SOX, ERP, and BPM: a trifecta that can make your business run better

Strategic Finance, Dec, 2008 by Kenton B. Walker

In 2002, Congress passed the Sarbanes-Oxley Act (SOX) to improve transparency and accountability in business processes and corporate accounting that should lead to increased confidence in public markets. One key provision of this law, Section 404, has proved to be particularly difficult for companies, especially those that didn't have good internal controls, processes, and procedures already in place. As you know, Section 404 spells out the requirements for internal controls documentation, assessment, and testing activities that govern the creation of financial reports. The law requires that the management of publicly traded companies attest to the effectiveness of internal controls in each annual report they file with the Securities & Exchange Commission (SEC).

SOX compliance is about financial reporting, focusing on establishing good business practices, and ensuring proper controls are in place to identify potential areas of concern for management. But some executives also have been viewing and using it as an opportunity to streamline and improve business processes, improve efficiency, and increase competitiveness. In fact, companies that are having the most success began their compliance route by asking "How would we implement a corporate performance measurement and financial data accuracy initiative in the absence of SOX?" Regardless of the approach chosen, companies have found that most solutions have relied heavily on their information systems. Enterprise resource planning (ERP) systems and business process management (BPM) tools are two established and valuable resources that together are helping companies comply with SOX and make the business run better.

ERP SUPPORT

Most organizations have been using ERP systems for years. ERP solution providers originally designed their products to achieve automation across multiple departments in organizations, primarily to aid management of manufacturing and distribution processes. These systems offer a framework for organizations to work effectively and efficiently and provide for the establishment and management of standardized processes for raw materials, inventory, order entry, and distribution activities.

At the same time, ERP can help companies improve the systems environment, streamline business processes, and comply with SOX. Principally, ERP goes a long way toward eliminating fragmented and incompatible systems. It also provides support for SOX compliance in several important areas, including accounting, internal controls, and merging the physical and financial supply chains. Yet many ERP systems are out of date or still too decentralized to assist with Section 404 compliance, which has led to increased IT spending to support SOX compliance initiatives. In addition, there are some Section 404 compliance requirements that ERP alone doesn't satisfy.

Support for Accounting

Accounting is experiencing some important benefits of ERP: Duplicate files and redundant data entry are no longer necessary. Accountants can simulate product costs and analyze impacts of changes in labor rates, material costs, overhead rates, bills of materials, and product routings. Customer invoices may be based on actual shipments without duplicate data entry, which helps speed invoice processing. Matching of records for payment processing can be completely automated. As products progress through manufacturing, an ERP system can automatically record transactions and update the general ledger. This provides a complete audit trail from source documents to account balances, ensures accurate and current financial information, and permits tracking of actual activity against the budget.

ERP performs period closings quickly, eliminates or reduces clerical accounting errors, provides timelier financial reports, and permits customization of financial reports to meet the needs of individual managers. Financial projections can be prepared based on detailed information contained within a common database, thus eliminating inconsistencies that happen with multiple corporate information systems. Cash planning can account for current and projected orders, purchases, receivables, and payables.

ERP vendors are constantly introducing new reporting and consolidation tools to make financial processes more efficient and to assist with compliance. In an effort to improve external disclosures, they're developing software for more informed, timely, and comprehensive internal reporting. These capabilities give managers better visibility into current operations and for preparing forecasts. This provides the ability to create performance "watchdogs" who serve as an early-warning system for important corporate performance metrics.

Support for Internal Controls

ERP systems incorporate control features that support SOX and other types of compliance. Information system controls can be segregated into three levels: organization, which relate to the entire organization and structure; entity, which address a business unit or division; and process, which are concerned with documentation and control over a specific business process. Process-level controls are further divided into general IT controls, application integration controls, and data ownership controls. There are also process-level controls that specifically support compliance.