SOX Compliance in Credit & Collections

A lot of folks are focused on SOX (Sarbanes-Oxley) compliance.  And some of these folks are actually the companies trying to go through the SOX compliance process.  The fact of the matter is that there are a myriad of companies out there looking to sell products or services around meeting SOX requirements.

Now, I think that although automation software and audit & compliance services are important, companies really need to look at different processes within the enterprise to accurately judge what they need.  Many times, improvements in their internal business processes can go a long way towards achieving compliance.  Today's post is going to focus on setting up internal controls around the accounts receivable, credit & collections functions.

Although all of this rolls up into a COSO framework (stay tuned for a future posting), some of the things that are critical to address are identifying controls and ensuring testing of these controls for every aspect of the Customer-to-Cash process:

1. Order Processing: You need segregation of duties in the order entry and management process.  Many times, this can be set up in the ERP system with authorization levels for different transactions

2. Accounts Receivable: many things need to be controlled here, but specifically credit memos and write-offs need to be only authorized by appropriate management approval.  Additionally there have to be segregation of duties in different functions of A/R

3. Credit Management: you probably shouldn't have the same folks assigning credit limits as those applying cash and performing post-payment activities.  More and more companies are looking to segregate, monitor and control these activities

4. Cash receipts: cash application from the lockbox has to be as automated as possible (it helps your hit-rate too).  Additionally, a set of reconciliation acitivities have to take place between payment transactions and the banking records.

Finally, you have to have a reat internal control plan, documentation, test plans and a remediation plan when infractions occur.

Its pretty clear that process changes have to go hand in hand with technology and personnel training for companies to be successful in their SOX compliance efforts.

Sarbanes-Oxley and Working Capital Management

Sarbanes-Oxley (SOX) is still a hot topic on the minds of companies today.  I read this interesting blog to keep up to date on the latest developments - Inside Sarbanes-Oxley.  The focus that SOX is placing on certification of financial statements is definitely trickling down to the cash flow statement and working capital management.

Particularly, Section 404 which deals with having a strong set of internal controls.  Since A/R, A/P and inventory are key drivers of cash flow, these are being seen as prime candidates for testing and process automation.  Especially A/R and off balance sheet inventory liabilities. 

Accounts Receivable is where the rubber meets the road in terms of realizing (not necessearily recognizing) revenue.   Here is where the controls have to ensure that all the cash processes - credit scoring and risk management, collections, cash appliciation are being handled in a non-fraudulent manner.  Lots of companies are putting in clear protocols and remediation processes around these functions.  In fact, a firm wall is being placed between the people extending credit to the people actually handling the transactions to prevent any type of collusion or fraud.

There's a lot more to be said about SOX and cash flow, along with Off Balance Sheet Inventory Liabilities.  As deadlines approach, companies are still scrambling to meet requirements...

I'll be posting about the COSO framework next, which helps encapsulate the solution to these challenges.