as environmental health and safety standards, internal policies and the like.

"With this announcement, we have extended our ... solution to support Sarbanes-Oxley 404 compliance", said Shellye Archambeau, CEO of MetricStream. "Most companies have to comply with multiple government regulations and industry mandates but are forced to deploy a separate compliance system for every regulation, leading to a very high cost of compliance. MetricStream is singularly focused on enabling its customers to reduce the cost of compliance and gain comprehensive visibility into compliance-related risk across all operating units by providing a single solution for multiple regulations."

"Compliance has evolved from an isolated quality initiative within a department to an enterprise-level challenge, based on passage of acts like 21 CFR part 11, Sarbanes-Oxley Act of 2002 and TREAD Act," said John Hagerty of AMR Research in defining what AMR calls its Active Compliance Framework. "The shift requires new organizational models, new processes and controls, and a new approach to the technology support for the compliance effort. In the past, point systems were adequate to address isolated compliance efforts, but as the number and scope of compliance requirements grows, isolated efforts become a business risk and increase costs."

Key modules in the MetricStream suite for Sarbanes-Oxley 404 include:

  • Design: Enables the organization to document the control hierarchy, design assessment plans, and set up the compliance environment for all the business units within the organization.

  • Assess: Enables the organization to schedule and perform assessments of design effectiveness and operational effectiveness of the controls.

  • Improve: Enables the organization to manage the remediation, exception and disclosure processes, track their status, and ensure successful completion.

  • Monitor: Provides visibility into the ongoing compliance efforts within the organization through role-based dashboards and scorecards.

  • Document Management: Provides a central repository for all documents required for compliance with Section 404 including company's policies, procedures, process documentation and all other regulatory and legal information.

  • Training: Enables the organization to make compliance a part of the company's culture by driving consistency through managing all aspects of employee training.

  • Audit: Performs process-level self-assessments and provides support for internal and external auditors.
The new modules for SOX compliance are fully integrated with the rest of the MetricStream solution set, according to Anil Gupta, vice president of marketing at MetricStream. "Customers can now use MetricStream to start with the compliance initiative that they want to, but then over time migrate to support multiple compliance initiative using one platform," Gupta said.

Gupta said that many companies have developed a wide variety of documents outlining the processes and sub-processes necessary for ensuring compliance, the risks associated with those processes, the controls they have in place to address those risks, and an assessment of those risks. But these companies are challenged to keep their documentation up to date as their processes, and their business, change, Gupta explained.

In addition, industry analysts have pointed out that companies face the issue of ensuring uniform compliance  and a universal understanding of what it takes to ensure compliance  across distributed enterprises and multiple business units. As a result of these factors, analysts have suggested that companies move to automate their compliance processes so that they do not have to continuously build compliance each year from the ground up.

MetricStream says its new offering will help companies address this issue, but Gupta said that enterprise executives also are concerned with the cost of addressing multiple compliance issues over time. Therefore, Gupta said, MetricStream is taking the approach of offering an overall platform to address multiple compliance initiatives, including new mandates that arise in the future.

Additional Articles of Interest

For more information on Sarbanes-Oxley, read Parts 1 and 2 of the recent series on Contract Management: Five Myths of Contract Management, and Contract Management: Improving Corporate Governance.

Other recent articles on Sarbanes-Oxley: