I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.
The concept of customer relationship management (CRM) has long-existed before it was given a designation. In fact, it is a not-so-new buzzword that sounds wonderful, but is actually very hard to implement. What CRM refers to is a kind of cross-functional business strategy that allows organizations to learn more about their customers.