IMPLICATIONS OF

SARBANES-OXLEY ACT FOR

ERP SYSTEMS
MS7164D- Enterprise Resource Planning

ARCHA E S
M180017MS
Introduction
The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to
help protect investors from fraudulent financial reporting by corporations. The Act aims at
publicly held corporations, their internal financial controls, and their financial reporting audit
procedures as performed by external auditing firms. It is also known as the SOX Act of 2002
and the Corporate Responsibility Act of 2002, it mandated strict reforms to existing securities
regulations and imposed tough new penalties on lawbreakers.
The Sarbanes-Oxley Act of 2002 came in response to financial scandals in the early 2000s
involving publicly traded companies such as Enron Corporation, Tyco International plc, and
WorldCom. The high-profile frauds shook investor confidence in the trustworthiness of
corporate financial statements and led many to demand an overhaul of decades-old regulatory
standards.
The rules and enforcement policies outlined in the Sarbanes-Oxley Act of 2002 amended or
supplemented existing laws dealing with security regulation, including the Securities
Exchange Act of 1934 and other laws enforced by the Securities and Exchange
Commission (SEC). The new law set out reforms and additions in four principal areas:

1. Corporate responsibility
2. Increased criminal punishment
3. Accounting regulation
4. New protections

Enron and the need for Internal Financial Controls

Enron Corporation was an energy company that resulted from a combination of two
companies. Initially, Enron was just a gas provider. “Enron was founded in 1985 by Kenneth
Lay in the merger of two natural-gas-transmission companies, Houston Natural Gas
Corporation and InterNorth, Inc.; the merged company, HNG InterNorth, was renamed Enron
in 1986. After the U.S. Congress adopted a series of laws to deregulate the sale of natural gas
in the early 1990s, the company lost its exclusive right to operate its pipelines (Britannica,
2016). Enron acted as an intermediary between natural-gas producers and their customers,
and by 1994 Enron began trading electricity. With strong leadership from executives like
Kenneth Lay, Jeffrey Skilling, and Andrew Fastow, Enron was named Fortune’s “America’s
Most Innovative Company” from 1996 to 2001.

Enron was considered one of a new breed of American companies that participated in a
variety of ventures related to energy. It bought and sold gas and oil futures, built oil refineries
and power plants, and became one of the world's largest pulp and paper, gas, electricity, and
communications companies before it filed for bankruptcy in 2001. Several years before
Enron’s bankruptcy, the government had deregulated the oil and gas industry to allow more
competition, but deregulation also made it easier for companies to act fraudulently. Enron,

1|Page
among other companies, took advantage of this situation. The various misdeeds and crimes
that Enron's officers and employees committed were extensive and ongoing. Particularly
damaging misrepresentations produced inflated earnings reports for shareholders, many of
whom eventually suffered devastating losses when the company failed. Many other instances
of dishonesty and fraud also occurred, including embezzlement of corporate funds by Enron
executives and illegal manipulations of the energy market.

The Sarbanes-Oxley Act

To cut down on the incidence of corporate fraud, U.S. Senator Paul Sarbanes and U.S.
Representative Michael Oxley drafted legislation known as the Sarbanes-Oxley Act (SOX).
The intent of SOX was to protect investors by improving the accuracy and reliability of
corporate disclosures in financial statements and other documents by:

 Closing loopholes in accounting practices

 Strengthening corporate governance rules
 Increasing accountability and disclosure requirements of corporations, especially
corporate executives, and corporations’ public accountants and auditors
 Increasing requirements for corporate transparency in reporting to shareholders and
descriptions of financial transactions
 Strengthening whistle-blower protections and compliance monitoring
 Increasing penalties for corporate and executive malfeasance
 Authorizing the creation of the Public Company Accounting Oversight Board
(PCAOB) to monitor corporate behaviour further, especially in the area of accounting

In response to what was widely seen as collusion between Enron and public accounting firm
Arthur Andersen & Co. concerning Enron's fraudulent behaviour, SOX also changed the way
corporate boards deal with their financial auditors. All companies, in accordance with SOX,
must now provide a year-end report regarding the internal controls they have in place and the
effectiveness of those internal controls.

Although the Sarbanes-Oxley Act of 2002 is generally credited with having reduced
corporate fraud and increasing investor protections, it also has its critics. Some analysts have
negative views about the degree to which Congress has weakened the act over time by
withholding funding necessary to put these reforms into motion and by passing bills that
effectively counter the intent of the act. Other critics have opposed the act because it
increases corporate costs and reduces corporate competitiveness.

