|
The Sarbanes-Oxley Act of 2002 was originally enacted as a result of many corporate scandals and the need to protect stockholders' interests. The act is a landmark decision to ensure that corporations proactively share their financial reporting with auditors, audit committees, analysts and investors. In fact the Act has eleven titles that companies must adhere to:
Title I Public Company Accounting Oversight Board
Title II Auditor Independence
Title III Corporate Responsibility
Title IV Enhanced Financial Disclosures
Title V Analyst Conflicts of Interest
Title VI Commission Resources and Authority
Title VII Studies and Reports
Title VIII Corporate and Criminal Fraud Accountability
Title IX White-Collar Crime Penalty Enhancements
Title X Corporate Tax Returns
Title XI Corporate Fraud and Accountability
(For a view of the complete act as written by Congress, go to www.findlaw.com and view H.R. 3763)
The SOX Act is complex with many provisions. The two most relevant to public companies are Section 302 and 404. These sections are specific to accounting controls, control activities, financial reporting, CEO & CFO certification of the reporting and the supply chain. SOX specifically calls for the use of COSO or the Committee of Sponsoring Organizations of the Treadway Commission. This commission was formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting. This is the prescribed framework for companies and their auditors. Do not mistake this as a checklist; COSO is a mandatory framework of operation. The framework consists of:
Control Environment – the foundation for all other components of internal control, providing discipline and structure.
Risk Assessment - the identification and analysis of relevant risks and their effect on achievement of the company’s objectives.
Control Activities – ensure that management’s directives are implemented and that necessary actions are taken to address risks, enabling the entity to achieve its objectives.
Information and Communication – pertinent information must be selected and communicated in a manner and time frame that enable people to carry out their responsibilities.
The COSO framework uses a distinct matrix:
For Operations:
Monitoring: All Operating Units
Information and Communication: N/A
Control Activities: N/A
Risk Assessment: All Operating Units
Control Environment: N/A
For Financial Reporting:
Monitoring: N/A
Information and Communication All Operating Units
Control Activities: N/A
Risk Assessment: N/A
Control Environment: All Operating Units
For Compliance:
Monitoring: N/A
Information and Communication: N/A
Control Activities: All Operating Units
Risk Assessment: N/A
Control Environment: N/A
How does this affect the Supply Chain?
Although not specifically called the supply chain within the Act, section 404 is widely known to affect the movement of goods with regard to reporting their movement and auditing their worth. Section 404 states that management must attest annually to internal controls and certify those with an auditor.
In lay terms, this means that movement of product from DC’s to stores, stores to stores, suppliers to DC’s, etc. etc. must be monitored, tracked and reported on in a manner that has a viable audit trail and can be certified by a public accounting firm. No longer can companies afford to have so called black holes with regard to the movement of product. Whether the product is in a container awaiting arrival from Asia, or in the back of a truck on a local “milk run”, an audit trail must be present.
As one would imagine there are numerous tools and products now available to assist with tracking, monitoring and reporting both from a financial perspective as well as a product in-transit perspective. Tools must include reports on accounts, processes, risks, controls including ineffective controls, incomplete documentation of processes and financials, poor segregation of responsibilities, at-risk action items and projects, issues and others depending upon the business entity.
According to a recent AMR report called “SOX Decisions for 2005”, the next step is to heavily invest in technology. John Hagerty points out 3 key decisions:
Decision 1 – Increase investment in technologies that automate testing internal controls.
Decision 2 – Invest in portals, dashboards, and scorecards.
Decision 3 – Don’t reinvent compliance processes; stay the course and automate.
When are deadlines?
Although most of the deadlines for SOX compliance have long since past, many companies are still not compliant with regard to the overall supply chain.
Deadlines for compliance for such things as CEO & CFO bonus forfeitures, certification of annual and quarterly reporting, pension funds and the like (Sections 304,402,302,403,303,406,407,306,401) were all due for completion at various times within 2002 & 2003. Because these were primarily financial and important to corporate officers, board of directors, stockholders and the SEC, there are few if any companies not in compliance.
January 2004 saw the deadline pass for off-balance sheet transactions, including use of special purpose entities, and the transparency of the treatment of those transactions under GAAP principles. (Section 401).
However, with regard to internal control reports for companies, requiring real time disclosure of information concerning material changes in the company’s condition or operation (Section 404, 409) or translated, the supply chain, this deadline has been extended until February 28, 2005.
Conclusion:
Review the current supply chain operations, processes and documentation for SOX compliance. If help is warranted for assessment or suggestion for tools/systems in the marketplace, be sure to call on the capable personnel of Navesink Logistics.
Resources used for this article included:
I. AMR Research, Decisions 2005 by John Hagerty. Publication number AMR-A-17887.
II. Open Pages white paper. Sarbanes-Oxley Act Compliance. May 2004.
III. FindLaw: the complete text as written by Congress of the Sarbanes-Oxley Act of 2002.
IV. The Sarbanes-Oxley Act of 2002: Strategies for meeting new internal control reporting challenges: A white paper by PriceWaterhouseCoopers.
V. Perspectives on Internal Control Reporting A resource for Financial market participants. December 2004. Deloitte & Touche LLP, Ernst & Young LLP, KPMG LLP, PricewaterhouseCoopers LLP.
|
Introduction
