Governance and Sarbanes Oxley
Governance and Sarbanes Oxley
Enhanced standards and enforced corporate responsibility are changing the way we manage our businesses.
Sophisticated software solutions like Activa Asset Management give you the tools you need to meet the increased governance requirements confronting publicly listed companies, but whether you use them correctly, or not, is still down to you.
Although the Sarbanes-Oxley Act was passed eight years ago, senior management of publicly listed US companies with the responsibility to personally assure the accuracy of corporate financial statements are only just coming to terms with the extent of the law, including the recognition that getting it wrong actually poses a real personal risk!
SOX not only imposes a requirement for senior management to sign off on financial results but requires them to evaluate the effectiveness of each fundamental business control and to make sure that it actually works. This means;
SOX not only imposes a requirement for senior management to sign off on financial results but requires them to evaluate the effectiveness of each fundamental business control and to make sure that it actually works. This means;
- identify all business processes that give rise to financial transactions
- test the integrity of the internal controls to see if they are effective or at risk of failure
- evaluate the software systems that facilitate them with major emphasis on process controls and audit trails
The focus here is risk analysis; it is very much about the processes, the quality of the internal controls and the IT systems put in place to make them work. This means pretty much all of them!
The sections below consider the process risks identified in the Act as they relate to capital expenditure budgeting, procurement work in progress and life-cycle management of fixed assets. In the tables, they identify the essential processes and the management controls required to mitigate such risks and then briefly outline a solution for each. Whilst most of these items are reasonably obvious it is alarming just how many organisations still need reminding.
Asset management software systems usually provide the basic tools for capex budgeting, procurement and fixed assets but this is only the first step. To be effective IT systems must promote and maintain the optimisation of internal controls, enforcement of the administrative policies and procedures, segregation of duties and automation of the basic work-flow from procurement through the entire asset life-cycle.
Asset management software systems usually provide the basic tools for capex budgeting, procurement and fixed assets but this is only the first step. To be effective IT systems must promote and maintain the optimisation of internal controls, enforcement of the administrative policies and procedures, segregation of duties and automation of the basic work-flow from procurement through the entire asset life-cycle.
| Essential Processes | Management Controls | System Solution |
| Formalise CapEx Budgeting and capital projects, plan the timing of capital funds requirements and control all budget approvals. | Monitor fund allocations, commitments and spend patterns in relation to the budget plan. Identify the extent of approved, unbudgeted allocations and their source. Carry out regular reviews of budget performance against capital asset acquisitions by department. Maintain a precise history of changes to the CapEx budget plan. | Collate and import regional budgets to a consolidated plan. Control fund allocations centrally. Schedule cash flow requirements to minimise cost of funds. Record and monitor budget allocations for all approved projects. Control ex-budget appropriations and the re-allocation of approved funds. Freeze funds and limit roll-overs. Maintain a full transaction history for all budgeted items and subsequent allocations year over year. Undertake regular management performance reviews to enforce these controls. |
| Provide complete and proper recording of capital expenditure with detailed technical and economic justifications in support of individual capital expenditure requests. | Document the full details of the assets required and support this with copies of the project economic and technical justifications, precise expenditure estimates, estimated completion date and the responsible company officer. | Generate electronic capital expenditure applications with full project details, costs and source of funds. Proposal documentation in the form of spreadsheets, documents, images and scans can be attached as required. Required authorised signatories are auto-generated. In essence, appropriate processes for acquisition of fixed assets. |
| Exercise rigid control over areas of responsibility and limits of authority of authorised signatories and optimise the segregation of duties. | Obtain a copy of the official company authorised signatories and their approval limits. Compare these with the actual approved projects documentation for validity and completeness. Ensure that all signatories are valid. | Full signatory lists are generated automatically for each approval cycle and authorised signatories advised electronically in sequence using the internal email system and based on their individual areas of responsibility and limits of authority. All emails and event times are logged and recorded for management review and process work flows can be separately reported. Once approved, all endorsements and values are fixed. Signatory lists cannot be circumvented, only re-allocated. |
| Utilise official purchase orders for all acquisitions. | Audit acquisitions for valid purchase orders against processed supplier invoices particularly with regard to any apparent over-expenditure and inappropriate disparity in timing. Limit purchase order commitments to approved expenditure amounts only. | The Purchase Order process is a mandatory pre-requisite for any financial commitment and provides the means to enforce supplier purchase order policy and procedures. Purchase order commitment values can be restricted approved values only and no invoices can be processed for payment without a valid PO reference. |
