Sarbanes-Oxley Cash Reconciliation & Treasury Issues: A Brief Summary
SAS70 (Statement of Accounting Standards No. 70) was developed by the American Institute of CPAs (AICPA) as a standard audit approach for service companies to use with their customers instead of customers individually auditing the services companies.
On June 15, 2011, the SSAE 16 (Statement on Standards for Attestation Engagements No. 16) replaced the SAS70.
The SSAE 16, Reporting on Controls at a Service Organization is the next evolution in examining a service provider’s controls and rendering an opinion for the provider’s customers.
Note: The SSAE 16 is also referred to as Service Organization Controls (SOC) SSAE 16, and includes a number of improvements in the examination of service providers.
As Treasury Software is not a service provider, it does not fall within the scope of these standards. Treasury Software obtains certification from independent software testing agencies in conjunction with its Microsoft Gold Certified Partner status. For information on Treasury Software's Microsoft partner status, please visit Microsoft.
Overview
The Sarbanes-Oxley Act of 2002 has been the topic of articles, books, web sites, radio shows and television shows. It's a topic that's getting a lot of attention, but it can be confusing.
Here's a simplified summary:
The intent of Sarbanes-Oxley (also called Section 404) was to 'clean-up' and get corporate governance back in place. It legislated what seemed to be mostly common sense and proper judgment. But now, in the wake of countless corporate accounting scandals, common sense practices must now be regulated.
In part, Sarbanes-Oxley covers the way a corporation deals with its:
- top employees and directors
- external auditors
- shareholders
One of the areas that typically causes top corporate management concern is the requirement to assert tightened internal control and financial reporting requirements.
Annual reports now include an assessment by the company's external auditor regarding whether their systems and financial reporting procedures are capable of providing accurate and complete financial statements.
In addition, Section 103 requires the external auditor's evaluation to address controls that "receipts and expenditures of issuers are being made only in accordance with authorization of management and directors."
What Can You Do?
As cash is the number one asset used in misappropriation, the most basic control is to conduct proper and timely bank reconciliations.
Timely and accurate bank reconciliations are the foundation of any company's anti-fraud plan.
In the Association of Certified Fraud Examiner's 2002 Report to the Nation: Occupational Fraud and Abuse, over 70% of all occupational fraud involve cash misappropriations.
Furthermore, the survey inquired whether the fraud could have been prevented, and an overwhelming 86% of the respondents said 'Yes' - if proper controls, such as timely bank reconciliations, were in place and enforced.
In a CFO magazine survey, only 11% of 245 CFOs said that spreadsheet-based control reporting was accurate enough to make senior executives confident about certifying their company's' financial data, as the Sarbanes-Oxley Act requires.
For the 89% (and other 11%) of the CFO's, we recommend adopting stronger internal controls and using a program designed, tested and documented for the bank reconciliation task.
Are Treasury Software solutions compliant with SOX?
Treasury Software solutions can help an organization's processes become SOX compliant by assisting in the internal controls and documentation of the financial processes.
Software, by definition - in itself, cannot be classified as compliant.
Section 404 of the Act contains two parts:
Section 404(a) describes management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting and assessing the effectiveness of internal control over financial reporting.
Section 404(b) describes the independent auditor's responsibility for attesting to, and reporting on, management's internal control assessment.
Sarbanes-Oxley does not approve or set standards for software compliance. Compliance under the act is for internal control processes only (not software). No software company, whether Microsoft, Oracle, Citrix, etc... has products which are Sarbanes-Oxley compliant.
Treasury Software
Treasury Software is a leading provider of client-side file creation and transmission software for Positive Pay and ACH, as well as bank reconciliation and custom cash management solutions. Treasury Software is a Microsoft Gold Certified Partner, QuickBooks Silver Developer, and winner of the Gold Cup Award from CPA Software News. Treasury Software products are easy to use, secure and cost effective.
For more information: www.TreasurySoftware.com or 866-226-5732.