Sarbanes Oxley (SOX) and the Procurement Function: Let Us View Compliance as an Opportunity
SOX, better known as Sarbanes Oxley is as dry as “the desert”, nevertheless I’ve seen people resulting in tears trying to hide a yawn whilst attending a SOX seminar. ….Don‘t laugh at me, that’s what you’d feel to sit through seminars or sessions related to it, that’s what public opinion is. I remember such a session where, I was the host …lets not get to the crux of “that initiative”, We’ll for me it was positive, Ram Bhaskara had me initiate working on the topic & as a follow-on Gopi GR pumped my enthusiasm to begin research on the SEC’s (Securities Exchange Commission) strategy and requirements for Sarbanes Oxley and the procurement function.
I don’t want to repeat the shady state of affairs that affected Enron and others, that’s a stale tale.
We’ll there lied a target audience that I could now vent on J
I gave them only 4 Quadrants of Gyaan that they had to know, to “know it all”, All that I had to communicate was that, please view “compliance as an opportunity” and not a threat or an axed burden
- a 101 on how Procurement Controls impact Sarbanes Oxley
- What are those sections in the Sarbanes Oxley act that are a focus area for procurement
- Does the SRM solution they’ve chosen cater to the Audit points, customers want prescriptions that are implementable, reportable and biggest of all “Auditable”
..Little more on the length and breadth of the artifacts
1) a 101 on how Procurement Controls impact Sarbanes Oxley
Procurement processes create hundreds, if not thousands, of financial transactions every day
What are the procurement Audit Points and the Business Objects that are impacted, see illustration below.
Dun & Bradstreet integration for Supplier relationship’s are now a necessity, more than a “good to have feature” in SRM solutions.
2) What are those sections in the Sarbanes Oxley act that are a focus area for procurement
The answer is very simple, its about satisfying the 4 Sections, the 4 critical Compliance quadrants
The agenda on the controls and the cause and effect becoming a CPO and CFO agenda item very clearly reveals that, all elements of compliance are under the CCTV now, there’s no hiding
Trust me these days there are trained auditors for Enterprise SOX audits, that can ask you very uncomfortable questions and you need to be prepared with an answer.Better preparation will get you past them and believe me, it will translate into benefits sooner or later, it continues to benefit my clients.
3) Does the SRM solution they’ve chosen cater to the Audit points, customers want prescriptions that are implementable, reportable and biggest of all “Auditable”
After giving all the dope, customers new to Sarbanes Oxley, ask you very simple questions
- Are we SOX compliant with the current package that we’re implementing
- What are the key questions that auditors will ask us
- How prepared are we, is our readiness factor healthy, do we need more time, more resources, more money, what do you suggest
The answer for this is easy these days, with almost all new releases or product lines across various package vendors bundling the features canned and auditable. To new customers, all of this looks very Jazzy in the beginning, they will give you 99% credit to themselves having been consulted, in the very first place.
If it’s a veteran oldie to SOX: They will bombard you with SOX reporting requirements across 302, 401(A), 404, 409either to be delivered out of the Box or via some custom development, but they need to have a leading edge to address Auditability, what they fail to understand till date is that, its not about getting a heavy duty compliance framework, its actually about understanding “What’s expected out of Basic Procurement Control” and building traceability in processes and more importantly following them end to end without break-points to derive maximum !!!!
Please do visit the SEC website to see sample audit questionnaires on SOX, you will also get to read a recent whitepaper published by SAP on Automating SOX audit testing
I know some of you would definitely read through till here, hence the last but not the least or let’s say the most “interesting” statement that I’ve ever heard about Sarbanes Oxley.
Compliance and Good Internal Controls is no longer Best Practice………….It is the Law!!!!
….If SOX interests you and you want to know more do collaborate for any follow-on, I’d be glad to help