April 2005

Audit Tool helps 3000 sites pass SOX exam

Software built for ERP takes bow for all 3000s

David Byrns has built a career out of keeping manufacturing companies online and up to date on HP 3000 systems. His latest tool can go to work outside those factories to make SOX compliance easier for the 3000’s lean IT staffs.

The Sarbanes Oxley Act (SOX) has become a burden for many of the 3000 community’s larger companies. Even though US government regulations limit the scope of the corporate watchdog law to public companies and those with public debt, SOX covers many more IT staffs. Any company that hopes to go public in the future is pressing the regulations into operations that used to be audited rarely.

The extra workload usually trickles down to the HP 3000s in a company, since those systems usually host mission-critical databases. SOX “Section 404” regulations require a company to be able to show an audit trail of how records are modified. Few options are available for the HP 3000, a system that has seen less software released for it each year since HP stepped away from the market.

But audit trails are a typical tool for manufacturers, especially those who use MANMAN, an ERP suite still in use on more than 400 systems worldwide. That community has provided an ample market for Byrns, whose Summit Systems specializes in MANMAN tools and complementary products.

“This is my first tool that goes beyond the MANMAN community,” Byrns said. “I wrote this for MANMAN sites, but there’s been a lot of interest from other sites, too.”

MANMAN has the IMAGE/SQL database in common with nearly every other HP 3000 site, so what Summit’s MANMAN Audit Tool does will work for any other application that relies on IMAGE. Byrns said the software fills a gap for MANMAN sites that seems to loom today for companies dealing with SOX.

“I’ve had this on the drawing boards for awhile, because MANMAN has such a weak audit trail of who’s modifying what record,” he said. “Years ago there was very little on the landscape to help people read IMAGE log files.”

Bradmark Technologies sells DBAudit to manipulate the IMAGE logging files (see our story in the August, 2004 NewsWire). DBAudit users key in IMAGE log file names and tell DBAudit which datasets’ logs to examine. But Byrns believes that DBAudit requires a system manager’s skill set to use.

Summit Systems’ Audit Tool is designed to be useful to end-users such as auditors, he said. “Instead of keying in log files and spitting out data, we take that data and reformat it into a user-friendly format, and then write that data to an IMAGE database. You get to have historical records of the changes made to your database.”

Keys in that database of changes permit users to enter an order number or a part number, for example, then read an included report the Audit Tool returns to track changes to that order or part.

Like DBAudit, Summit’s Audit Tool requires system managers to turn on IMAGE logging, a feature that most 3000 experts say adds minimal overhead. The Audit Tool’s files are also built to work in a user’s favorite report writer, so the auditors can look over audit trails themselves — without demanding IT staff time.

MANMAN sites have been deploying the Audit Tool for more than a year. Many have high praise for the utility. “I don’t think we could have met the new SOX accounting standards without a product like this,” said business applications manager Kim Williams of manufacturing firm Ultratech.

Williams, who helped Byrns fine-tune the product as a beta tester, said she’s written Quiz reports against the Audit Tool’s transaction database. The SOX independent auditors have mandated controls on use of MPE commands by Williams’ development group.

“Those people put us through a lot of work in the last year,” Williams said. “A lot of the things they were asking for just didn’t exist on our system, and the HP 3000 and MANMAN are not well known.”