The Impact of Sarbanes-Oxley on the Collections Process. A Decision Analytics briefing paper from Experian

Transcription

1 The Impact of Sarbanes-Oxley on the Collections Process A Decision Analytics briefing paper from Experian February 2007

2 Introduction This briefing paper reviews how the use of an automated debt management system can help users meet the key requirements of the Sarbanes-Oxley legislation by providing confidence and consistency in calculating accounts receivable values and bad debt reserves. The Sarbanes-Oxley Act (SOX) of 2002 is a broad and far reaching piece of US legislation for corporate accountability and affects all publicly-traded companies in the US, their overseas subsidiaries and foreign companies that have US listings. The legislation contains a variety of fraud protection provisions, including requirements for auditor independence; the rotation of public accountant partners every five years and appropriate uses of non-gaap financial measures. However, it is the need for CEOs and CFOs to personally certify all financial information for accuracy, including an annual assessment of the effectiveness of internal controls over financial reporting, that is causing the most compliance headaches. And it s not just the finance department who has been affected by the new legislation. Whereas SOX had initially been mandated as a result of revenue recognition issues and corporate fraud, the scope was expanded to delve into all functions that impact the financial statement. While compliance is legally only required by US businesses as described above, many non-us organisations are using the SOX requirements as a benchmark for the functionality of their IT systems and the robustness of their business processes. The ability to more accurately predict bad debt exposure and keep close watch on potential insolvency levels is a vital consideration for businesses. Therefore, the sections of the legislation that are of most concern for Credit and Collections Departments include: Section 303 : Officers and directors of an issuer, and persons acting under the direction of an officer or director are prohibited from taking any action to coerce, manipulate, mislead, or fraudulently influence the auditor of the issuer's financial statements. The use of widely varied and subjective methods of calculating accounts receivable balances and bad debt reserves leaves open the possibility of misrepresentation through manipulation and fraud. Section 303 therefore necessitates the accurate and consistent calculation of outstanding monies as well as the documentation of, and adherence to, policies and procedures surrounding the setting of bad debt reserves. Section 404 : Issuers will be required to publish a statement in their annual reports that management of the issuer is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. This statement shall also assess the effectiveness of such internal controls and procedures and disclose any material weakness. The Impact of Sarbanes-Oxley on the Collections Process - 2

3 Businesses must have a defined and documented process for all transactions that must be consistently applied across all departments, locations and divisions. The disclosure of material weaknesses can have significant consequences to both investor confidence and credit ratings, with Moody and Fitch both stating that they may reassess ratings if significant deficiencies in internal control systems are reported. So for the collections department, SOX demands they report the true quality of receivables and outstanding monies, reliably forecast bad debt and moreover provide justification for such evaluations. Historically, the Days Sales Outstanding (DSO) figure has been used to measure the quality of accounts receivable but this makes the broad generalisation that customer payment trends are directly related to risk of default which is often not the case. The ability to group customer segments and categorise each according to most appropriate risk parameters allows companies to gain a much more accurate picture of true monies in arrears and overall bad debt risk. In the banking sector, revised capital reserve calculations as a result of Basel II have forced lenders to look closely at the role the collections department plays in risk assessment. Successful banks are combining multiple sources of custom data such as credit rating agency scores, and internal behavioural scorecards with debt management tools to draw a more comprehensive assessment of loss probabilities per segment allowing them to deploy their capital reserves more appropriately. The same approach is equally as valid for SOX, in that using historical data with profiling and segmentation tools, and in some cases predictive analytics, allows for a more accurate overview of accounts receivable and a bad debt forecast that is based on true risk rather than flat percentages. However, Sarbanes-Oxley legislates that having a justifiable bad debt risk calculation is not enough. Section 404 s stringent control requirements demand the establishment of policies and procedures for each financial process, including collections, and companies need to demonstrate that these procedures are followed. This will include ensuring that collections processes and systems comply with company wide security policies which should outline factors such as: Access controls regulating who has access to what financial related information System Authentication controls for ensuring users accessing financial information are who they say they are Audit trails controls for tracking who has accessed, modified or deleted financial information User provisioning processes for timely addition of new and deletion of old users to ensure only the appropriate users have access at any one time. The use of an automated debt management tool to implement a pre-defined collections and debt risk assessment methodology can greatly assist with instituting SOX complaint controls. Manual handling of data can leave that data open for change, either accidental or deliberate. Automating the entire receivables management process including debt risk calculation therefore removes uncertainty and risk from the process itself and ensures it is repeatable with any decisions and calculations quantifiable and justifiable and available in real time, key legislative requirements. The Impact of Sarbanes-Oxley on the Collections Process - 3

4 Ensuring that such a debt management system has security features that can be easily configured to meet an organisation s user access and audit policies will also assist the collections function in meeting 404 control requirements. Sarbanes-Oxley compliance has been, and indeed continues to be, a costly and torturous road for many. The increased attention on the implementation of controls to prevent material misstatements has dictated the need for automated IT systems that have the appropriate audit functions and can demonstrate adherence to policy and process. Forward thinking Credit and Collections Managers have realised that moving from manual systems to an automated debt management software system which ensures compliance with access controls and audit trail can also reliably and moreover immediately, provide a more accurate value for the receivable portfolio, justify write offs and calculate bad debt reserves. As a result, there will be increased board room confidence in the accuracy of financial statements while ensuring the collections function withstands auditor scrutiny. More information on the Sarbanes-Oxley Act can be found here: 1 The Chartered Institute of Accountants in England and Wales 2 The Library of Congress The Impact of Sarbanes-Oxley on the Collections Process - 4

5 720 Waterside Drive Aztec West Almondsbury Bristol, BS32 4UD, UK Tel: +44 (0) Fax: +44 (0) Website: Experian 2007 The word EXPERIAN and the graphical device are trade marks of Experian and/or its associated companies and may be registered in the EU, USA and other countries. The graphical device is a registered Community design in the EU. All rights reserved.