How to maintain SOX compliance while exploring modern financial solutions

How to maintain SOX compliance while exploring modern financial solutions

Although we are now in the year 2022, much of contemporary American life dates back to the events of September 11, 2001. The post-9/11 era, as they call it. But 2001 didn’t end there—for those of us in the financial world, the Enron bankruptcy represented a similar key moment, the effects of which continue to play a role in processes today.

Just as the Patriot Act immediately followed 9/11, the Sarbanes-Oxley Act was passed months after Enron and similar regulatory scandals rocked business and finance. Sarbanes-Oxley – also known as Sarbox or SOX – has ensured that the conditions that allowed these scandals to happen cannot happen again. On paper, the Sarbanes-Oxley Act was intended to protect the public from the ramifications of corporate financial malfeasance. In practice, however, this has had the effect of limiting finance teams in what they can do about technology. Today, 20 years later, SOX and SOX Compliance still have a significant influence on the day-to-day operations of finance teams across the United States.

That said, given the vast digital landscape we now live in, businesses have faced challenges when modernizing while maintaining SOX compliance. The question has become how to ensure compliance while adopting technology-assisted methods of efficiency and financial management. This openness to innovation is where the fintech industry comes in. By designing their products from the outset to be fully SOX compliant, spend management firms can mitigate and control risk. associated with SOX while enabling finance teams to do much more than they otherwise would.

SOX compliance risks are myriad and can arise in all aspects of a company’s financial process, including month-end reconciliation. If there are discrepancies between a company’s payments and its records at the time of reconciliation, this indicates a lack of SOX compliance. Since reconciliation has long been a manual process, the solutions that have sought to support companies in the face of this risk have introduced the automation of procedures. Expense management platforms largely automate reconciliation. Accounting information assigned to each corporate credit card is associated with each transaction, which accountants can review, validate, and sync to ERP as journal entries.

The above review process allows the prices, quantities, and dates associated with recorded transactions and transfers to match those of their associated invoices. SOX compliance risks arise when errors are spotted or when organizations do not have the framework in place to recognize or manage errors themselves. Often, solutions circumvent this risk by allowing automatic documentation of transactions. On the transaction side, the use of company-issued credit cards ensures automatic documentation of transactions.

Purchasing and reimbursement are two big areas where companies can encounter SOX compliance risks. For example, if refunds or purchase requests are granted without company authorization or outside of established policy, this is considered a red flag. Moreover, if unauthorized purchases also lack proper documentation, the risk is compounded. Several solutions aim to eliminate this risk by automating the implementation and approval of policies.

Closely related to the broader concepts of purchase and reimbursement is that of travel expenses, which represent the largest discretionary expense item most businesses face. Companies risk violating SOX parameters without codified approval processes, especially when managerial review protocols are lacking. Financial solutions in this area continue to expand, but the options available overlay travel booking, including airfare and accommodation, on existing approval infrastructures. Businesses need to control travel spend with fund request policies, customizable approval flows, and specific budget allocation to specific employee cards.

SOX is all about preventing systemic financial fraud within organizations, thereby forcing companies to put in place internal controls. Of course, many compliance risks can result from human error, but intentional fraud remains a concern. When recorded purchases appear fictitious, unreal, or maliciously duplicated, businesses must act. However, with proper SOX controls in place, companies can identify many cases of fraud and eliminate their sources before large-scale damage is affected. Many enterprise financial solutions aim to help controllers, accountants, vice presidents of finance, and entire financial departments identify and report fraudulent transactions.

Ultimately, SOX compliance is there for a reason. Of course, the way companies do business in 2022 is significantly different from conditions as they existed in 2002, but the importance of maintaining compliance in key industries remains. As such, spend management companies should be SOX compliant and consider compliant features at every step of the process, from request to reconciliation. Within the industry as a whole, it will be exciting to see how solutions continue to tailor their offerings within SOX while mitigating potential risks, even after another 20 years.