Internal Control Over Financial Reporting With ERP

Internal control over financial reportingHow can you provide in-compliance, accurate and timely reporting for financials? In this episode of The ERP Advisor, we discuss ERP and financial solutions for Sarbanes-Oxley compliance, including automated internal controls compliance and testing.

When done right, internal controls help streamline processes, increase transparency, and build trust among stakeholders and customers. In this article, we examine how ERP can help take the hassle out of financial reporting.

Proper financial reporting has everything to do with trust. While conventional wisdom says that up to five percent of revenue in America is lost due to fraud — and even more to waste and inefficiency — our hope is that we can provide guidance on how internal control can help eliminate those losses.

The secret lies in a well-designed ERP system that can achieve the following objectives in operations, reporting, and compliance:

  • Provide a single source of truth
  • Streamline executive approvals
  • Make it instinctive to follow generally accepted accounting principals

Meeting these requirements can be expensive and complex when you don’t have the right ERP solution. That is why it is essential to get the right software and make sure it is implemented by team that knows what it is doing. At ERP Advisors Group, we have consulted on hundreds of ERP implementations, and we provide independent guidance to find the best software for internal control over financial reporting.

Trying to enforce internal controls with an enterprise solution can spell catastrophe for midsize businesses and organizations — so perhaps a brief look to the past for some historical context is in order.

Enron, WorldCom and financial fraud

“Fraud” and “prison” are ugly words. Yet the words are never worse than the nightmare of the experience itself. It’s true: false financial statements can mean jail time for corporate officers. That few are ever prosecuted is actually a testament to just how seriously this is treated.

All of which is to say: internal control over financial reporting is important. Even in uncertain times, it can’t be overlooked, because the consequences of slipshod accounting are all too grave and unrelenting.

But for the backstory on how the penalties came to be so stringent, we look to the financial scandals of the early 2000s, and behemoths such as Enron, WorldCom, and Tyco International. These high-profile financial disasters destroyed investor confidence and led many to demand a complete rework of regulatory standards that hadn’t touched in decades.

And thus, the Sarbanes-Oxley Act of 2002 was born.

What is Sarbanes-Oxley?

On July 30, 2002, the U.S. Congress passed the Sarbanes-Oxley Act to help prevent fraudulent and dishonest financial reporting. The act resulted in widespread reform to existing securities regulations, thanks to an extensive docket of requirements — and penalties for violations.

Named after Senator Paul Sarbanes of Maryland and Representative Michael Oxley of Ohio, who wrote the original legislation, the act is known by many other names, including the SOX Act of 2002, the Corporate Responsibility Act of 2002, or just “SOX” for short.

Here is a brief summary of SOX requirements:

  • The CEO and the CFO are held fully accountable for internal accounting controls, including signing off on financial reports and reporting any material deficiencies
  • Financial reporting must contain no misrepresentations or known errors
  • Off-balance sheet liabilities, obligations, and transactions should be noted
  • Management must attest to having an adequate internal control structure and report any shortcomings
  • External auditors are required to verify that internal controls are in place
  • Material changes in financials must be disclosed on a close to real-time basis
  • An annual report must be compiled containing all of these points
  • It is also noted in the requirements that any destruction or alteration of documents will be met with criminal charges

According to a survey by the Center for Audit Quality, “79% of chief financial officers (CFOs) feel that the overall quality of information in audited financial statements has improved since the enactment of SOX.”

Examples of internal controls in ERP

The benefit of an ERP system is that it can help remove manual processes and do some of the work automatically, thus increasing organizational efficiency.

An electronic accounts payable workflow can be set up inside an ERP application, where all formal approvals required by the organization’s procedures are captured according to vendor, amount, cost center, account, location, or project. You can also have a purchase order approval process where approvals are captured within the ERP application.

An ERP system also helps the auditor test internal controls and analyze the effectiveness of the company’s procedures. The focus is on limiting employee authorizations, protection and preservation of assets, and separation of duties.

We feel that conducting internal control within an ERP application is the most effective way to handle internal control, and it will be the most efficient and cost-effective in the long term. You will be able to prepare accurate and timely financial statements, and most importantly, it will help you maintain Sarbanes-Oxley compliance.

Working with an external auditor

An ERP system streamlines external audits by making it easier for an auditor to examine financial statements and run tests with dummy transactions.

Audits usually have three stages:

Planning and risk evaluation: An auditor must have an understanding of the business and the competitive environment in which it operates. The auditor uses this industry knowledge to determine if there are risks that could affect the validity of the financial statements.

Testing of internal controls: The auditor analyzes the effectiveness of the company's internal control procedures. The focus is on limits of employee authorizations, protection and preservation of assets and separation of duties. Control procedures are tested to determine their strength.

In-depth examinations: If auditors find that a company's internal controls are highly effective, they may decide to scale to more intense auditing procedures. On the other hand, if ineffective control procedures are detected, auditors will conduct other financial examinations to assess the accuracy of the financial statements.

Internal controls apply to everyone

Internal control over financial reporting is not just an issue for public companies — private companies will do well to pay heed to this as well. And ICFR is not solely applicable in those instances where a startup is looking to go public in the future. With the uncertain state of current affairs, private sector financials are coming under increased scrutiny, and companies are being held accountable for having accurate financial statements.

There is a philosophic approach to internal controls that is prescriptive here: it is simply a matter of following best practices. Companies that adhere to generally accepted accounting principles (GAAP) will tend to be more efficient in their operations and will make more prudent financial decisions.

Even non-profit organizations can benefit from internal controls when reporting to donors, government agencies, and the like, because the data they need will be readily accessible.

No matter what your situation is, financial reporting demands the highest levels of integrity and accuracy — after all, the ultimate reason you are putting an ERP system in place is so you can generate accurate financial statements.