SOX News

Infineon Reduces Cost of SOx Compliance with ARIS Solution for GRC Management from IDS Scheer

(Oct 18, 2007)-- IDS Scheer, provider of Business Process Management (BPM), announced that Infineon,  manufacturer of semiconductors, has successfully supported its internal management assessment of compliance with the Sarbanes-Oxley Act (SOx) through an automated workflow, significantly reducing the related time and expense. To achieve this milestone, the company optimized ARIS Solution for GRC Management (Governance, Risk & Compliance) from IDS Scheer. The system provides a foundation for the creation of a central database for business processes. Infineon recently received the Business Process Excellence (BPE) Award 2007 for Controlling at ARIS ProcessWorld in Berlin this past June in recognition of its process-oriented approach to ensuring SOx compliance.

As a publicly traded company, Infineon, based in Munich, Germany, is listed on the New York Stock Exchange. For this reason, the company must comply with US legislation, such as the Sarbanes-Oxley Act. Under the terms of section 404 of this Act, a management assessment of the internal controlling system must be carried out prior to evaluation by an external auditor. Following an initial audit fiscal year in which substantial resources were deployed, Infineon decided to utilize an automated workflow for the SOx process. The company has been using ARIS Solution for GRC Management from IDS Scheer since April 2006.

ARIS Audit Manager 3.0, a key product within this solution, facilitates efficient testing, measures to improve deficiencies, reporting on progress with compliance and documentation of risks, controlling, and implemented measures. The existing business process framework was incorporated into the central ARIS repository. The combined process documentation and the visualization of all processes in one tool not only ensure transparency, but also provide the opportunity to harmonize and standardize processes based on a solid foundation.

Klaus Weber, Head of AR SOX at Infineon, explains: "We selected ARIS Audit Manager from IDS Scheer as our compliance tool. This enabled us to carry out successful peer testing and reliably track controlling tasks and test cases on a global scale." He continues: "We opted for a process-based approach with a view to making the best possible use of the synergies between process and compliance management."

The solution enabled a small team within the company to manage 1347 SOx checks across 5765 individual test cases, 22 legal bodies and 300 testers. In the first year of auditing, a project team of 120 people performed this task; now, a four-person team manages all Sox-related activities. Strict adherence to the defined workflow also improved the quality of the test results. As the ARIS Audit Manager tracking function was accepted by the external auditors, the need to spend additional time demonstrating a seamless monitoring chain was totally eliminated. Ultimately, with the support of the solution, Infineon achieved SOx compliance by the end of its 2005/2006 fiscal year. Compliance was confirmed by an external auditor and the US Securities Exchange Commission (S.E.C.) was informed via a 20f report.

Dr. Wolfram Jost, Member of the Executive Board with responsibility for Product Strategy and Development at IDS Scheer, stated: "The project underscores the significance of business processes in increasingly strict regulated economic environments. By applying our GRC tools, Infineon was able to automate and accelerate the SOx compliance process. This effort led to their recognition of a BPE Award for Business Process Controlling."

Share or bookmarklet this web page at: