Like most small public companies, Abiomed Corp., a $73 million medical device maker, must meet all the same Sarbanes-Oxley internal control compliance requirements as most large public companies—but with quite fewer resources.
Little wonder, then, that achieving SOX compliance quickly proved to be an expensive, labor-intensive process that overwhelmed Abiomed’s small IT staff. A particularly daunting challenge was staying on top of segregation-of-duties controls. Prior to implementing a compliance automation tool last year, the company’s manager of applications had to compile and distribute Excel-based segregation-of-duties analysis reports by hand, which were then reviewed and approved by each department manager every quarter. That, Abiomed CIO Sharon Kaiser says, “took forever.”
