Sarbanes-Oxley a Hassle? Yes, but you can use the pain of SOX to create a much better credit department
The Sarbanes-Oxley Act remains a key issue for publicly traded firms because compliance is mandatory and the consequences for not doing so are dire.
For credit departments, one of the keys to success is that you must institute procedures that are “repeatable processes.” “Repeatable,” because Sarbanes Oxley is not a one-time event, and “processes,” because it will require systems that ensure ongoing compliance. The upside to SOX compliance, if implemented thoughtfully, is improved credit decision-making, thereby improving profits, responsiveness, and your value to your company.
Section 404: Background
Section 404 of Sarbanes-Oxley requires that you include a report by management on your company’s internal control over financial reporting. This includes:
- A statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting at your company;
- A statement identifying the framework used by management to evaluate the effectiveness of internal controls;
- Management’s assessment of the effectiveness of internal controls at the end of the company’s most recent fiscal year; and
- A disclosure of material weaknesses.
Of course, all of these have direct impacts on accounts receivable, usually the largest asset on the balance sheet.
The aim of Section 404 is to ensure accurate representation of assets, requiring receivables to be qualified and quantified. And that’s not all. You must provide justification for those evaluations. All of this is cumbersome if done manually. Many firms will attest to the immense amount of time their credit department spent on their first SOX certification. For this reason, companies are implementing systems that improve their credit processes. Thus, it clearly can offer big dividends if you implement improvements to your credit evaluation capabilities, since Sarbanes-Oxley is not gong away any time soon.
Certification has placed a magnifying glass on credit departments, since CEOs and CFOs must personally certify all financial information for accuracy. There has been a greater emphasis on internal controls for sharing information easily and accurately.
Certification has placed a magnifying glass on credit departments, since CEOs and CFOs must personally certify all financial information for accuracy. There has been a greater emphasis on internal controls for sharing information easily and accurately. Even the reporting structure for many heads of credit departments now is either directly or indirectly reporting to the CEO or CFO. As a result, “upstream certification” is being required by many organizations.
Questions to Help You Think the Issues Through
With the need to ensure controls and compliance, you’ll want to step back and assess your credit procedures from both a big picture and a detail standpoint. Here are a number of questions that can help you with this process:
- Are your credit decisions likely to be subjective?
- Can your policies be inconsistently applied across departments, locations, or divisions?
- Do your decisions lack insufficient justification and rationale? Are your conclusions reasonable?
- Are accounts regularly reviewed to truly reflect the current state of your receivables portfolio?
- Is your bad debt reserve reliably forecasted?
- Is your process of auditing data manual?
- Is the data difficult to compile?
There are many software systems that can provide the framework for more efficient credit processes, especially for credit risk identification and assessment. The goal of most is to enable objective decision making along with reporting to support compliance. Once in place, compliance is built-in rather than an “out of the ordinary” project.
Make the Right Decisions With Consistency
Today, credit professionals must make on-the-spot decisions accurately. Typical A/R systems store past performance data, but do not provide any credit decision-making support. Credit scoring can assist your organization by quickly transforming your raw credit data into intelligent, reliable day-to-day decisions.
Here are the goals of a rules-based scoring system, if applied properly:
- Consistently and objectively apply corporate policies with all staff
Incorporate both internal (A/R) and external (credit agencies, financials, references, etc.) data
- Accommodate differing levels of information available on accounts
- Customize models based on your firm and business environment, including multiple models
- Recommend credit lines based on scores and your policies, thus enabling delegation with confidence
- Store decision information for the audit process
As you can see, all of this fits in directly with the mandates of Section 404 of SOX, since a robust system results in a reproducible decision process. Not only do you have greater control over your credit decisions, but you also simplify the process of validating decisions for Sarbanes-Oxley compliance with your auditors.
Keep in mind: If you only rely on manual reviews of credit reports, you will still be prone to inconsistent decisions and get little Sarbanes-Oxley compliance support.
Easily Manage Receivables Portfolio
The goal of SOX is to report the TRUE quality of your receivables. How do you determine the quality of your receivables portfolio? Historically, most credit executives used the Days Sales Outstanding (DSO) figure to measure the quality of their accounts receivable. This assumes, of course, that customer payment trends are related to risk. Actually, how a customer pays your firm is often a poor indicator of risk. Many high-risk customers pay promptly or within acceptable terms. Conversely, low-risk customers often are given longer terms to accom modate special inventory programs.
A credit score that uses many types of credit information to evaluate a customer’s risk is a better measurement than one single factor, such as how that customer pays your firm. If this is true when evaluating a single customer, it is also true when evaluating all of your customers.
Here are some ways to leverage the risk score in your A/R portfolio to develop true “portfolio management:”
- Break out the total amounts owed by risk category for an accurate overall portfolio picture
- Be able to review the portfolio report for any segment of your business, such as product channels or business units
- Examine your risk category reports based on available credit to enable you to see potential sales opportunities
- Accurately forecast bad-debt reserves based on risk rather than flat percentage.
In addition, performing regular on-going account reviews and credit line re-evaluations also becomes mandatory to reflect the current portfolio condition. With an automated credit scoring system, portfolio reviews can be run in seconds. Reporting tools can help you efficiently identify accounts requiring immediate attention and isolate accounts requiring intervention in the risk review process.
Document Decisions for Straightforward Audit Process
If you have implemented a good system, you will have the evaluation process under control and can quantify the true value of the portfolio. Reporting this information can be time consuming if data capture methods are manual and must be compiled from disparate systems across business units and/or regions. We have all heard the stories of how individuals or teams are spending time just compiling reports rather than performing value-added duties.
You might try to rely on Word and Excel files to document internal controls, but that approach would generate hundreds of files. It may be fine for the first year of 404compliance. But on an ongoing basis, it will be difficult to maintain controls using those products. Using a database approach, you can automate and simplify reporting necessary for compliance.
A properly implemented credit system will deliver:
- Reporting that highlights key information quickly and accurately
Justification of individual account’s credit lines and terms in credit summary reports rather than the typical piecemeal approach from disparate systems and paper files
- Detailed financial reports using comparative data which can help you better grasp a firm’s financial health
- Credit information and decisions that can be tracked and stored in the system
- The ability to integrate information from disparate systems so tracking across the organization is less complicated
- Audit logs showing who approved, when approved, why, etc.
In summary, a good system can improve your credit department’s ability to consistently make objective decisions. Consequently, you will have greater control of the credit decision process for confidently reporting the true value of your receivables and certifying for compliance. Moreover, internal controls will be documented as well as the supporting materials for justifying decisions. In the end, compliance becomes part of your everyday process so you can meet Sarbanes-Oxley mandates today and into the future.
Joe Granda is Vice President of Business Development at Credit & Management Systems (CMS), Lake Bluff, IL. He can be reached at 847-735-9700; www.icmsglobal.com.