How important is Sarbanes Oxley (SOX) to the Procurement function: Is Compliance really an Opportunity ?

SOX, better known as Sarbanes Oxley is as dry as “the desert”; nevertheless I’ve seen people trying to shy away from any trainings that are provided in this genre around compliance,

….Don‘t laugh at me, that’s what you’d feel to sit through seminars or sessions related to it, that’s what public opinion is.

We’ll for me it was positive, the follow-on bile of the seminar pumped my enthusiasm to begin research on the SEC’s (Securities Exchange Commission) strategy and requirements for Sarbanes Oxley and the procurement function.

I don’t want to repeat the shady state of affairs that affected Enron and others, that’s a stale tale.

Nevertheless, I went that extra mile on the “walnut” and tried looking at it from various angles; trust me, the first question in my current SRM implementation at an Oil field Services major was around SOX controls in procurement.

We’ll there lied a target audience that I could now vent on J

I gave them only 4 Quadrants of Gyaan that they had to know, to “know it all”, All that I had to communicate was that, please view “compliance as an opportunity” and not a threat or an axed burden

What’s the Dope

-          a 101 on how Procurement Controls impact Sarbanes Oxley

-          What are those sections in the Sarbanes Oxley act that are a focus area for procurement

-          Does the SRM solution they’ve chosen cater to the Audit points, customers want prescriptions that are implementable, reportable and biggest of all “Auditable”

..Little more on the length and breadth of the artifacts

1)      a 101 on how Procurement Controls impact Sarbanes Oxley

Procurement processes create hundreds, if not thousands, of financial transactions every day

What are the procurement Audit Points and the Business Objects that are impacted, see illustration below.

Dun & Bradstreet integration for Supplier relationship’s are now a necessity, more than a “good to have feature” in SRM solutions

image

2)      What are those sections in the Sarbanes Oxley act that are a focus area for procurement

The answer is very simple, its about satisfying the 4 Sections, the 4 critical Compliance quadrants

The agenda on the controls and the cause and effect becoming a CPO and CFO agenda item very clearly reveals that, all elements of compliance are under the CCTV now, there’s no hiding

Trust me these days there are trained auditors for Enterprise SOX audits, that can ask you very uncomfortable questions and you need to be prepared with an answer.

image

3)      Does the SRM solution they’ve chosen cater to the Audit points, customers want prescriptions that are implementable, reportable and biggest of all “Auditable”

After giving all the dope, customers new to Sarbanes Oxley, ask you very simple questions

-          Are we SOX compliant with the current package that we’re implementing

-          What are the key questions that auditors will ask us

-          How prepared are we, is our readiness factor healthy, do we need more time, more resources, more money, what do you suggest

The answer for this is easy these days, with almost all new releases or product lines across various package vendors bundling the features canned and auditable. To new customers, all of this looks very

Jazzy in the beginning, they will give you 99% credit to themselves having been consulted, in the very first place.

If it’s a veteran oldie to SOX: They will bombard you with SOX reporting requirements across 302, 401(A), 404, 409either to be delivered out of the Box or via some custom development, but they need to have a leading edge to address Auditability, what they fail to understand till date is that, its not about getting a heavy duty compliance framework, its actually about understanding “What’s expected out of Basic Procurement Control” and building traceability in processes and more importantly following them end to end without break-points to derive maximum !!!!

Please do visit the SEC website to see sample audit questionnaires on SOX, you will also get to read a recent whitepaper published by SAP on Automating SOX audit testing

I know some of you would definitely read through till here, hence the last but not the least or let’s say the most “interesting” statement that I’ve ever heard about Sarbanes Oxley.

Compliance and Good Internal Controls is no longer Best Practice………….It is the Law!!!!

….If SOX interests you and you want to know more do collaborate for any follow-on, I’d be glad to help

Do write to me @ tridip.chakraborthy@cognizant.com

Better preparation will get you past them and believe me, it will translate into benefits sooner or later, it continues to benefit my clients.

SAP Developer Network Latest Updates