Recommended: Click here to run a Free driver update scan »
Process-level application controls (such as orders are processed only within acustomerÂ's credit limits or all goods shipped are invoiced)
Process-level general IT controls (upgrade process for order management applicationis well defined and always followed or adequate security exists for the ordermanagement application)
Process-level manual controls (orders and cancellations are input correctly into theapplication or users are well trained on the sales order policies)
Process-level application controls typically address risks related to completeness,accuracy, validity, authorization and segregation of duties for process level data,while, process-level general IT controls address overall IT-related risks for thatapplication, including processes to ensure validation against intended purpose,change management processes and access control. With the new product release of itsSOx 404 suite in December 2005, MetricStream becomes the first compliance vendor toprovide such an integrated risk and controls environment to its customers.
In addition, with the new product release, MetricStream will also enable companiesto significantly reduce their cost of compliance by providing a framework thatdefines process-level manual and application controls within a single test,automates the testing of process level application controls, and reports the resultsfor the entire test  including manual and application controls, in an integratedmanner. MetricStream leverages the APIs within this framework to automate thetesting of controls implemented within either popular ERP systems such as SAP,Oracle and PeopleSoft, as well as legacy/homegrown systems. MetricStream nowprovides an out-of-the-box library containing more than 1500 tests for automatingthe testing of application level controls within popular ERP systems in generalledger, procure-to-pay, order-to-cash, inventory / cost Accounting, asset managementand payroll processes.
Finally, with the new product release, a customer will also be able to easily defineand assess overall IT controls  these are typically COBIT/ITIL/ISO17799 definitionsthat are reconciled for the COSO internal control model. Such controls are intendedto drive IT Governance and  tone at the topÂ'. They include:
Lifecycle: Acquiring and implementing new programs and systems, as well as changesin, and maintenance of, existing systems
Operations: Managing service levels for applications and infrastructure and forthird-party services
Access: Managing access-control to programs and data including security andauthorization
As a result, MetricStream now enables its customers to integrate and reconcileCOBIT, ITIL and ISO17799 definitions into the COSO framework and allows customers touse COSO as the default framework for assessing all internal controls, including ITrelated controls.
"Working with the Fortune 1000 companies, we immediately realized that most pureplay SOx 404 vendors stopped short of addressing process-level IT controls andoverall IT controls within their solution set, said Shellye Archambeau, CEO ofMetricStream.  MetricStream decided to incorporate full support of definition andtesting of process-level application controls, process-level general IT controls,overall IT controls, COBIT framework, as well as automated testing of process-levelapplication controls in its current release. As a result, in one swoop we addresseda gaping hole in most SOx 404 solutions in the marketplace."
"I am very impressed with how MetricStream continues to work closely with itscustomers to clearly identify and rapidly address the SOx 404 requirements for itscustomers, said Joel E. Marks, vice chairman and COO, Advanced Equities.  We lookforward to addressing the IT-related control capabilities from MetricStream in ourSOx compliance program."
Key modules in the MetricStream solution for Sarbanes-Oxley 404 include:
MetricStream Core SOx 404 suite
MetricStream Design: Enables the organization to document the control hierarchy,design assessment plans, and setup the compliance environment for all the businessunits within the organization.
MetricStream Assess: Enables the organization to schedule and perform assessments ofdesign effectiveness and operational effectiveness of the controls.
MetricStream Improve: Enables the organization to manage the remediation, exception,and disclosure processes, track their status, and ensure successful completion.
MetricStream Monitor: Provides visibility into the ongoing compliance efforts withinthe organization through role based dashboards and scorecards.
MetricStream Document Management: Provides a central repository for all documentsrequired for compliance with Section 404 including company's policies, procedures,process documentation and all other regulatory and legal information.
MetricStream Training: Enables the organization to make compliance a part of thecompany's culture by driving consistency through managing all aspects of employeetraining.
MetricStr eam Audit: Performs process-level self-assessments and provides support forinternal and external auditors.
With the new release, MetricStream Design now enables users to identify any controlas a process-level application control or a process-level general IT control or aprocess-level manual control. In addition, MetricStream Design now enables users tocapture general IT controls by defining IT as a separate function with variousprocesses such as acquisition, change management, service level monitoring,security, incident management etc and enabling customers to easily comply withCOBIT, ISO17799 and ITIL standards. MetricStream Assess now provides a frameworkthat automates the testing of process level application controls and reports theresults for the entire test  including manual and application controls, in anintegrated manner and also provides an out-of-the-box library containing more than1500 tests for automating the testing of application level controls in generalledger, procure-to-pay, order-to-cash, inventory / cost Accounting, asset managementand payroll processes.
About MetricStream MetricStream is a market leader in Enterprise-wide Quality and Compliance Managementfor global corporations. MetricStream solutions are used by leading corporations indiverse industries such as Automotive, Food, Pharmaceuticals, Manufacturing andElectronics to manage their quality processes, regulatory and industry-mandatedcompliance and corporate governance initiatives. Key MetricStream customers includePfizer, Hitachi Computer Products (America), TaylorMade-Adidas Golf, Cannon-ITTIndustries and Fairchild Semiconductor. MetricStream is headquartered in RedwoodShores, California and can be reached at http://www.metricstream.com
