Though we now find ourselves in 2022, much of contemporary American life traces back to the events of Sept. 11, 2001. The post-9/11 era, they call it. But 2001 didn’t stop there — to those of us in the financial world, Enron’s bankruptcy presented a similar keystone moment, the effects of which continue to play a role in today’s processes.
Just as the Patriot Act immediately followed 9/11, the Sarbanes-Oxley Act passed a few months after Enron and similar regulatory scandals rocked the corporate and financial worlds. Sarbanes-Oxley — also known as Sarbox or SOX — ensured the conditions that allowed those scandals to take place could not arise again. On paper, Sarbanes-Oxley aimed to protect the public from the ramifications of corporate financial malpractice. In practice, however, it’s had the effect of limiting finance teams regarding what they can do vis à vis technology. Now, 20 years later, SOX and SOX compliance are still significant influences on the day-to-day operations of finance teams across the United States.
That said, given the vast digital landscape in which we now live, companies have faced challenges when modernizing while maintaining SOX compliance. The question has become how to ensure compliance while embracing technology-assisted efficiency and financial management methods. This opening for innovation is where the fintech industry comes into play. By designing their products from the ground up to be fully SOX compliant, spend management companies can mitigate and control the risks associated with SOX while allowing finance teams to do so much more than they would otherwise.
SOX compliance risks are multitudinous and may present themselves across all aspects of the corporate financial process, including month-end reconciliation. If there are discrepancies between a company’s payments and its records at the time of reconciliation, this indicates a lack of SOX compliance. As reconciliation has long been a manual process, solutions that have sought to assist businesses with this risk have introduced automation to the proceedings. Spend management platforms largely automate reconciliation. The accounting information assigned to each corporate credit card is associated with each transaction, which bookkeepers can review, validate and sync with the ERP as journal entries.
The above review process allows the prices, quantities and dates associated with logged transactions and transfers match those on their associated invoices. SOX compliance risks arise when errors are spotted or when organizations lack the framework to recognize or self-govern errors. Often, solutions circumvent this risk by enabling automatic transaction documentation. On the transaction side, the use of company-issued credit cards ensures the automatic documentation of transactions.
Purchasing and reimbursement are two huge areas where companies can encounter risks to SOX compliance. For example, if reimbursements or purchase requests are granted without company permission or outside of established policy, this is seen as a red flag. Moreover, if unauthorized purchases also lack appropriate documentation, the risk is compounded. Several solutions aim to eliminate this risk by automating policy implementations and approvals.
Closely related to the broader concepts of purchasing and reimbursement is that of travel expenses, which represent the single largest discretionary spending item that most companies face. Companies risk violating SOX parameters without codified approval processes, especially when managerial review protocols are lacking. Financial solutions in this area are still growing, but available options layer travel booking, including airfare and accommodation, onto existing approval infrastructures. Companies need control of travel expenses through fund request policies, customizable approval flows, and specific budget allocation to specific employee cards.
Above all, SOX intends to prevent systemic financial fraud within organizations, thus forcing businesses to set up internal controls. Sure, many compliance risks can come about through human error, but intentional fraud remains a concern. When recorded purchases appear fictitious, unreal or maliciously duplicated, businesses must take action. However, with proper SOX controls in place, companies can identify many instances of fraud and eliminate their sources before large-scale harm can be affected. Many corporate financial solutions aim to help controllers, bookkeepers, vice presidents of finance and entire finance departments identify and report fraudulent transactions.
When it comes down to it, SOX compliance is there for a reason. Sure, the way companies do business in 2022 differs significantly from conditions as they existed in 2002, but the importance of maintaining compliance in key industries remains. As such, spend management companies need to be SOX-compliant and consider compliant features every step of the way, from request to reconciliation. Within the industry as a whole, it will be exciting to witness how solutions continue to adapt their offerings within the confines of SOX while mitigating potential risks, even after another 20 years.
