Audit Tool helps 3000 sites pass SOX exam
Software built for ERP takes bow for all
David Byrns has built a career out of keeping
manufacturing companies online and up to date on HP 3000 systems. His
latest tool can go to work outside those factories to make SOX
compliance easier for the 3000s lean IT staffs.
The Sarbanes Oxley Act (SOX) has become a
burden for many of the 3000 communitys larger companies. Even
though US government regulations limit the scope of the corporate
watchdog law to public companies and those with public debt, SOX
covers many more IT staffs. Any company that hopes to go public in
the future is pressing the regulations into operations that used to
be audited rarely.
The extra workload usually trickles down to
the HP 3000s in a company, since those systems usually host
mission-critical databases. SOX Section 404 regulations
require a company to be able to show an audit trail of how records
are modified. Few options are available for the HP 3000, a system
that has seen less software released for it each year since HP
stepped away from the market.
But audit trails are a typical tool
for manufacturers, especially those who use MANMAN, an ERP suite
still in use on more than 400 systems worldwide. That community has
provided an ample market for Byrns, whose Summit Systems specializes in
MANMAN tools and complementary products.
This is my first tool that goes beyond
the MANMAN community, Byrns said. I wrote this for MANMAN
sites, but theres been a lot of interest from other sites,
MANMAN has the IMAGE/SQL database in common
with nearly every other HP 3000 site, so what Summits MANMAN
Audit Tool does will work for any other application that relies on
IMAGE. Byrns said the software fills a gap for MANMAN sites that
seems to loom today for companies dealing with SOX.
Ive had this on the drawing
boards for awhile, because MANMAN has such a weak audit trail of
whos modifying what record, he said. Years ago
there was very little on the landscape to help people read IMAGE log
Bradmark Technologies sells DBAudit to
manipulate the IMAGE logging files (see our story in the August, 2004
NewsWire). DBAudit users key in IMAGE log file names and tell DBAudit
which datasets logs to examine. But Byrns believes that DBAudit
requires a system managers skill set to use.
Summit Systems Audit Tool is designed
to be useful to end-users such as auditors, he said. Instead of
keying in log files and spitting out data, we take that data and
reformat it into a user-friendly format, and then write that data to
an IMAGE database. You get to have historical records of the changes
made to your database.
Keys in that database of changes permit users
to enter an order number or a part number, for example, then read an
included report the Audit Tool returns to track changes to that order
Like DBAudit, Summits Audit Tool
requires system managers to turn on IMAGE logging, a feature that
most 3000 experts say adds minimal overhead. The Audit Tools
files are also built to work in a users favorite report writer,
so the auditors can look over audit trails themselves without
demanding IT staff time.
MANMAN sites have been deploying the Audit
Tool for more than a year. Many have high praise for the utility.
I dont think we could have met the new SOX accounting
standards without a product like this, said business
applications manager Kim Williams of manufacturing firm Ultratech.
Williams, who helped Byrns fine-tune the
product as a beta tester, said shes written Quiz reports
against the Audit Tools transaction database. The SOX
independent auditors have mandated controls on use of MPE commands by
Williams development group.
Those people put us through a lot of
work in the last year, Williams said. A lot of the things
they were asking for just didnt exist on our system, and the HP
3000 and MANMAN are not well known.