While most people associate the Sarbanes-Oxley Act solely
with e-mail retention and document storage, SOX’s real focus is
on the management of internal financial controls. That requires detailing
the accuracy and scope of accounting procedures and certifying that the
controls are helping prevent fraud, theft and inadequate disclosure.
Well publicized business failures and the introduction of the Sarbanes
Oxley Act was the beginning of a recent trend to place much more emphasis
on managing risk throughout an organization. Given the concern of governments,
investors, regulators and the public at large, public companies have been
forced by new laws to adopt a much more proactive approach to risk management
and internal control processes. Although initially forced to implement
an enterprise risk management framework to comply with these new laws,
public companies are now realizing many other benefits from these initiatives
that are increasing shareholder value.
Although not mandatory for privately held companies and small public
companies, who can argue with an initiative that will increase shareholder
value? Consequently, enterprise risk management frameworks are being adopted
by non-publicly traded businesses as “best practices” that
provide a structured approach to help them develop their own unique risk
management systems and strategies.
To help businesses meet those needs, software companies and their Solution
Provider Partners are offering tools to manage and monitor documents and
workflows, handle electronic signatures and automate manual processes.
To date, many companies have relied on dedicated SOX applications to accomplish
these goals and paid a heavy price for doing so. These companies and many
others are now realizing that standard workflow process and audit logging
tools can do the trick at much less cost to the organization.
Unfortunately, navigating the internal processes of an organization can
be tough. Companies have been focusing on what they have to do in order
to be compliant, rather than automating the process and making it repeatable.
As a result, many businesses are far behind where they should be in terms
of compliance or “best practices”.
Compliance with Sections 302 and 404 of the Sarbanes Oxley Act requires
- Document the design and methodology of the financial reporting process
- Assess the risks and effectiveness of those processes, which include:
- processes’ speed to completion, flexibility, reliability
- Patterns of internal fraud/theft
- Corporate management structure
- Data complexity, volumes, predictability, value and privacy concerns
- Process complexity, number of databases
- processes’ speed to completion, flexibility, reliability
- Monitor and track processes
- Evaluate processes’ effectiveness and vulnerability to risks
- Identify the causes of weaknesses and problems
- Fix problems
- Automate manual processes
- Repeat every year
Most companies now agree that automating internal processes is the key
to addressing compliance with Sarbanes Oxley. One of the most important
internal processes a company can automate is the purchasing process. By
automating the creation, management and approval of Purchase Orders you
make it less costly to perform and easier to test for violations of company
policy and SOX non-compliance.
The Purchasing Workflow Suite from Pacific Technology facilitates compliance
with Sarbanes Oxley by ensuring that:
- all purchase orders are authorized at the appropriate level of responsibility
based on job function, budget and dollar value limits;
- new suppliers are reviewed and/or approved by management and that
purchases can only be procured from “approved” vendors;
- each purchase process is documented, automated and repeatable;
- every purchase requisition is monitored for compliance with company
policies and verified with supporting documentation where necessary;
- any weaknesses or omissions in the purchase approval process can
be quickly identified and corrected.
Some of the key features of Purchasing Workflow include: Multi-Step Approvals,
an Approval Console with drill-down to source transactions for Cost Center
Managers, an Event Log to record all transaction processes and different
Management Authority levels with different dollar value limits stored
against each of these levels. Purchasing Workflow also supports Vendor
Catalogues to track “Approved” Vendors with different pricing
configurations and lead times.
The workflow engine uses configurable rules to set transaction minimum
value thresholds, checking of a user’s own authority levels and
multiple authorizations on each transaction. Each action can trigger a
user-defined notification email to one or more personnel in your company.
When Approver staff are not available for periods of time, they can set
up a substitution entry so that any transactions routed to them are redirected
to the person they have specified as their substitute approver. Substitutions
are date-based so they can be set up in advance if necessary.
Purchasing Workflow also maintains a log for all events initiated within
the system so it is possible to see who requested and who approved a specific
requisition. A completion date can be tracked and if this date is not
met then escalation processes can be initiated. Reports are available
to show overdue actions and who is responsible for acting on the requisition.
A centralized purchasing function allows Purchase Orders to be created
in bulk from Approved Purchase Requisitions by range of vendor numbers
or range of requisition numbers and can consolidate items from the same
vendor on one Purchase Order.
There are several other modules from Pacific Technology which add functionality
to the core workflow system. Funds Availability tracks budget availability
for proposed purchases. Funds Availability operates in two modes: 1) providing
a Check that is carried out as a Workflow Step to route “for approval”
PO’s being raised against a GL account that has had its budget consumed
and 2) providing an enquiry screen that shows funds availability (Budget
Amount Less Actual Expenses, Commitments and Unapproved Transactions)
for all GL accounts within a Cost Centre.
Funds Availability also provides budget overrun value limits that each
authorization level can approve. The Workflow Engine will escalate the
Source Document to the appropriate person with Budget Override authority.
Once approved, the requisition can continue through the workflow.
Internal Issues primary purpose is to process transactions where
inventory is consumed within an organization. Workflow Documents allows a user to attach any document to the PO Requisition.
Businesses should be taking advantage of what their ERP systems offer
to automate manual controls. The Purchasing Workflow suite for Accpac
ERP provides a cost effective method of streamlining and managing the
purchase process to save time, eliminate mistakes and reduce the risk
of fraud. These benefits can increase shareholder value in your company
by providing productivity improvements and reduced audit and compliance