April 5, 2005

HandySoft is one of the many B2B solution vendors pushing SOX (Sarbanes-Oxley) and other compliance-oriented BPM (business process management) tools at this time.

Stuart Claggett, COO of HandySoft, wants to remind companies that SOX spending, onerous as it is in isolation, can be a gateway to enterprise-wide risk management and BPM.

If you're inclined to dismiss this as marketing chatter, think about the example of a manufacturer who services the Big 3 automakers. "Maybe they're not responding as quickly to engineering change notifications," says Claggett. "They have a PLM [product lifecycle management] system in place but there are lots of exceptions around the system and it is impacting their responsiveness and revenue."

But say that manufacturer has a BPM engine initially designed to help with the 302 and 404 stages of SOX. The same underlying logic can be turned towards the manufacturing problem.

That's because the SOX-facing BPM system breaks the financial auditing problem down into generic boxes like test/alert/enforce/report, which can be applied to any process, period. "It's the enforcement and remediation of controls in high-risk areas that do with human processes, aren't automated, or have a lot of exceptions," says Claggett, explaining why a BPM engine is good for, say, mitigating operational risk.

HandySoft has a phased map that lets prospects see just how to build true BPM sequentially. Phase one is risk assessment and testing of internal controls pertaining to reporting and documents.

Phase two is the automation of previously manual controls, a broader risk assessment, and broader internal control over both operations and IT.

Phase three is strategic risk management (think of a bank deciding how much cash to keep in reserve based on a dynamic risk algorithm), process automation to complement controls automation, and steady monitoring of the entire system, presumably with an underlying alert structure.

Source: Line 56