Hello Folks, I wanted to post this sequel to my earlier How important is Sarbanes Oxley (SOX) to the Procurement function: Is Compliance really an Opportunity ? on Sarbanes Oxley and the procurement function, many SAP consultants reached out to me stating that they wanted to get additional information on tacking audits.
This typically means that they wanted information on the kind of questions that cropped up when the Auditor was around. Not just that but more references, reading detours and check-lists.
As always, I want to commence the story line with a few FAQ’s around the topic, the Blog is the answer
1) What are typical audit questions that we need to prepared for?
2) Do I need to do last minute arrangements, or there is a pre-defined strategy to tackle these audits?
3) How much time does it take to actually stand-up the system for the SOX audit?
4) Are the auditors well aware of where to look in the system for Audit points and also SAP know-how?
5) Are there frameworks available for implementing SOX audit controls in the SAP
There are several questions around various business objects in the Procurement space. Am sure that each section has its own audit flavor but lets see some illustrations in the graphic below, for the nature of questions.
I was scared when I had my first audit and why should I not be, simple reason being “I was un-prepared”
But after going through the most important sections that impact procurement and somehow incorporating it in the way Supply chain viewed it, made it so much easier and professional to prepare for such audits. More important was the demonstration of confidence to the SOX auditor and a pat on the back after that audit on being close to compliant world class best practices.
“Compliance viewed as an opportunity”,the theme from my previous Blog wasn’t just a curtain raiser, but had lots of meat and potential in it for folks that saw beyond the typical transactional view of things.
If you ever want to go back that road and see what you missed by not being aware, do so now, since its not a “nice to have, but the law”
In my recent experiences trying to anchor some RFP’s, I’ve got customer questions around SOX and its touch-points to SAP CLM, SRM.
It also extends beyond just compliance and moves more towards a Sustainable approach to doing things gracefully
Think of a situation where you had challenges like the ones mentioned below for Contract Life cycle Management space and needed SAP CLM to address this need enterprise wide when implemented.
Voice of the customer: “do I have visibility as a Contracts Specialist”
Purchasing Obligations reporting:
Contracts with cancellation penalties
Contracts with minimum purchase requirements
Are Proper processes followed?
Are Proper approvals requested-received?
is Proper documentation submitted in its entirety?
And finally one last effort: Do I need to Identify and interview numerous people involved with the sourcing/contract process to see how deep I am with problems, if any?
Some typical outcomes for immediate implementation in the Procurement applications.
Incorporate SOX/SEC reporting configuration in module
Add purchasing obligation fields to capture required data elements
Add control reports and workflow to ensure Contract Managers comply with process
Create reporting table within each contract business document
Create summary report that aggregates all purchasing obligations into single report and set up scheduled reports to be delivered to the CxO level.
Very quick references
For those of you who are really looking at SOX compliance features around critical areas of Enterprise-wide Contract management, SAP Contract Life cycle Management has it all for you. If you want the specifics, please read Emily Rakowski’s article surrounding Compliance in the Contract Life cycle management space.
Article: Keeping Tabs on Contract Management
Author: Emily Rakowski
Also suggest you to visit the Securities Exchange Commission (http://sec.gov/about/laws.shtml ) website to read the SOX 2002 Law, just once to actually figure out, how you can spot areas in the Enterprise application that you are dealing with.
If I ever put a parallel Blog in the future, that would be a comprehensive questionnaire surrounding each business object in Sourcing, Procurement and the Contract Management space. But that’s only if you folks feel it’s relevant.
Please collaborate on this one and let me know, if such an exercise and demonstration would really benefit the SAP Procurement end-user community
Follow me on twitter @tridipchakra
Note: We have addressed only question 1, for the remaining questions, come prepared with all the dope for the next Blog part 3 of SOX and the Procurement function.
…Waiting to see you there…cheers…Tridip