SOX and the supply chain

Oct. 5, 2004
While the popular perception is that Sarbanes-Oxley (SOX) compliance is a necessary burden laden mainly on the shoulders of corporate financial officers,

While the popular perception is that Sarbanes-Oxley (SOX) compliance is a necessary burden laden mainly on the shoulders of corporate financial officers, in fact there are distinct supply chain advantages that accompany the compliance process.

"SOX is far reaching and touches every component and function and division and branch within a company," says Les Stone, associate partner, Finance & Performance Management Service Line, with Accenture. As Stone views the controls sought by SOX, he observes, "It isn't anything new. The importance placed on internal controls was always there — both from a corporate standpoint as well as an auditor's perspective."

Some sections in the Sarbanes-Oxley Act of 2002 are quite clear in spelling out what is expected in reporting, how to reach conclusions and what consequences derive for failure to meet requirements. Stone points to Section 302, which deals with CEO and CFO signoffs; and Section 906, with penalties and rules around record retention and board audit committee responsibilities. He characterizes these sections as fairly black-and-white in their approach.

However, Section 404 presents an entirely different face — it requires the filingof an internal control report along with a company's annual report (10-K).

"Many people expected after regulations were postponed three times that the U.S. Securities and Exchange Commission (SEC) and Public Company Accounting Oversight Board (nicknamed "Peek-a-Boo") would come out with a definitive set of guidelines," Stone notes. "Many thought they would issue a holy grail , if you will, showing companies how to perform internal control compliance." That didn't happen.

The SEC did not issue what would have been a cookie-cutter approach to evaluating controls as required in Section 404, nor did it provide a checklist. Instead, it asks companies to define their own framework and then to explain that to the SEC. As it turns out, most companies use criteria issued in a 1990s framework by the Committee of Sponsoring Organizations (COSO) in its "Internal Control — Integrated Framework."

"Everyone is going down a path using COSO," says Stone, "but Peek-a-Boo suggests that you don't need to evaluate 100% of your controls, just your critical controls and those that are most likely to cause reporting irregularities. You are going to have different controls in different businesses — computers and banking, for example."

With so many differences from company to company — even within the same manufacturing sector — the process of complying with Section 404 is a factor in gaining a supply chain edge. Section 404 compliance necessitates a great deal of pre-work that has to happen in terms of documentation and evaluation against a framework like COSO.

"If people are only looking at Section 404 to comply with SOX," notes Stone, "they are missing a huge opportunity to gain a competitive advantage."

"Although Section 404 focuses on internal controls over financial reporting, the fundamental approach to achieving compliance has a complementary impact on supply chain infrastructure design, transaction integrity and reporting measures, both in financial and operational nature," states a white paper produced by educational society APICS and risk management consulting firm Protiviti.

To provide a framework for companies seeking to link financial and supply chain data in order to understand their status, APICS/Protiviti suggest that supply chain processes be broken down into seven activities — plan, source, produce, store, transport, sell and return (see Table 1). Then, they suggest companies adopt a four-phase program to achieve a competitive edge based on "well-documented, well-understood and well-controlled supply chain processes" (see Table 2).

Simply stated, in moving to meet the requirements of SOX, companies can turn to data gathering techniques (e.g., activity-based costing) and technology (e.g., enterprise resource planning). With accurate data available and a clear vision for all departments into internal controls, the means to achieve a true supply chain edge are at hand, as is the ability to meet the requirements of SOX.

One of the key aspects of SOX is that it refers to reporting transparency, which is more than just looking at numbers. It's understanding what's behind those numbers. When looking at gross margins, for example, companies need to focus on where there are material, labor, overhead and transportation cost variances. The question then becomes: What are we doing within our supply chain to address those variances?

Stone points out that from a vendor perspective within the supply chain, it's necessary to understand what's happening in the marketplace, i.e., what types of new programs vendors and suppliers are offering, or should be offering.

"I remember when it was common to push suppliers to put material on premises on consignment to be paid for it as it was used," he says. "Today people are looking at fill rates and lead times, and other aspects of the market — whether it's competitive information or understanding a company's markets and its segments. But within the supply chain, those are the things that must be managed."

