The Sarbanes-Oxley (abbreviated as SOX) Act in 2002 was enacted by the U.S. Congress in reaction to a series of major corporate and accounting scandals. The act established new standards for U.S. public company boards, management, and public accounting firms. The passage of the act produced a bonanza for consulting firms and software vendors but recent studies suggest that SOX compliance efforts have often failed to deliver the expected outcomes. In particular, the dedicated software tools are largely a disappointment. Despite a somewhat dismal performance, SOX software tools have been advocated for use in government as a means of fraud prevention and enhanced security and will most likely receive greater attention in light of the recent financial crisis. SOX compliance software tools can be broadly categorized as emphasizing one or all of the following: groupware, visual modeling, financial analysis, data mining, reporting, workflow, knowledge base, templates, training, and unstructured data management. Typically, the software uses check lists, code analysis, best practices reviews, document scanning and security policy review against a SOX fulfillment template, and other techniques to make recommendations to achieve SOX compliance. The paper addresses the issue of the application of SOX compliance software to government operations, in particular within the context of a G2G eGovernment strategy. Although processes in government are often similar to those in the private sector, the differences are significant. For example, transparency in governmental operations may be at odds with the closed nature of internal control accounting found in the private sector. Moreover, the traditional audit function (of which SOX is an extension) has a financial fraud orientation in the private sector whereas governmental audits have an additional focus on security and ethical behavior. The paper contains a delineation of software approaches to SOX compliance along with an analysis of the relative failure of each. In addition, the paper contains an exploration of the SOX effort, a classification of SOX software tools, and a discussion as to the potential use in governmental applications.
