By Don ThompsonSarbanes and Oxley Act of 2002 (SOX or “Sarbox”) has mandated stringent auditing requirements for public companies across America. The Act aims to prevent lax documentation and auditing fiascoes that can (and did) bring down important public corporations, with untold damage to the economy and the shareholder public. Record keeping and seamless documentation of expenses are at the heart of good SOX compliance. The results are audited by both internal and external auditors.
If any “significant” documentation shortcomings cannot be fixed within a matter of months, the corporation might be forced to report it in its annual report, which would of course damage shareholder trust and peril the company’s future. Since travel and expense is a major source of recurring expenditure for most corporations, it is crucial that a T&E system is in place to insure correct record keeping, policy auditing, expense approving and report generation at all levels within the organization. Here is a checklist to help you decide whether your T&E software is good enough to satisfy the SOX compliance criteria and help you minimize your liabilities: 1) Does your T&E software allow for policy configuration and policy auditing of individual expense reports? This is a key requirement that you should definitely insist on when purchasing your T&E software. Expenses made, reported and approved contrary to or regardless of corporate-, department-, or project-level policies become liabilities during a SOX audit. The existence of documented (electronically or written) policies is the very first thing a SOX auditor will focus on. But that’s not enough. The same policies should also be enforced electronically through your T&E system; otherwise you have no audibility. 2) Does your T&E software provide security measures so that only the authorized personnel can access the administrator role and configure the corporate T&E policies? If the parameters and limits of such policies can be changed at will by unauthorized personnel, it will certainly put you at risk of having a “significant deficiency. “3) Can your T&E software itemize the hotel and transportation bills properly? Does it allow the bills to be submitted instantly without delay, no matter where the employee might be in the world? Does it track and account for taxes paid in different tax areas like city, state or province? Does it take into consideration the local currency? 4) Does your T&E software provide Work Breakdown Structure hierarchical reporting capability? This provides the necessary accounting to ensure your costs are managed and billed correctly. 5) Does your T&E software provide a reliable Approval Workflow that can be configured easily by the Administrator? Such workflow capability provides the necessary controls to ensure that travel is approved before your employee or contractors book their travel. 6) Does your T&E software provide a way to capture an image of the expense receipts electronically? Can these images be attached electronically to the expense report itself? Such documentation is indispensable for a corporation. If and when there is an allegation of malpractice or fraud, electronic image records with secure time stamps can be used as evidence in a court of law. 7) How long and how safe the T&E records are kept? Record retention is another important aspect of SOX compliance. Typically, records must be kept for seven years. Is your T&E data backed up regularly? Is it kept safe in a mission-critical data facility? If your T&E data is lost for one reason or another it will not look good in the eyes of the SOX auditors. 8) Can your T&E software easily generate separate expense reports made available to your CFO and other related departments within the organization? Can the data be exported as Excel sheets, the favorite data format for your finance department? Company officials with easy access to reports will prepare their staff for the SOX audits with the kind of high self-confidence that will show during the review. 9) Does your T&E software have documented process controls in place to ensure highest-level data privacy and consistent report generation? That’s the kind of robust system control that impresses a SOX auditor. There are a lot of T&E software packages out there but they differ in the way they comply with SOX rules; and more importantly, the way they secure your data. (NOTE: This article is written for information purposes only and does not intend to dispense any legal or tax advice. Please consult your attorney or CPA for legal or tax advice.
#)—————————————————————————Don Thompson is the Director of Marketing of , an online Travel and Expense SaaS software platform that provides Multi-Policy Compliance auditing and management capabilities for business enterprises.