In a bold move, Waltham, Mass.-based OpenPages recently acquired the rights and assets of PricewaterhouseCoopers' internal controls compliance software.
The acquisition immediately brings over 350 PwC clients to OpenPages, positioning the company as a dominant leader in the emerging enterprise compliance management market.
Software in this market generally helps companies manage their Sarbanes-Oxley compliance efforts, including documentation and testing of internal controls, and provides "dashboards" to facilitate transparency and flag potential problems. The software is usually delivered as part of audit engagements, sometimes at no cost to audit clients.
However, the Big 4 have been exiting the software market, partially due Sarbanes-Oxley, which bans accounting firms from performing nine types of non-audit services for clients. Although PwC Partner and Sarbanes-Oxley Task Force Chairperson Lynn Edelson insists that the sale of its "Internal Controls Workbench" to OpenPages was not regulatory-driven, the firm recently divested another software firm based in Paris due to SOX, and last year KPMG handed off its software responsibilities to IBM. The pair have collaborated on an internal control solution that leverages KPMG's advisory services and IBM's middleware software expertise.
A Noisy Market
Though the size of the compliance-related software market is tough to peg, AMR Research VP John Hagerty expects that—of the $5.5 billion expected to be spent on Sarbanes-Oxley compliance this year—just over $1 billion (19 percent) will be in technology spending.
"OpenPages has made a gutsy move," says Hagerty.
The company will support PwC's ICW software for a specific period, during which OpenPages will attempt to migrate those customers to its Sarbanes-Oxley Express solution.
The company has recently been on a roll, adding customers like $24.6 billion Viacom and $48 billion Vodafone to a list that includes Bristol-Myers Squibb, Northwest Airlines and AT&T Wireless.
But the OpenPages acquisition comes just as several large software companies make their own internal controls software announcements. IBM and KPMG announced enhancements to their jointly-developed product, Lotus Workplace for Business Controls and Reporting, and $9.5 billion Oracle announced a new version of it Internal Controls Manager.
Cupertino, Calif.-based Movaris has also moved quickly to gain market share, having recently added a slew of customers to an impressive client roster that includes Procter & Gamble, GE, AT&T, $25.3 billion Kaiser Permanente and others, not to mention the governance gurus at pension powerhouse CalPERS. Movaris has also successfully landed several financial services firms and electronic stock markets, including Knight Trading, Instinet, Archipelago, and the Chicago Mercantile Exchange.
But the firms face increased competition from players large and small. German ERP software firm SAP has developed with PricewaterhouseCoopers a compliance solution, and SAS—considered the world's largest privately-held software company—has its own 404 solution. $5.4 billion EMC indirectly entered the market through its purchase of Documentum, and PeopleSoft announced in October its own "Internal Controls Enforcer" solution for monitoring and diagnosing internal controls. Even Microsoft has joined the fray, introducing Office Solutions Accelerator for Sarbanes-Oxley earlier this year.
But much of the customer wins continue to come from the more nimble and niche-focused players in the space, like OpenPages, Movaris and others. Warrensville Heights, Ohio-based Axentis—long considered one of the first companies to offer a governance and compliance solution—recently announced that $236 billion oil company BP would use its SOX 404 solution, and San Jose-based Nth Orbit landed $25.1 billion PepsiCo as a customer earlier this year.
Growth Market?
One key question is whether the market will continue to grow after the 404 deadline passes in November. According to AMR's Hagerty, much of the growth will come next year, after the initial assessments are done, and as companies look to improve their systems. "If you look at the 'replacement' market and introduction into the market of the major software companies," says Hagerty, "there will be a significant Year Two response to SOX to make it repeatable, sustainable, and cost-effective."
The replacement market is expected to be key to 404 software vendors, who anticipate that frameworks adopted from auditors will ultimately be exposed as incomplete software products that are neither supported technically nor upgraded on a regular basis.
That was a key driver for OpenPages' acquisition of PwC's ICW product. According to OpenPages CEO Mike Duffy, the ongoing requirements of SOX 404 will ultimately force companies to upgrade to more reliable systems that minimize risk and maintenance costs. "Getting 404 documentation completed is just the first stage," says Duffy.
"Management needs to oversee ongoing compliance management and effect quarterly reviews going forward," he notes, "and they must drive down the ongoing cost of compliance oversight."
PwC's Lynn Edelson agrees. "The 302 certification requirement is quarterly," she notes, "and companies are going to need to report any significant changes in their internal control infrastructure."
No comments yet