Like tax accountants in April, software vendors are lining up to help companies comply with regulatory issues set forth in the Sarbanes-Oxley Act of 2002. IBM, Oracle and SAP are among the latest to unveil new and upgraded products designed to make it easier for companies to put in place internal processes and systems that will help them meet the requirements of the law.Like tax accountants in April, software vendors are lining up to help companies comply with regulatory issues set forth in the\u00a0Sarbanes-Oxley Act of 2002.\u00a0IBM,\u00a0Oracle \u00a0and SAP are among the latest to unveil new and upgraded products designed to make it easier for companies to put in place internal processes and systems that will help them meet the requirements of the law.There's an active audience for these wares, according to analysts. A Meta Group poll found 90% of companies are engaged in or planning Sarbanes-Oxley compliance projects.Under the act, publicly traded companies must comply with stringent financial reporting and disclosure requirements. Some provisions already are in effect, such as Section 302 that requires key executives to certify the accuracy of their companies' financial filings.Other rules are pending, such as the so-called whistle-blower provision that requires companies to provide ways for employees to anonymously submit accounting concerns.The effect on IT systems is varied. Some companies have met the act's initial certification requirements with little disruption to financial reporting processes, ARM Research says. However, certain pending provisions have broad IT implications that could require system overhauls.For example, Section 404 requires companies to certify financial reporting processes and the structure of internal audit controls. Companies need to document and attest not only to final numbers, but also the processes by which they arrived at those numbers - something many haven't done religiously, says John Hagerty, vice president at AMR Research."A lot of companies are trying to figure out exactly what the auditors will require, and then put a process or system in place to support that documentation effort," he says. "Often the philosophy is in place, but the actual documentation may not have been kept up to snuff."The law wonSome sections of the Sarbanes-Oxley regulations will affect companies\u2019 business technology systems.Section 301\u201cWhistle-blower\u201d provision requires companies to establish procedures for the receipt, retention and treatment of anonymous submissions by employees of concerns regarding questionable accounting or auditing matters.Status:\u00a0Effective date not set. Section 404Requires companies to establish and certify a system of internal controls and processes used to obtain financial results.Status:\u00a0Goes into effect June 15, 2004.Section 409Requires companies to disclose \u2014 in real time and in plain English \u2014 to the public any material events that could affect a company\u2019s financial condition or operations.Status:\u00a0Effective date not set.What is certain is that companies will need to spend money to implement the required documentation, procedures and controls. AMR Research says Sarbanes-Oxley compliance will drive companies to spend more money in areas such as IT, business process changes, corporate governance and consulting. Collectively, the Fortune 1000 companies will spend $2.5 billion this year on the act's initiatives, the firm estimates.Giga Information Group estimates individual companies' compliance will cost between $5 million and $10 million.Attracted by the prospect of available IT spending money, vendors with expertise in business intelligence, content management, ERP, middleware, portals, collaboration and business process management are coming out with targeted Sarbanes-Oxley products. "What vendors smell in Sarbanes-Oxley is an initiative that needs to get solved pretty quickly," Hagerty says.There's no one type of vendor that companies should look to for help with Sarbanes-Oxley, Hagerty says. For example, it might make sense for a company to turn to an ERP vendor, because ERP software is the source for much financial data. But if a company is decentralized and running multiple iterations of ERP software or operating in a heterogeneous environment, it might make more sense to turn to a software provider that can help aggregate and analyze data from multiple sources.McData invested in products from two software vendors in its compliance efforts: portal tools from risk consulting and internal audit firm\u00a0Protiviti, and content management software from\u00a0Documentum . Protiviti supplies organizational and financial models, process classification schemes and risk information data, and the Documentum repository stores all unstructured, Sarbanes-Oxley-related content, says Paul Brothe, director of internal audit at the Broomfield, Colo., storage network company."We looked to Documentum for a tool that we could link into the Protiviti portal to actually put the formal documentation into an electronic format that has version control and authorship control," Brothe says.While observers have compared Sarbanes-Oxley compliance requirements with Y2K efforts, Brothe says the regulatory effort is broader. "Y2K required a lot of work that took you up to a date. Beyond that date, if nothing fell apart, you just didn't worry about it," he says."This is an ongoing fundamental business change," he adds.Here are some of the latest Sarbanes-Oxley offerings:\u2022 SAP last week announced\u00a0Compliance Management for Sarbanes-Oxley Act. PricewaterhouseCoopers helped SAP develop the software, which extends functionality in mySAP Financials and mySAP ERP to cover the law's requirements. Highlights include tools to document, model, test and monitor business processes and existing internal controls. New portal features are aimed at helping companies handle anonymous submissions from employees.\u2022 Oracle last week announced upgrades to its\u00a0Oracle Treasury\u00a0software, which is designed to help corporate treasury departments - which oversee banking activity and financial market interaction - ensure compliance with risk-exposure policies. The new version adds payment-processing validation features to address fraud prevention; straight-through processing capabilities for money-market transactions; and access to real-time cash-flow information for better forecasting and investment decision-making.\u2022 IBM recently introduced bundles of hardware, software and services for helping companies comply with federal regulations such as Sarbanes-Oxley, the Patriot Act and the\u00a0Health Insurance Portability and Accountability Act.\u00a0IBM E-mail Archive and Records Management Service\u00a0is a hosted service that automates the capture, archiving and retrieval of e-mail, instant messages and other documents. DB2 Content Manager for Data Retention Compliance addresses data archiving, retention and retrieval requirements.\u2022 Business process management software maker\u00a0IDS Scheer\u00a0next month is expected to preview its Aris Sarbanes-Oxley Audit Manager, which is designed to help companies manage the process of certifying internal controls. The software routes, tracks and stores control policies and can alert a company when its controls might be steering away from Sarbanes-Oxley compliance.\u2022 Financial software specialist\u00a0Nth Orbit\u00a0this week is expected to announce upgrades to its flagship internal controls and assurance product, Certus. New features include workflow tools that let users graphically map out complex financial processes and view the status of each step.\u2022 Business intelligence software maker\u00a0SAS\u00a0recently unveiled software that combines its analytic, data warehousing and workflow technologies in a regulatory-oriented package. SAS Corporate Compliance for Sarbanes-Oxley helps companies consolidate and analyze financial data from disparate sources. Monitoring and reporting tools provide multiple views of compliance status and can trigger alerts when a company is in danger of not attaining certain requirements.\u2022\u00a0PeopleSoft\u00a0last month announced\u00a0Enterprise Internal Controls Enforcer, a module in its suite of financial applications designed to automate and enforce internal controls required by Sarbanes-Oxley. The product includes diagnostic tools that test and continuously monitor controls within PeopleSoft's transaction systems, alerting executives when users make significant configuration alterations, such as a change in revenue recognition methods.\u2022 Content management software maker FileNet last month unveiled records management software aimed at tracking electronic and physical records from creation to disposal.\u00a0FileNet Records Manager\u00a0makes use of the software maker's monitoring and analytic capabilities to help companies understand how records are used within their businesses and how they can adjust records retention policies to meet regulatory requirements. FileNet Records Manager is due to be released in the first half of next year.\u2022 Portal software firm Plumtree recently upgraded its\u00a0Sarbanes-Oxley Act Accelerator, which combines business-process management tools from HandySoft with Plumtree's collaboration, search and portal technology. The new version adds support for the Committee of Sponsoring Organizations of the Treadway Commission framework - a standard methodology that companies use to establish and manage internal controls.