Business law sparks MPE software revival

Sarbanes-Oxley prompts interest in audit tool from Bradmark

A business regulation law passed two years ago is starting to prompt more interest in a database auditing program for the HP 3000, according to the marketing director at Bradmark Technologies. Bradmark has sold DBAudit since the 1980s, but the company had only moved a couple of copies of the MPE/iX software during the last year. Last month, however, Bradmark’s John Mitchell said the firm booked four multiple-system DBAudit orders in a single month. Mitchell said he learned from the customers they were buying DBAudit to aid in complying with the Sarbanes-Oxley Act’s (SOX) Section 404.

The 404 requirements have recently been clarified for IT management, and just in time: Organizations with more than $75 million in revenues must comply by November 15. Smaller organizations must comply with SOX audit requirements by July 15, 2005. Mitchell said he believes the deadlines don’t represent the finish line for SOX compliance projects.

“It’s not all over on 11-15,” he said. “If anything, the journey’s just begun, because the act is being amended and interpreted though implementations.” Although the US legislation was passed in 2002, it was only in June of this year that the Public Company Accounting Oversight (PCAO) Board approved Auditing Standard No. 2, which it had been considering since mid-March in response to (SOX). The PCAO standard is expected to push companies back toward centralized IT infrastructures, something which HP 3000s were designed to control.

Section 404 requires management to file an internal control report with its annual report, describing the controls on financial reporting and their effectiveness. Management and the company’s auditors are required to provide reasonable assurance that there is reliability of financial reporting and database auditing, and financial reporting is a crucial component of the management process.

DBAudit provides transaction tracking and audit trails on HP 3000 IMAGE databases, and sells in tier-based pricing from $3,750 to $20,000. The utility from Bradmark (www.bradmark.com) allows database administrators to read IMAGE logfiles to analyze database modifications.

Mitchell said that Bradmark has been contacting its HP 3000 customers to inquire about whether they need the audit tool, although he added that “tools don’t ensure compliance. It’s processes.” He said Bradmark has heard that many 3000-using organizations are affected by SOX, even if they’re not publicly traded. An organization that has raised public debt, through bonds, can be held accountable — meaning that school districts are looking at how to comply with SOX.

Mitchell said that other organizations with SOX work ahead of them include firms that might launch an IPO in the future, or those whose bankers have asked them to be compliant. “Large private companies will do it,” he said, “and I think we’ll find it extended beyond public companies.”

Under the Act, “Some municipalities and universities are excluded,” Mitchell added. “But if the entity is filing a 10-K or 10-Q then it probably must comply. Even if you are migrating away from IMAGE databases, you cannot ignore compliance. As long as IMAGE databases are part of your IT infrastructure, you need to satisfy the compliance officer that sufficient controls are in place to ensure integrity.”