Sarbanes-Oxley Act Basics and ERP Systems

Sarbanes-Oxley Act Basics

From year 2000 to 2002 several large corporate companies are caught in series of frauds in area of financial practices and reporting. Examples of Enron and WorldCom lead to creation of Sarbanes Oxley Law, also called as SOx and known as  ‘Public Company Accounting Reform and Investor Protection Act’ (in the Senate) and ‘Corporate and Auditing Accountability and Responsibility Act’.

The SOx Act was activated in year 2002. The Act was named after Paul Sarbanes and Michael G Oxley who sponsored and helped in creating this law to implement stricter controls for companies financial reporting, auditing and corporate responsibility.

Reason for the Act and its implications

The SOx (Sarbanes Oxley Act) act was created in response to the financials frauds of Enron and WorldCom companies. The Act applies and puts in place stricter controls for all publicly listed companies in US as well as it applies to all companies the audit US based publicly listed companies. The Act does not apply to private companies.

Securities and Exchange Commission is accountable for checking that public companies adhere to SOx compliance, rules and regulations. Additionally the Public Company Accounting Oversight Board is helping to ensure the accounts auditing firms are doing their roles correctly and independently ensure SOx compliance of companies audited by them.

The SOx Act has eleven sections with several sub sections detailing each section. The sections are focused on Public Company Accounting Oversight Board, Auditor Independence, Corporate Responsibility, Enhanced Financial Disclosures, Analyst Conflicts of Interest, Commission Resources and Authority, Studies and Reports, Corporate and Criminal Fraud Accountability, White Collar Crime Penalty Enhancements, Corporate Tax Returns and Corporate Fraud and Accountability.

The Key Implications of SOx Act are,

Section 302 – Corporate responsibility for financial reports: Requires the CEO and CFO to be fully accountable and responsible for financial reports accuracy. It requires both officers to be responsible for internal controls that enable full transparency, accuracy and timely reporting of changes affecting financial reports. It also requires the officers to highlight any gaps in the internal controls and required corrective action.

Section 401 – Disclosures in periodic reports: Asks for full transparency of financial reports on period basis (e.g. quarterly). It requires companies to submit financial reports with full clarity on deviations like off balance sheet transactions reporting.

Section 404 – Management Assessment of Internal Controls: Focuses on defining the internal control measures and responsibility for internal controls implementation and day to day use. It also requires an audit and information on yearly basis of the effectiveness of the internal controls being practices by the organization.

Section 409 – Real Time Disclosure: Requires companies to do real time disclosure of change in financial situation due to material and operation changes in the company.

Section 802 – Criminal Penalties for altering documents: Defines the penalties for companies for altering financial documents, document/transaction audit logs and alteration of audit results.

Section 806 – Whistleblower protection: Empowers employees in organization to be able to report back on any fraudulent activities by protecting them.

How does MySAP ERP meet these implications

MySAP ERP is created based on leading industry best practices that meet, suite and support company needs from process automation to compliance to creating transparency and control. The solution helps companies to deploy industry standard internal controls that help companies to practice and comply easily.

SOx require companies to be faster, timely, accurate and transparent in their financial reporting and accounting practices. My SAP ERP is helpful in enabling companies to achieve above with industry standard processes and automation tooling.

MySAP ERP has internal control management sub module that helps in business process modeling, internal controls documentation and identifying improvements required in any control processes. It makes available management reports and dashboard that help C-level executives to check the state of accounting and internal controls used. This helps in enabling SOx compliancy for Section 302 – Corporate responsibility for financial reports and Section 404 – Management Assessment of Internal Controls.

MySAP ERP provides fully configurable financials and accounting module that helps organisations to setup their organisation structure and reporting flexibly. The general ledger in MySAP ERP helps in full transparency and disclosure. Its available in such a way that using one information source, multiple reports can be generated which could be suitable for various needs like legal and management reporting. It helps companies to have periodic, timely, accurate and transparent reporting. This helps in enabling SOx compliancy for Section 302 – Corporate responsibility for financial reports, Section 401 – Disclosures in periodic reports and Section 409 – Real Time Disclosure.

MySAP ERP has a sub module available for capturing whistle-blower complaints. The sub module helps employees to send messages about accounting irregularities noticed, directly to the audit committee using electronic form which can also be made anonymous if required. This helps ensure whistleblower policy can be enabled with ease and with employee protection while keeping the company focus on improving the accounting practices. This helps in enabling SOx compliancy for Section 301 – Public company audit committees and partly Section 806 – Whistleblower protection.

MySAP ERP helps deploy stronger internal controls and segregation of duties by creation of authorisation profiles that restrict users to specific roles and transactions in the system. This helps in ensuring strong authorisation control and prevention of possible miss use of data due to clear visibility of segregation of duties related conflicts. All in all it helps improve audit compliance and reinforcement of controls and governance. This helps in ensuring compliance for SOx Section 802 – Criminal Penalties for altering documents.

MySAP ERP has an in built audit information system, that allows internal and external independent auditing firms to do structured audit reviews. The system has preconfigured set of reports and activities that help auditors go through to validate required compliance as well as find out gaps and improvements. This helps internal and external SOx auditors in performing relevant audit checks in a structured manner.