Why should Indian companies conduct Sox audits


Since purchasing has a significant impact on the company's results, it is also the focus of the Sarbanes-Oxley Act (SOX). It is true that many buyers see the SOX regulations as a nuisance. Proactive procurement managers use the top management issue SOX as an opportunity to sustainably optimize processes and systems as well as the organization and governance of procurement.

Anne Bernzen, Felix Theisinger

The Sarbanes-Oxley Act prescribes more stringent accounting and auditing rules for all companies listed on the US capital market. The companies concerned must prove that they have a comprehensive and functional internal control system that ensures the correctness and reliability of financial reporting. The top management is personally liable for this. The law is intended to prevent accounting scandals such as Enron and Worldcom in the future. According to Section 404 of the Sarbanes-Oxley Act, companies must check the quality of their internal control system, document it and have it certified by auditors.

The internal control system of purchasing is subject to SOX audits because conscious or unconscious mistakes in procurement have a direct impact on the company's results and thus on financial reporting. All purchasing processes relevant to financial reports and the controls contained therein must therefore always be documented up-to-date. As a typical SOX-relevant, but by no means new, purchasing control, for example, each order must be approved in accordance with the applicable signature guideline and based on a valid, correctly approved requirement requirement. The greatest and annually recurring effort ultimately lies in assessing the internal control system. Companies have to prove the functionality of the controls with random samples.

SOX conformity also in demand with the supplier

SOX also plays an important role in the selection of suppliers and the drafting of contracts. SOX aspects must be taken into account, especially when purchasing services and contracts for IT and business process outsourcing. Because SOX responsibility cannot simply be passed on to third parties. For example, an unreliable logistics or IT service provider can cause misstatements in the client's financial report and thus endanger its SOX compliance. As a result, when purchasing SOX-relevant services, purchasing must apply increased requirements for the selection of suppliers. Above all, the service level agreements should include the fact that the service provider provides a SAS 70 Type II certificate of conformity on time. Furthermore, the client should reserve the right to be able to carry out an audit on his partner.

SOX undoubtedly represents an additional workload and additional administrative effort for purchasing. Nonetheless, the specifications can make a significant contribution not only to increasing the efficiency and effectiveness of purchasing, but also to improving the overall quality of the internal control system and risk management. Among other things, SOX requires clear, organizational responsibilities. In this respect, purchasing has the duty and opportunity to clearly define the interfaces to other functional areas. For example, the boundaries between financial accounting and logistics are often blurred and inconsistent.

Furthermore, the SOX documentation creates group-wide transparency, which can be used to identify optimization potential. The high complexity and variety of processes can be easily discovered and compared with best practices. Likewise, systems and processes are tracked down in decentralized purchasing organizations that should have long since been replaced. Due to mergers & acquisitions and deficits in governance, there is often a heterogeneity of purchasing systems in corporations. From a strategic point of view, however, this wealth of variants can rarely be justified, because the purchasing process and purchasing systems in particular can be easily standardized.

Opportunities for spend management

Standardized, group-wide uniform IT systems also enable a high degree of automation of the SOX controls. Proof of effectiveness is easier, safer and involves less effort. However, standard ERP systems do not currently meet all requirements and have functional deficits, especially in spend management. The use of best-in-class special solutions is then recommended. A “blind flight” in spend management does not exhaust potential savings and at the same time harbors dangers with regard to a correct financial report.

In the course of the SOX audits, it can therefore make sense to position Purchasing as a “spend gatekeeper” who is responsible for all cash outflows. It must then be included in all contracts in which companies enter into payment obligations to external suppliers. In this way, it should no longer be possible, for example, for marketing to conclude advertising contracts worth millions on its own without using the negotiating skills and supplier assessment of purchasing. In addition, all concluded contracts should also be documented in a central, group-wide contract management system, since framework contracts can also be used much more efficiently in this way.

Finally, SOX helps to further professionalize the purchasing of services and outsourcing: Because of the strict requirements, interface relationships, responsibilities and service levels have to be specified in more detail. A black box approach to outsourcing is no longer adequate because the supplier's processes and controls should be completely transparent to the client. Service providers who, as a company, have to be SOX-compliant themselves have a competitive advantage here. In general, SOX leads to targeted and secure processes for both supplier and client, and ultimately creates trust among employees, customers and investors. This offers purchasing the opportunity to use SOX as a catalyst for necessary changes and optimizations. The value contribution of procurement can thus increase sustainably.

Sarbanes-Oxley Act

The falsification of the accounts at the US telecommunications group Worldcom and the energy trader Enron shook confidence in the capital market. To prevent fraudulent activities, the American Congress passed the Sarbanes-Oxley Act (SOX) in 2002, which is named after its authors.

The law forces all companies that are listed on US stock exchanges, as well as foreign subsidiaries of American companies, to make their accounting transparent. This also affects German companies whose shares are traded in the USA. The board of directors and the auditors are given greater responsibility and are made liable for the fact that the financial data they publish is true. The results of internal audits must be published. The majority of the Board of Directors is made up of independent members; CEOs should no longer preside. An audit committee that is independent of the Executive Board is responsible for appointing, determining the remuneration and monitoring external auditors. Source: WirtschaftsWiki / Handelsblatt.com

the authors

Back to the home page