Supporting Compliance with BPM
Drafted in response to high-profile corporate scandals at Enron, Worldcom, Global Crossing, and others new and existing software vendors are popping up everywhere, with the hopes that they can sell companies a piece of the solution. However, technology needs to be viewed as an enabler of improvements to processes, or companies will find themselves with software that doesn't meet their needs and additional costs that they didn't expect to incur.
Typical process enablers include document management, business process management, collaboration tools, business intelligence, and business performance management, ERP systems, auditor tools, and security/storage/e-mail tools. In this article I will talk about business performance management and its support of SOX compliance.
So, what exactly is BPM and how can it help with SOX compliance?
Performance Scorecarding is an area of BPM solutions that helps companies set and communicate goals, establish key performance metrics and accountability, and continuously measure performance against company goals and objectives. As a control mechanism, major deviations from best practice benchmarks should be a red flag to CEOs and CFOs, auditors and board-level audit committees. An executive dashboard of closely monitored key performance indicators can reduce control risk, especially in an environment of higher inherent risk.
Planning, Budgeting, Forecasting and Business Modeling allow companies to move away from the yearly budget and embrace the concept of continuous planning. This reduces control risk by enhancing the timeliness, availability and accuracy of information, facilitating the additional analysis of information and enhancing the ability to monitor the performance of the company's activities, its policies and procedures.
Financial Consolidation and Reporting helps customers reduce financial consolidation and reporting cycles while providing the detail and process control to meet the most stringent of regulations. Financial management software can help satisfy new shareholder, investor and government requirements for disclosure, transparency and accountability.
CFOs and CEOs not only acquire the fastest possible access to financial results, they can also review an audit trail of approvals throughout the consolidation and reporting process so they are comfortable in signing off on the financial statements as required by SOX Section 302. Also, controls that prevent or detect errors can be added to the system to ensure completeness and accuracy during the financial consolidation reporting cycle.
Improved timeliness, automated detection controls and enforcement of review and approval procedures will reduce control risk and help companies comply with Section 404.
Financial consolidation and reporting also provides controls over completeness, accuracy and integrity in the preparation of quarterly and annual financial statements for submission to the SEC, shareholders, etc.
When considering a SOX compliance BPM solutions companies should consider the following:
No Silver Bullets
It is important to remember that while there are many products available for addressing some of the SOX requirements, no one company provides a complete package to satisfy all of the requirements. Companies should also look to their partners and a variety of vendors to help create a complete solution compliance analyzers, dashboards, and collaborative content management capabilities focused on internal controls (COSO) are needed.
From a single dashboard, financial managers throughout the organization will not only see the financial results for any period, and the percent complete as regards the close process, they can also gain insight to control compliance and risk. Financial results and control evaluations should be brought together in one dashboard to help financial managers feel comfortable certifying the results as required by SOX section 302 and 404. This will also assist with SOX Section 409, real-time reporting, if/when this becomes mandatory.
A time dimension could be used with these metrics, such that if control remediation was not expected to occur in the current period, remediation could be forecasted to the future and actuals could be tracked against this.
Finally, XBRL (Extensible Business Reporting Language) can play a large role as well. XBRL will allow customers to improve investor and regulatory management. It will allow for a "single version of the truth" for better control, eliminate re-keying and potential for error, and improve transparency and investor relations. In addition, investors, analysts, and external users can download XBRL docs from company Web sites directly to their spreadsheets or data warehouses.
Furthermore, the SEC is more interested in XBRL to help with their audits -- increasing since SOX -- because they havent been allowed to hire additional staffing. And, if the SEC is happy, chances are you'll be happy too.
Michael Malwitz is senior product marketing manager for Hyperion's Financial Consolidation and Reporting products. Prior to joining Hyperion, he was director of financial information systems at a Fortune 500 company and also held management positions in internal audit, contracts, financial planning and analysis for the same company.