New Study By The Aberdeen Group Identifies The Missing Control Link

LONDON, UK – 1 March 2005 – A new study by the Aberdeen Group ‘The Value of User Provisioning for SOX Compliance’ sponsored by Thor Technologies, the most experienced and proven provider of identity management solutions, identifies user provisioning solutions as one of the key controls recommended by auditors for cost-effectively complying with Sarbanes-Oxley (SOX). The results from the survey and in-depth interviews, conducted among more than 40 leading enterprises worldwide, is part of Aberdeen’s Business Value Research Series and builds on prior Aberdeen research stating that, when properly implemented, the cost savings generated from lowered costs in IT generally pays for provisioning software in less than a year.

Key findings from the survey include:
-Three-quarters of the sample believe user provisioning is important to their company’s compliance efforts, with separation of duties and attesting to specific internal controls most often cited as its key contribution.
-Numerous firms believe that user provisioning addresses from one- quarter to fifty per ent of the controls that are required to comply with Section 404 of Sarbanes-Oxley.
-Auditors interviewed for the survey stated user provisioning is the key control needed for evidentiary purposes.

Many companies employ user provisioning for additional compliance-oriented benefits, from compliance training to better business process monitoring and improvement.

“Among the large and mid-sized enterprises we surveyed, some respondents called user provisioning ‘the missing control link’ between undocumented and documented business processes and the realities of how business results were actually accomplished,” said Jim Hurley, Aberdeen vice president of research and the principal author of the report. “In their own words, companies involved in compliance initiatives reported that user provisioning is ‘a big deal for us’. By focusing attention on operational weaknesses, SOX auditing and compliance initiatives have re-charged corporate efforts to weed out business practices and supporting technologies that do not optimise revenue and profitability.”

“IT leaders are aware of the strategic role that identity management plays in supporting compliance in a sustainable manner” said John Aisien, Thor Technologies’ vice president of marketing and business development. “At Thor’s second Technical Advisory Council in November 2004, Thor customers Nextel Communications, Lehman Brothers and Barclays Plc participated in a panel on ‘Provisioning as a Compliance Enabler’, an example of the sort of ongoing discussion and collaboration with our customers that drove the introduction of Xellerate­ Audit and Compliance Manager. This solution provides a framework to automate compliance measures for meeting internal policy and regulatory requirements. Aberdeen’s research validates our product strategy and mirrors the feedback we have received from customers on how they have been able to leverage our solution across several fronts, dramatically increasing their return on investment.”

According to the leading analyst firm Datamonitor, the total market for identity management products and services is expected to grow from 2003 revenues of $4.3bn to $6.2bn by 2007 at a compound annual growth rate (CAGR) of 9.9%, with user provisioning accounting for the highest rate of growth, at a CAGR of 26%.

Along with other resources on identity management, user provisioning and compliance solutions, “The Value of User Provisioning for SOX Compliance” is available for download at http://www.thortech.com/ereg/eregform.asp.