Since Jeffrey Clarke reported for duty at software maker Computer Associates International (CA ) last April, he has spent much of his time fixing a financial system so flawed it allowed former employees to overstate revenues to the tune of more than $1 billion. "This is a company where the checks and balances failed. We're putting them in," says Clarke, CA's chief operating officer and acting chief financial officer.
He not only hired a handful of controllers and internal auditors but also is using CA's own storage and asset-management software to ensure compliance with Sarbanes-Oxley rules and other financial regulations. It's a case of software company, debug thyself.
Such regulatory compliance has also added a healthy glow to CA's bottom line. While many companies gripe that complying with Sarbanes-Oxley has meant nothing but expense, for CA and other tech outfits, the rules have helped create a booming new market. They sell lots of software that helps other organizations comply with Sarbanes-Oxley by tracking assets, storing data, and searching for documents.
It's a growth business in a mature industry: Market researcher Gartner expects spending on corporate-governance software to hit $6.9 billion in '06, more than double last year's tally. Gartner says much of the spending so far on Sarbanes-Oxley compliance has gone to consulting firms doing quick fixes, but it expects companies to eventually use software to manage their oversight processes. Even then, instead of a single software package for handling compliance, there will be a patch-work of individual products.
In an odd twist, several software makers selling compliance-related products ran into accounting problems of their own in the past -- giving them an intimate understanding of how software can help prevent accounting lapses. In addition to CA, these companies include Peregrine Systems (PRGN ), Veritas Software (VRTS ), MicroStrategy (MSTR ), and Legato Software, which is now part of storage giant EMC (EMC ).
"It's ironic that some players providing the technology that manages compliance also had compliance issues themselves," says Gartner analyst Joanne M. Correia. "The important question is, have they learned from their own experiences in ways that help their customers?"
Indeed they have, say both software execs and their customers. Peregrine spent nearly nine months gathering records to see if it had paid Microsoft (MSFT ) the proper amount in annual subscription fees. It hadn't.
Incredibly, Peregrine wasn't even using the latest version of its own asset-management software product, which tracks contract obligations with suppliers. Now it does. And Peregrine next month will launch a new version that makes it easier for clients to track their use of computers and software, issue reports, and record the proper sign-offs by executives on a quarterly basis -- as required by Sarbanes-Oxley.
Customers rave about the technology. J. P. Morgan Chase (JPM ) has had to prepare to comply with Sarbanes-Oxley at the same time it's completing its merger with Bank One Corp. It's using Peregrine's asset-management product to smooth the transition and plans on updating to the new version.
FROM NEGATIVE TO POSITIVE.
Mark Bradley, the bank's application development analyst in charge of Peregrine products, says key features include graphics that take an exec step by step through the process of tracking contract compliance, which can then be shown to an auditor if necessary. "The biggest part of compliance is showing you have done your work," says Bradley.
For Legato, a Securities & Exchange Commission investigation and shareholder suits in 2000 taught a punishing lesson about the difficulty of searching millions of old e-mails in a hunt for a handful of potentially incriminating ones. It took months and hundreds of thousands of dollars to do the job. That experience prompted Legato in 2002 to purchase OTG Software for its e-mail archiving technology. Now EMC, which itself bought Legato last year, counts among its offerings software that lets corporate customers create vast storehouses of e-mails, index them, and search them by name, topic, and date.
For software companies with troubled pasts, it's sometimes awkward to hawk compliance software. Customers want to talk through their suppliers' problems and understand what they did wrong.
"At first there was embarrassment. You don't feel good about it," says George Symons, chief technology officer for information-management products at EMC and a former Legato executive. "But you can turn a negative into a positive." And potentially into a lot of money.
By Steve Hamm in New York