Wanna buy some SOX?
Talk about over-used and abused. SOX compliance is one of those buzz words that just about eveyone has a “solution” for. Google “Sarbanes-Oxley” and you get over 27 million hits. Google “SOX compliance” and you get just under 5 million hits. That’s a lot of hits. But what does it mean for your contracts? Or more specifically, what does it mean for your purchasing contracts?
Have I got an Act for you…
A recent article from SAP INFO got me thinking about these questions. Time to get a handle on what the Sarbanes-Oxley Act means for those who create and manage contracts on a daily basis.
If I’m buying a load of sox, do I need to worry about SOX?
For large US companies (and international companies who list in the US), the answer is yes, you do need to worry. In particular, it seems, you need to worry about section 404. Or if you don’t, then your boss does.
Section 404 is all about internal controls for financial reporting:
- management must establish and maintain internal controls
- management must assess whether they’re working
- management must report on all this in the company’s annual report
- the auditors must report on management’s report
So, when you go buying sox (or anything else for that matter), the executive suite needs to be able to say that there are adequate controls in place to ensure that your contracts don’t mess up the company’s financials. They need to know that you can’t just go and buy sox worth $100 million when the company only needs $100 worth. Or that if you buy sox that turn out to be a fire hazard, the contract passes that risk on to the company responsible. If there are no such controls, and they have no idea what risks and liabilities are buried in your purchasing contracts, then they need to report on those weaknesses and have the auditors tick off that report.
One firm that paid a heavy price for weak internal controls is Adecco, a global temp agency with about 700,000 employees and annual turnover of $20 billion. According to a report in The Economist (19 May 2005), material weaknesses in Adecco’s 2003 accounts meant that the auditors refused to sign-off without first checking every single transactions worth over $100. Six months, 160 auditors, 15 law firms, and $120 million in fees later, the accounts were signed off. In the words of Adecco’s John Bowmer “It was a fee fest”. Ouch.