Sarbanes Oxley (SOX) – corporate purchasing falling short of compliance?

Sarbanes Oxley (SOX) is a US law passed in 2002 to strengthen corporate governance and restore investor confidence. It requires that executives must publicly state their responsibility for establishing and maintaining as adequate internal control structure and procedures for financial reporting.

This Act, created following corporate accounting scandals, places accountability for financial reports at the very highest levels of an organization. Non-compliance could result in jail sentences, hefty fines, not to mention bad publicity. Even with these consequences and companies spending thousands on compliance issues, executives are still overlooking a major area for compliance – corporate purchasing. The corporate purchasing department may well be the one area where SOX will snare your company. Why?

When you pull back the covers on many companies’ operations, two startling facts often become apparent:
  • First, the lack of process around indirect purchasing in otherwise highly institutionalized companies.
  • Second, the lack of executive interest in improving the purchasing process.
(Yes, the latter is usually responsible for the former.)

Yet, compliance to the SOX act requires a change in both the purchasing process and the level of executive interest in purchasing. Companies must review every area impacting the numbers going into financial reports, and executives must sign off on their accuracy. Your company has probably spent time scrutinizing revenue tracking, accounting practices and executive perks. But, how closely have you looked at purchasing?

Ask yourself:
  • What controls do you have in place to detect kickbacks and other purchasing-related fraud?
  • How detailed is your audit trail?
  • How often do purchase orders get changed?
  • Who approved purchase requests and then deleted them?
  • How often does someone make a purchase and then get the PO?
Can’t say for sure? Then sound the alarms. It’s time to play catch-up before the SEC catches you.

Fortunately, purchasing is a field offering a professional accreditation program and generally accepted best practices – good places to start. Check with your local Institutes for Purchasing and Supply for details on both. But employing accredited purchasing professionals and adopting best practices won’t make you compliant with SOX.

Technology is the key to gaining compliance. The right software helps in three primary ways:
  1. Enforcing a consistent and reliable process for managing your overall spend. Purchasing software can and should let you automate approval routing for purchase requests. In addition, purchasing software enforces spending limits and supports contract-based purchasing.
  2. Auto-recording a clear and comprehensive audit trail of all activity related to spend. Enforcing a process is a start, but actually keeping a record of every step in the process puts you in compliance. If there’s a question, it’s easy to know who was involved with a particular transaction and what actions they took.
  3. Providing evidence through built-in reports that purchasing processes are (or aren’t) followed. Purchasing software gives you data on purchasing activity so you can detect any abnormalities. Review purchasing volumes to detect if spending is unusually high in a certain department or location. If you use RFQs, compare quotes to actual prices aid to look for consistency. Conduct an analysis of non-contract purchasing to make sure contracted items aren’t being bought for a higher price with a non-contract vendor.
Finding the right technology to bring your purchasing process into compliance is not difficult. After evaluating your current processes, document the areas in which you would like to see improvements and areas where you think need to be compliant with the Act. Once you have set forth these parameters, you can begin searching for the right technology.

During your search, ask each software vendor these key questions:
  • How long have you been in business?
  • Is procurement software your main product and specialism?
  • What is the implementation cycle?
  • Do you provide cloud-based and/or on-site training before the system goes live?
  • When should we expect to see a return-on-investment?
  • What other customers do you currently work with and what type of results have they experienced?
  • Do you have other customers in our industry? If not, then why do you feel that your product will work for this company?
  • What type of business process improvements should our company see and within what timeframe? These questions will lead you down the path of understanding whether certain software can handle your company’s needs. You want to find a company that has been in business for a whilst and whose main product is procurement software.
These companies typically have the expertise in the area your company needs and will be able to provide you with a better quality product, support, and services. And of course, good purchasing software will pay for itself within a year – so ask about ROI and ask for statistics from other customers and how they achieved ROI.

Bringing purchasing into compliance with SOX is more than an end in itself. In the short term, sure, you need to make sure you don’t run afoul of the law. But in the long term your company will benefit financially. A study concluded that a company could reduce expenses at least 3.5% annually by implementing software, and we frequently see cost reductions greater than 10%. Spend control is a fast way for organizations to identify and rationalize excess costs.

Isn’t that alone worth taking a hard look at your purchasing process?