| Record details of proof of delivery documentation. | Verify the record of delivery of goods and services compared to the purchase order and invoiced values obviating misappropriation of assets. | The Goods Received function provides physical and documentary evidence of receipt of the goods from the supplier and substantiates partial or full delivery. Real-time automatic cross-referencing to the PO number via manual input at a work station or using a mobile PDA eliminates information time delays and makes this information available to all users instantaneously. |
| Essential Processes | Management Controls | System Solution |
| Capture and secure asset details and costs directly from supplier invoices. | Ensure that the basic information contained in the supplier invoice is being accurately recorded against the asset record; notably the number of units, unit cost, asset description, serial number and any other distinguishing details of its specification that are available. | Assets are capitalised according to actual invoiced values and this cannot be varied by the user. Supplier invoices are recorded and again cross-referenced directly to the purchase order and delivery advice during data entry and then interfaced directly to the creditors ledger in the financial system. Detailed asset information on the invoice or delivery advice is applied directly to the asset item during the procurement data input process or alternately, following capitalisation to the register. |
| Maintain full transaction audit trail for all capitalised assets. | Examine the asset details in relation to the capital project to which it belongs and verify that all invoices, purchase orders, project documentation, budget allocations and approval details are retained for future reference. | All purchase orders, delivery advices and invoices are automatically added to the project capital expenditure documentation in on-line in real time and are available in detailed reports. Invoices can also be scanned and added to the database for future reference and audit. All procurement document information is also provided for reference directly from the asset record. It is retained on the system a minimum of 5 years after the asset is disposed. |
| Maintain regular audits of reconciliations between the capital procurement system, asset register and general ledger. | Obtain a copy of a reconciliation between the fixed assets ledgers and the General Ledger. Repeat the reconciliation tracing the General Ledger amount from the reconciliation to the GL, and back to fixed assets. | CapEx invoice transactions are interfaced to the creditors ledger on a regular basis providing a dynamic reconciliation of uncapitalised expenditure to the GL and batch references for cross-reference. Assets capitalised to the fixed assets register specifically journalise all capitalised expenditure. All of these transactions are fully audited. |
| Essential Processes | Management Controls | System Solution |
| Formalise the process used to identify and justify the disposal of fixed assets. | Trace supporting documentation for a sample of disposals to the fixed asset ledger and verify accuracy and timeliness of the posting and that the entries contained adequate supporting documentation to support the validity of the transaction. | Transactions can be controlled by an optional voucher system which sanctions the disposal. This ensures that no disposal can be processed unless first approved according to an authorised signatory list similar to that used for capital expenditure items. Disposal information fields can also be set for mandatory completion during data processing to ensure that all information is correctly recorded. |
| Essential Processes | Management Controls | System Solution |
| Fixed assets are reviewed for impairment on at least an annual basis. | Verify that reports noting asset valuation are periodically reviewed by appropriate levels of management to determine potential impairment charges and that any decision to write down the value of an asset has been formally documented and approved by an appropriate member of management. | Valuations, revaluations and impairment adjustments are standard options in Activa and provide for a full transaction history and a facility for the recording of all supporting documentation detailing the basis of the adjustments. |
| Adjustments to the fixed asset carrying values are approved and appropriately supported | Verify that any asset impairment charges have been properly reflected in the financial statements. Review supporting documentation for impairment charges to determine that impairment charge amounts posted to the fixed asset ledger can be tied to the supporting documentation. | Activa concerns itself less with the underlying reasons for an asset valuation than with the detail of the event itself. In all cases, a general assumption is made that the underlying reasons for these transactions are sound and that they are in line with generally accepted accounting practice. |
| Essential Processes | Management Controls | System Solution |
| System access to fixed asset information is appropriately restricted. | Review system access to fixed asset information and ensure that only appropriate personnel have access to fixed asset functions. Check selected transactions to ensure that the audit trail reflects these access levels. | System access is controlled at four levels: System ID and Password with complexity rules, individual database access, menu access to individual functions or data fields and data profile masking to 'hide' unauthorised data. All system transactions are fully audited including changes to the security setup for any user. |
