IBM announced additions to its line-up of compliance software on Monday, introducing several new bundles designed to address what IBM sees as one of the top areas for IT investment in 2004.
AMR Research Inc. expects spending on Sarbanes-Oxley compliance alone to top US$5.5 billion this year, and industry experts say meeting the requirements of new legislation could double the auditing costs of publicly traded companies. IBM has been expanding its customized hardware, software and services offerings to create tailored bundles for specific compliance problems, such as data archiving, organization and monitoring.
The company released a new content monitoring and retention tool late last week, and updated a Lotus-based reporting system initially released last year. It also announced on Monday the IBM Tivoli Security Compliance Manager, due in May, which will automatically scan servers and PCs to evaluate the systems' compliance with company security policies.
The newly released second version of IBM's Lotus Workplace for Business Controls and Reporting system includes updates to reflect the latest regulatory changes, and expands the software's audit-trail creation tools, allowing companies to better track changes to documents and other corporate data. It also adds support for IBM's AIX operating system, and for additional languages. Previously only available in English, the system can now be used in Japanese, French, German, Italian, Spanish and Chinese. It is priced at $1,150 per user and sold in 100-user packs.
One customer using the system, Huntington National Bank's John Benninger, said he plans to move immediately to the new version, which includes features to streamline data-loading that he expects to ease his company's deployment.
Benninger, the senior vice president of risk management and corporate governance for Columbus, Ohio-based Huntington, said he is currently still testing the system built around IBM's software, but expects to roll it out to 100 users by the end of the year. Benninger connected with IBM via KPMG LLP, which Huntington selected for its Sarbanes-Oxley compliance project. KPMG is one of the partners IBM works with on its portfolio of compliance products.
Huntington's immediate project is complying with section 404 of the Sarbanes-Oxley Act, which requires companies to report on their internal financial controls. But Benninger hopes the $500,000 Huntington is spending on its 404-compliance project will help build a system robust enough to aid Huntington with its next Sarbanes-Oxley hurdle, the clause requiring rapid disclosure of information affecting a company's financial condition. Known as section 409, that provision does not yet have an official deadline for compliance.
"One selling point (for the IBM Lotus system) was the Web portal, the ability to interact with it on a real-time basis," Benninger said. "We can use it to help get us through 409."