Using Process / Workflow Automation to Meet Internal Control Requirements

The Sarbanes-Oxley Act prescribes various accounting, reporting and control requirements that companies must meet in order to support the intent of ensuring that financial statements are accurate and trustworthy. Using process automation tools is a cost-effective way to support fulfillment of these requirements.

Specifically, Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are “responsible for establishing and maintaining internal controls” and “have designed such internal controls to ensure that material information relating to the company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.” [1]

Furthermore, Under Section 404 of the Act, management is required to produce an “internal control report” as part of each annual Exchange Act report. See 15 U.S.C. § 7262. The report must affirm “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.” 15 U.S.C. § 7262(a). The report must also “contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” To do this, managers are generally adopting an internal control framework such as that described in COSO. [2]

Process automation tools, in conjunction with a solid process design, supports the execution of many of the following internal control activities:

  • 1. Existence (Validity): Only valid or authorized transactions are processed (i.e., no invalid transactions)
  • 2. Occurrence (Cutoff): Transactions occurred during the correct period or were processed timely.
  • 3. Completeness: All transactions are processed that should be (i.e., no omissions)
  • 4. Valuation: Transactions are calculated using an appropriate methodology or are computationally accurate.
  • 5. Rights & Obligations: Assets represent the rights of the company, and liabilities its obligations, as of a given date.
  • 6. Presentation & Disclosure (Classification): Components of financial statements (or other reporting) are properly classified (by type or account) and described. [3]

Control activities may also be explained by the type or nature of activity. These include (but are not limited to):

  • 7. Segregation of duties – separating authorization, custody, and record keeping roles of fraud or error by one person.
  • 8. Authorization of transactions – review of particular transactions by an appropriate person.
  • 9. Retention of records – maintaining documentation to substantiate transactions.
  • 10. Supervision or monitoring of operations – observation or review of ongoing operational activity.
  • 11. Physical safeguards – usage of cameras, locks, physical barriers, etc. to protect property, such as merchandise inventory.
  • 12. Top-level reviews – analysis of actual results versus organizational goals or plans, periodic and regular operational reviews, metrics, and other key performance indicators (KPIs).
  • 13. IT Security – usage of passwords, access logs, etc. to ensure access restricted to authorized personnel.
  • 14. Top level reviews – Management review of reports comparing actual performance versus plans, goals, and established objectives.
  • 15. Controls over information processing – A variety of control activities are used in information processing. Examples include edit checks of data entered, accounting for transactions in numerical sequences, comparing file totals with control accounts, and controlling access to data, files and programs. [4]

Process automation tools support the vast majority of these control objectives and activities as well through the use of sound process design in conjunction with an automated rule-based workflow control and monitoring engine that oversees the execution of all processes. The workflow control engine ensures that all processes are activated and controlled based on time schedules and user defined (no programmers needed) triggers/routing conditions. The engine captures a perfect and unalterable audit trail of the company’s compliance with required processes, identifiable at the specific user level of responsibility. This audit trail is connected to a “business intelligence” reporting engine that cost-effectively documents such compliance (or lack thereof).

Process automation environments have dropped in price tremendously due to the declining cost of technology. LeanVista has years of experience in putting these kinds of environments to work to meet internal control reporting requirements. Contact us to get our perspective on how process automation can help your company meet Sarbanes-Oxley internal control requirements in a risk managed and cost-effective way.

Consider Using Process Automation Tools To Ensure ITIL® Implementation Success

OK – you’ve decided to implement ITIL® processes and you’re trying to figure out ways to make it really work well. Consider using process automation/management tools to implement your ITIL processes! These tools unite an organization’s people, process (ITIL or Business Processes), and technology in a seamless cost effective manner that significantly increases productivity and profitability. How so? These tools…

1. Increase Organizational Visibility – these tools make it possible to tie processes and tasks to specific department, teams and individual contributors in a way that allows you to see your true capacity to perform work. You can see who is over utilized or underutilized. You can see how much work gets done and how long it takes at every level of your organization. This gives you the ability to make evidence-based decisions on the impact of taking on new work (scale up or use the existing staff?) and making key delivery commitments.

2. Enable Real-Time Speed – these tools are driven by workflow decision engines that eliminate slack time between tasks. The engine can tell when a task is done and immediately securely move the task (and its deliverable) along to the next contributor (even a customer or supplier). One of the best ways to ensure a task gets finished on time is to start it on time.

3. Improve Quality – One of the major reasons that quality suffers is because key steps are missed in the creation of a deliverable, as well as missing opportunities to examine the deliverable along the way to ensure key specifications are met along the way. Process automation ensures that no steps are missed, and that work products are routed through key inspection points without fail.

4. Ensure Accountability / Regulatory Compliance – Process management tools track when tasks are started, when they are completed, and how long they took to complete. That provides an unmatched ability to see who is performing, who needs coaching, and who needs a new assignment. The workflow engine keeps a perfect unalterable audit trail of all activities, so you’ll pass your Sarbannes-Oxley (SOX) audit with flying colors.

5. Deliver Financial Performance – Process management and automation is key to eliminating the Seven Wastes (check out Lean for Service/Six Sigma for a definition) inherent in poorly thought-out processes. Eliminating waste lowers cost, improves margins, retains/gains customers and speeds up cash flow. Process automation literally pays for itself many times over.

The result is an improved capability to compete. Process automation/management tools have steadily declined in price and are now within reach of just about every organization, no matter how large or small. It’s “found money” when you take advantage of them. Use process automation/management tools to implement your ITIL processes.

Frank Herman is a Principal for LeanVista LLC. LeanVista improves business performance through the application of improved business and technology processes.