| Asset identification tags have been attached to all fixed assets. | Verify that asset identification tags have been affixed to high-value fixed assets by physically selecting a sample of assets and inspecting the asset for existence of a tag. Check the tag information back to the asset records in the system. | Activa incorporates standard bar code auditing. Additional system options include PDA barcode and RFID tag auditing, data logging data verification and data correction and mobile computing for real-time remote PDA data update. All of these functions work in conjunction with standard system security features. |
| A periodic physical asset audit is performed. | Verify that physical asset audits are performed and adequately recorded and that any variances resulting from such audits are promptly investigated and resolved. | The fixed assets register records all physical audits by barcode or RFID, condition reporting updates and data logging transactions. The last audit date has a full audit trail of all transactions. The Inventory report provides details of the most recent audit date whilst an individual asset record provides a full physical audit history. |
| Appropriate physical and documentary safeguards are in place for the assets including custodianship. | Physically verify that high value or attractive fixed assets are stored in secure locations when not in use and if necessary, asset movement is monitored. Assets held by individuals should have their custodianship recorded. | Compatible high frequency RFID technology used for asset tagging can be incorporated into the general building security access systems to record unauthorised asset movement of assets and/or to alert security personnel. Customised interfaces can provide full asset details and contact information to security personnel. |
| Individuals involved in capital accounting are restricted from procurement activities and obtaining custody of assets. | Ensure that where appropriate, personnel with capital accounting duties do not have any duties pertaining to procurement approvals or custody of assets. | Segregation of duties to mitigate the risk of misuse or the mis-appropriation of funds or assets can ensure that approval, procurement, invoice processing and operational functions are distinctly separated and that there is no inappropriate cross-over of duties. |
| Essential Processes | Management Controls | System Solution |
| Formal policy in place regarding depreciation rates and useful lives by asset class or type. | Review the depreciation methods and rates applied to all asset types and discover if these are reasonable and reflect the corporate guidelines and policies. | The conditions for accounting and tax depreciation are set into distinct templates for each asset type. These are protected by system security and only available to those responsible for defining the templates. Individual asset additions automatically acquire the appropriate conditions from the template. |
| Amortisation/depreciation expense is compared to budget periodically for reasonableness. | Review actual depreciation charges against budget and investigate any significant variances to report the cause. | Template depreciation conditions set to IFRS effective life compliance are protected and cannot be changed without authority and audit. |
| System automatically creates and posts recurring depreciation / amortisation calculations and journal entries. | Review the system configuration to verify that it is set up to generate GL postings. Verify that the system configuration is set up accurately. Review system configuration to verify that the correct journal entries interface with the GL. | Standard GL function posts actual periodic depreciation and amortisation charges according to a set of predefined conditions. Journal reports and internal reconciliation reports provide the basis for validation of the journals. |
| System will not over-amortise/over-depreciate assets in register. | Check that the system software will not over-depreciate and that the algorithms are accurate. | Assets cannot depreciate beyond zero value. |
This is not intended to be a searching revue but it does seek to highlight the major issues related to fixed assets and it points out a few distinct solutions to the risks referred to in the act as outlined in the tables above.
Since the tenets of the Sarbanes Oxley Act have been tacitly adopted as a de facto standard in most industrialised countries there is, in effect, one evolving set of principles for all. However, there are also many concerns related to such concise, innovative and far reaching standards, particularly for senior management and particularly in the US, of course. But then again, there can be no greater motive for making it work than the threat of the loss of personal freedom if you don't get it right.
Since the tenets of the Sarbanes Oxley Act have been tacitly adopted as a de facto standard in most industrialised countries there is, in effect, one evolving set of principles for all. However, there are also many concerns related to such concise, innovative and far reaching standards, particularly for senior management and particularly in the US, of course. But then again, there can be no greater motive for making it work than the threat of the loss of personal freedom if you don't get it right.
The system solutions referred to above are intended as a product brief and should not be read as the full specification of Activa software. If you have more specific questions please use the Search options on this site. If you do not find what you are looking for on other pages of this site please complete a Contact Request noting your area of interest and we will respond by return.
The following page articles contain some information related to governance issues and system solutions;
The following page articles contain some information related to governance issues and system solutions;
| Bookmark Page | Download PDF | |
| Article last updated : Feb 23 2012 10:19AM |  |