Preparing for a SOX Audit
Sarbanes Oxley (SOX) audits are a required oversight measure for all publicly traded companies in the United States. SOX audit requirements are different than those for other Accounts Payable audits, focusing more heavily on your data protection measures than your AP methodology. (While routine Accounts Payable audits can be performed by an internal auditor, you’ll need to hire an independent auditor for a Sarbanes Oxley review.)
During a SOX audit, you’ll need to provide comprehensive information about your internal security controls. This includes information about your access controls, backup systems, and IT security procedures. Your auditor will check information that pertains to your:
- Network & database activity
- Login activity
- Account & user activity
- Information access history
These audits can be a bit more predictable, and in turn, easier to prepare for. You can even build SOX compliance into your record management policy, making it easier to prove that you’ve established an appropriate control structure.
Delivering Documentation to Your Auditor
Depending on how you originally sent and saved your Accounts Payable documents – i.e., as emails or physical hard copies – you may need to collect them from different locations. Electronic documents may be easy to find on your computer network, but hard-copy documents may need to be searched for manually (or retrieved from an off-site storage company.)
If your auditor is coming on-site, you can easily provide them with both hard-copy and electronic documentation once they arrive. However, if they’re auditing your company remotely, you’ll need to fax, scan and email, or mail your paper documents to your auditor before they can start with their fieldwork.
Assembling all of this information can be a hassle, it’s worth it in the end. The Association of Certified Fraud Examiners found that financial statement fraud cost companies – on average – just shy of $1 million – and that the total loss across 2,410 fraud cases topped $6.3 billion.
Simplify Accounts Payable Audit Preparation with Electronic AP Records
With IntelliChief, you can easily prepare for your Accounts Payable audits (including SOX audits) without putting any extra time or thought into your day-to-day procedures. Our electronic document management system lets you easily store your transactional information and retrieve it at a moment’s notice.
Our software lets you find any document you need, from any location. Any time a new record is created, our software captures the information and adds it to a searchable index. (When a document corresponds to a transaction that’s already open, it’s automatically added to the current record for the corresponding purchase.) Even if you don’t know the file name, you can search by supplier name, account number, purchase date, or purchase amount. And with all of your records stored in an electronic repository, you don’t have to worry about documentation getting lost or damaged and delaying your audit.
If you prefer, you can give your auditor direct access to IntelliChief, allowing them to directly retrieve files and sample transactions without interrupting your team. They can access your Accounts Payable records from any computer that has Internet access – whether that’s a workstation in your office, or their own computer that they use to complete audits remotely.
Built-In Compliance Tracking
Without you having to do a thing, IntelliChief creates a comprehensive paper trail for each transaction that your Accounts Payable department processes. This lets you show your auditor which employees requested your purchases, approved your invoices, and posted your payments. (You can easily control which users can complete each workflow in your AP cycle, helping you easily ensure the separation of duties.)
Because IntelliChief only allows users with valid credentials to view your Accounts Payable documents – and because you can redact sensitive financial data as needed – you can demonstrate full compliance with the Sarbanes Oxley Act. Our software lets you easily control which users can access each type of information, ensuring complete security for your transactional information.
Preventing Accounts Payable Errors
IntelliChief also helps you automate your core Accounts Payable workflows – which means that you’re less likely to experience errors as a result of incorrect data entry and manual calculations. Our solutions ensure that you’re only paying accurate charges, on valid invoices, to the appropriate vendors, within the correct timeframe. (Because each transaction is automatically closed out once it’s been paid, it virtually eliminates duplicate invoice payments.) Electronic routing features even help you collect AP approvals in accordance with your internal policies, ensuring that steps aren’t skipped in your approval hierarchies.
Reviewing Your Accounts Payable Audit Report
Once your audit is complete, you’ll need to review the information that’s provided in your official audit report. (If you’re using IntelliChief, you can see all of their notes on a single dashboard.) Typically, your audit committee, executive director, and senior financial staff will all need to evaluate the notes before communicating the findings to your board.
Many auditors provide a list of best practices and custom recommendations, which can help you plan out your “next steps”. You’ll need to address major issues (such as financial conflicts of interest) right away, while minor concerns (such as operational inefficiencies and technological deficiencies) can be solved over a period of several months.
As part of your internal review, you may want to discuss the quality of the audit itself. The National Council of Nonprofits recommends that companies (both non-profit and for-profit) evaluate:
- The “scope, nature, and timing” of the audit
- Your auditors’ ability to effectively use the provided resources without redundant efforts
- Your Accounts Payable department’s ability to quickly provide all requested documentation
- The overall impact of the auditor’s presence on day-to-day operations
Even if your next Accounts Payable audit won’t take place for another year, it’s still important to decide how – if at all – you can make the process more efficient. That may mean finding a new auditor, implementing new technologies to help you reduce accounting errors, committing to a better organizational strategy for your financial records, or having your financial statements prepared in advance by another accountant (at a non-auditor rate). Of course, there are a number of other options to make your auditing procedures faster and more efficient, with the “best” approach dependent on a number of company-specific factors.
At IntelliChief, we’ve helped organizations in a variety of locations and industries improve their approach to Accounts Payable– and we’d love to do the same for you. We can help you implement a document management system to streamline Accounts Payable audit preparation or automate your processing and payment tasks to help eliminate duplicate payments. To learn more, contact us today, and we’ll get you started with a custom recommendation.