There is a cautionary note to be heeded in approaching SOX compliance. If a company is not properly utilizing its cash, inventory, receivables and payables and is being "creative" in terms of establishing programs with its customers and suppliers, the company will eventually lose all the value it could have derived from the compliance effort.

As Stone notes, "As companies develop a map telling them where they want to go and execute against that map — as they understand what the key value drivers are and how to manage future value — they become the companies that are going to be better rewarded in the marketplace."

One of the keys, he says, is how a company takes SOX compliance and leverages that to allow it to gain a competitive advantage. "At the end of the day, it's just that simple."

Table 1
Supply Chain
Business Process
Supply Chain
Transactions
Financial Reporting
Elements (balance sheet)
Financial Reporting
Elements (income statement)
Supply Chain
Reporting Elements
(some examples)
Plan Raw materials are purchased
  • Raw materials
  • Accounts payable
  • Cash and debt
  • Cost of sales
  • Supplier delivery performance
  • Cost and quality
  • Planned deliveries
Source Purchase of equipment, direct and indirect material, and services
  • Property and equipment(net)
  • Accounts payable
  • Cash and debt
  • Depreciation
  • Taxes
  • Supplier delivery performance
  • Cost and quality
  • Planned deliveries
Produce Products are manufactured or raw materials are converted
  • Raw materials
  • Work in progress
  • Accounts payable
  • Accrued expenses
  • Wages payable
  • Cash
  • Cost of sales
  • Wages
  • Utilities
  • On-time delivery
  • Quality and cost
  • Routing accuracy
  • Production plan performance
  • Production schedule performance
  • Scrap rate
  • WIP levels
  • Planned production
Store Raw materials, work in progress, or finished goods are stored
  • Raw materials
  • Work in progress
  • Finished goods
  • Accounts payable
  • Accrued expenses
  • Wages payable
  • Cash
  • Cost of sales
  • Wages
  • Utilities
  • Inventory accuracy
  • Queue, buffer and safety stock levels
  • Inventory turnover
  • Scrap rate
Transport Goods are transported
  • Work in progress
  • Finished goods
  • Accounts payable
  • Wages payable
  • Cash
  • Cost of sales
  • Wages
  • On-time delivery
  • Quality and cost
  • Scrap rate
Sell Products or services are sold
  • Accounts receivable (net)
  • Finished goods
  • Warranty reserves
  • Commissions payable
  • Cash
  • Net revenues
  • Cost of sales
  • Selling expenses
  • Marketing expenses
  • Commissions
  • Sales plan performance
  • Customer service
  • Percent sales order changes
  • Order entry accuracy
Return Sold goods are returned
  • Accounts receivable (net)
  • Inventory reserves
  • Accounts payable
  • Warranty reserves
  • Commissions payable
  • Cash
  • Net revenues
  • Quality and customer service
  • Planned returns
Table 2

Phase One:
Defining and linking elements

Phase One:
Prioritization of objectives and resources for improvement initiatives; recognition of processes have a significant effect on an organization's financials.
Phase Two:
Documenting and assessing critical supply chain processes
Phase Two:
Clear depiction of supply chain network, understanding information flows, assigning ownership of processes and controls, benchmarking processes and controls against the Capability Maturity Model and industry best practice, evaluating design and operating effectiveness.

Phases Three and Four:
Control-enabled advantage

Phases Three and Four:
Understand the organization's resiliency and capacity to change given its current resources and systems; focus on improving performance, increasing management confidence in running the business, improving reliance on business information systems, reducing costs, strengthening control, increasing quality.

Report

Report
Documented baseline increases in an organization's agility and ability to react to changing strategic and tactical needs.


Source: Protiviti/APICS

resources

Accenture
www.accenture.com

APICS
www.apics.org

Committee of Sponsoring Organizations
www.coso.org

Protiviti Inc.
www.protiviti.com

Public Company Accounting Oversight Board
www.pcaobus.org

U.S. Securities and Exchange Commission
www.sec.gov

Latest from Global Supply Chain

#198695857@Pramote Polyamate|Dreamstime
Manufacturing Sector Still Contracting: ISM
#292530538@Lightfieldstudiosprod|Dreamstime
Holidays Sales to Hit New Record: NRF