June 24, 2019
Financial compliance is crucial for manufacturers. The right ERP solution can help.
After decades of high-profile accounting and corruption scandals, organizations are now increasingly required to demonstrate good corporate financial governance by complying with a range of financial laws and regulations. These regulations provide incentive for organizations to minimize errors by implementing formal and systematic processes for the collection and reporting of information.
The most notable of these regulations is the Sarbanes-Oxley Act of 2002 (SOX). SOX is a corporate responsibility law that aims to improve the quality of financial reporting. To that end, SOX imposes requirements on internal controls over financial reporting. SOX is applicable to all firms registered with the Securities & Exchange Commission (SEC), which includes a large number of manufacturers.
Today’s manufacturers have strong incentives to employ sophisticated technology that can facilitate efficient, effective, and reliable control over financial reporting processes. In turn, this technology can help to expedite the audit process.
IT’s Crucial Role in Financial Reporting & Control
Information technology has long been used in manufacturing to standardize and streamline business processes. It is only in wake of regulations like SOX that IT’s crucial role in financial reporting and internal control became clear. The data is now in: Accounting errors occur at a greater rate in companies that report IT deficiencies and firms that report IT control weaknesses more often report poorer financial performance. Source
SOX is central to the role of IT in compliance for a few key reasons.
First, SOX requires that senior managers attest to the effectiveness of the company’s internal control processes, including how firms use IT to secure compliance with accounting legislation. IT systems can adequately support compliance requirements by providing senior executives with the assurances required to attest to the effectiveness of a firm’s internal controls.
Second, companies that do not comply with SOX (or who are perceived to be non-compliant by investors) face potentially severe penalties. This makes compliance an urgent priority at the highest levels of management.
While SOX itself does not directly require companies to implement IT systems to manage internal control processes, the use of IT can aid managers in their attempts to support internal control and compliance with SOX. Many financially-related transactions involve technology and other auditing standards, such as those set by the Public Company Accounting Oversight Board (PCAOB) do require the examination of these processes. Therefore, proper IT systems are essential.
An enterprise resource planning system (ERP) in particular can help manufacturers establish control over accounting and finance processes for compliance and regulatory purposes.
How does ERP help manufacturers meet their financial compliance requirements?
IT managers must ensure that the ERP selected addresses regulatory requirements for internal control over financial reporting. Motivated in part by the risk of large penalties for non-compliance, many manufacturers use cloud-based ERP to mitigate weaknesses and ensure compliance with regulatory requirements.
Let’s explore the role, use and purpose of cloud-based ERPs in relation to financial compliance.
What Is Cloud ERP?
ERP is a type of business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back-office functions. ERP solutions typically integrate all facets of an operation — including product planning, development, manufacturing, sales, marketing, HR, and of course accounting and financial reporting — within a single database, application and user interface.
Cloud-based ERP is hosted on a cloud computing platform, rather than in an enterprise data center or on servers at the organization’s premises. Because it is hosted in the cloud, a Cloud ERP system increases accessibility, allows data to be shared and applied across an entire organization in real-time, and is easier to keep updated with controls and processes that meet the latest and greatest regulatory requirements.
Compliance with SOX requires full integration between systems that may exist in different parts of the business, making ERP a natural fit for compliance efforts.
- How Cloud Solutions Can Help Manufacturers Achieve Multi-Dimensional Growth
- Four Ways Small and Medium Sized Businesses Can Get More Value from the Cloud
- Cloud Security and Your Enterprise
- The Changing Role of the CFO
- Infor CloudSuite Industrial Brochure
What Is Internal Control?
Internal control over financial reporting involves a combination of general accounting processes and IT controls. IT controls include the systems, processes and infrastructure used to capture, process and record accounting and financial data. This includes ERP.
Internal control problems are categorized by the PCAOB as either material weaknesses, significant deficiencies, or control deficiencies. Public companies are required under SOX to disclose only the most serious category, material weaknesses. Commonly reported material weaknesses involve processes and practices related to accounting, reporting, security, training, senior management, and technology.
Common IT-related control weaknesses in manufacturing enterprises include:
- Insufficient review of audit trails
- Inadequate segregation of duties over applications
- Excessive access/lack of access controls to systems and databases
- Failure to close old accounts and set up new ones
- Slow review of transactions to identity irregular journal entries
High-level weaknesses are less common. They tend to be more serious than other weaknesses because they are systemic in nature and more difficult to audit. They are also more closely associated with company failure.
Most weaknesses relate to the finer details of accounting and finance processes. At this level, it becomes a matter of scale and scope. A simple error in accounting procedures could be repeated in many places and permeate throughout the organization. Without a centralized solution like ERP, tracking down and correcting errors can be an enormous undertaking.
How Does Cloud-Based ERP Enhance the Effectiveness of Internal Control Processes?
Manufacturers can use a cloud-based ERP to develop effective internal controls over reporting processes throughout the enterprise, thus ensuring compliance with SOX and other standards.
SOX lays down strict requirements for record keeping. Auditors must be able to drill down to transaction-level details. This amount of detail can be burdensome to keep at scale. With cloud-based ERP, organizations can input data one time, in one place and have it seen and applied in real time across the entire enterprise system. Data integrity, consistency, and reconcilability can be ensured through processes such as validation steps. You get the information you need, when you need it, with user interface that can be easily customized to fit a particular industry, team, or user-without having to call on IT for help. Infor CloudSuite Industrials’s data security and access control features even make it easy to minimize access to data that could be corrupted in a way that hinders compliance.
ERPs also help firms to comply with SOX by minimizing error-prone manual steps and automating operations and reporting processes. ERPs are critical to establishing processes that facilitate the compliant collection, analysis, and reporting of data required by SOX. In a cloud-based system, these processes are easier to update and share throughout multiple business areas.
ERP enables leadership to make faster, more efficient, and informed decisions using dashboards that feature the actions and data most closely associated with specific, defined jobs, such as customer service, controller, and production planner. In a cloud-based system, this data is provided real-time. Access to real-time data allows flexible strategic decision-making and provide timely and accurate information. This is particularly relevant to the quality of accounting and financial processes, which senior management must attest to under SOX.
Finally, ERP is ideally suited for investigation into governance concerns and the use of IT for managing compliance because it provides functionality for the audit of accounting processes.
Keep in mind that when using ERP as a tool for SOX compliance the ERP itself becomes subject to SOX review. Proper management includes continuous monitoring to ensure that the controls are updated as needed. Choosing a cloud-based system helps minimize risks by applying changes across the enterprise in real time, continually receiving developer updates as industries change and new requirements emerge, and maximizing accessibility and uptime so you don’t have to rely on fallback measures due to system outages.
Mistakes Can Cost You
Even firms with good IT and cloud-based ERP systems can experience regulatory troubles if they fail to customize their ERPs to the specific requirements of their business. Implementing standardized solutions and processes according to ‘best practices’ or just going with the vendor’s out-of-the-box solution may not be enough for proper compliance. Manufacturers – especially those in highly regulated verticals like automotive, specialty vehicles, medical devices, defense, and aerospace – must consider all dimensions of their regulatory environment in their technology plans, not just financial. Failure to properly utilize the extensive capabilities of ERPs can render them less flexible and user-friendly than they need to be in order to reach compliance and stay there.
Talk to a Guide Technologies manufacturing ERP expert about your software requirements, regulatory needs, and implementation options. We’ve been helping manufacturers navigate increasingly complex technology requirements for two decades. We know we can help you, too.