SOX and ERP Systems

The Act sets up mechanisms that aim to secure certain levels of financial data quality and
minimise the risk of reported financial information being unintentionally or intentionally
misleading. Most modern companies could not function without using information
technology for capturing, processing and reporting data. Therefore, IT is of crucial
importance in complying with SOX, both as a part of the initial compliance project and as an
integral part of the ongoing compliance process.

2|Page
All ERP systems have integrated modules. To illustrate, modules in mySAP such as financial
accounting (FI) and management accounting (CO) are fully integrated in that postings of
expenses in financial accounting also result in postings to cost centres in management
accounting. Other modules in areas such as sales (SD – Sales & Distribution) or procurement
(MM – Materials Management) automatically generate appropriate accounting postings to
financial accounting and to management accounting, for instance in the case of procurement
transactions. Integrated modules also share data. For example, the procurement module
registers purchase orders involving vendors who have been assigned master records within
financial accounting. In addition, within financial accounting, accounts payable and the
general ledger share data structures that record vendor transactions and their corresponding
postings to the accounts payable reconciliation (control) account in the general ledger. ERP
systems provide extensive reporting facilities within each module and support integrated
views of operational data through data warehouses and advanced reporting tools.
In general there are two main areas where ERP systems come into the SOX compliance
process:

1. Basic internal control functionalities: Providing the basic internal control functionality
framework built into ERP systems to secure data integrity, processing security and reporting
quality
2. Framework for control system management: Establishing, maintaining and supporting a
framework for the management of internal controls such as documentation of internal
controls, automation and optimisation of controlling processes, risk and control assessment
guidance and communication channels.

MySAP ERP
MySAP ERP is created based on leading industry best practices that meet, suite and support
company needs from process automation to compliance to creating transparency and control.
The solution helps companies to deploy industry standard internal controls that help
companies to practice and comply easily. SOx require companies to be faster, timely,
accurate and transparent in their financial reporting and accounting practices. My SAP ERP is
helpful in enabling companies to achieve above with industry standard processes and
automation tooling. MySAP ERP has internal control management sub module that helps in
business process modelling, internal controls documentation and identifying improvements
required in any control processes. It makes available management reports and dashboard that
help C-level executives to check the state of accounting and internal controls used. This helps
in enabling SOx compliancy for Section 302 – Corporate responsibility for financial reports
and Section 404 – Management Assessment of Internal Controls. It provides fully
configurable financials and accounting module that helps organisations to setup their
organisation structure and reporting flexibly. The general ledger in MySAP ERP helps in full
transparency and disclosure. Its available in such a way that using one information source,
multiple reports can be generated which could be suitable for various needs like legal and
management reporting. It helps companies to have periodic, timely, accurate and transparent
reporting. This helps in enabling SOx compliancy for Section 302 – Corporate responsibility

3|Page
for financial reports, Section 401 – Disclosures in periodic reports and Section 409 – Real
Time Disclosure.

MySAP ERP has a sub module available for capturing whistle-blower complaints. The sub
module helps employees to send messages about accounting irregularities noticed, directly to
the audit committee using electronic form which can also be made anonymous if required.
This helps ensure whistle-blower policy can be enabled with ease and with employee
protection while keeping the company focus on improving the accounting practices. This
helps in enabling SOx compliancy for Section 301 – Public company audit committees and
partly Section 806 – Whistle-blower protection.

MySAP ERP helps deploy stronger internal controls and segregation of duties by creation of
authorisation profiles that restrict users to specific roles and transactions in the system. This
helps in ensuring strong authorisation control and prevention of possible miss use of data due
to clear visibility of segregation of duties related conflicts. All in all it helps improve audit
compliance and reinforcement of controls and governance. This helps in ensuring compliance
for SOx Section 802 – Criminal Penalties for altering documents.

MySAP ERP has an in built audit information system, that allows internal and external
independent auditing firms to do structured audit reviews. The system has preconfigured set
of reports and activities that help auditors go through to validate required compliance as well
as find out gaps and improvements. This helps internal and external SOx auditors in
performing relevant audit checks in a structured manner.

Conclusion
Sarbanes-Oxley compliance is about managing your internal processes for reporting,
auditing, and disclosure. While no software application will make you compliant, the right
business management application can work in conjunction with your internal policies,
compliance programs, and other technology investments to increase the transparency of
financial events, ensure distribution of critical information in a timely manner, and provide
the peace of mind you need on matters of security and access.

4|Page