Post on 11-Jan-2016
Copyright©2004 Cathy Cakebread
Oracle Receivables and Sarbanes-Oxley
Cathy Cakebread - ConsultantNorthern California OAUG
July 2004
Copyright©2004 Cathy Cakebread
Agenda What Is Sarbanes-Oxley? Who Is Impacted? Which Are the Main Sections That Impact
Us? How are Your Internal Controls? Assess Risks and Controls Document Policies and Procedures Close and Reconcile the Period Control Revenue Recognition Sarbanes-Oxley Links
Copyright©2004 Cathy Cakebread
Sarbanes-Oxley Act Public Company Accounting Reform and Investor
Protection Act of 2002 - Enacted by Congress – Signed July 2002
Major Concepts: Executive Accountability CEO and CFO Certify Accuracy of Financial
Reports Document and Audit Internal Controls and
Procedures Document Risks and Mediation Real Time Disclosure of ‘Material Events’ Proper Retention of Records
Copyright©2004 Cathy Cakebread
Who Is Impacted? Organizations
Publicly Traded Candidate for Merger or IPO International Company with Stock Traded in US Basically - Everyone
Personal Responsibility CEO, CFO, President, Board? CIO?
Internal Impact Finance, IT, Manufacturing, Sales … Whole Company!
Copyright©2004 Cathy Cakebread
Section 302 – Corporate Responsibility for Financial Reports
CFO, CEO Certify Financial Report Accuracy
Document and Disclose Internal Controls and Procedures
Identify Deficiencies, Weaknesses and Potential Fraud with Remedies
Copyright©2004 Cathy Cakebread
Section 404 - Management Assessment of Internal Controls
Establish and Maintain Proper Internal Controls and Procedures
Assess Effectiveness of Internal Controls
Insure That Company Transactions Are Properly Reported and Controlled
Utilize a Controls Based Approach Perform Periodic Review of Controls
Copyright©2004 Cathy Cakebread
How Are Your Internal Controls?
Do you Have Proper Separation of Duties? Take advantage of Custom Responsibilities and
Functional Security Have You Documented Your Processes, Policies,
Procedures? Up to Date? Actually Used?
What Controls Are in Place? Your Close Procedures Invoice Forms Cash Handling…
Do You Use Spreadsheets for Critical Reporting?
Copyright©2004 Cathy Cakebread
And… How Confident are You of the
Accuracy of Your Data? Do You Control Manipulation of
Your Data (e.g., By IT) Are You Using Approvals?
For Adjustments? For Credit Memos? Are Your Customizations Still
Controlled?
Copyright©2004 Cathy Cakebread
Assess Risks and Controls Think About and Document How
Someone Could Cheat Using the System?
How Do You Prevent It? How Do You Know When It Happens
(If It Can’t Be Prevented?) What Are You Doing to ‘Get Around’
the System and it’s Controls?
Copyright©2004 Cathy Cakebread
User Controls Do You Utilize Unique Usernames and
Passwords? Have You Defined Appropriate Limited Access?
Frequent Review Of Responsibilities Define View Only Access As Needed Who Has Update Capabilities?
Controls to Restrict Based on Need Watch Out For Customers and Who Can Perform
Which Tasks Do You Check Record History?
Who and When for Adds and Updates
Copyright©2004 Cathy Cakebread
IT Controls Have You Controlled Data Correction?
You May Have No Choice – Then How Controlled? Do You Avoid Shared Usernames and
Passwords? – User and Database Do You Restrict Access to Data?
View Only Limit What Can Be Viewed
Update Strictly Controlled
If Changes are Made, Document What, Why, How, When, and By Whom Include Patches and Upgrades
Copyright©2004 Cathy Cakebread
Identify ‘Major Events’ How Do You Define These? How Will You Know When They Occur? How Will You Inform Your Executives?
Who? When? How? Examples:
Loss or Bankruptcy of Major Customer Major Payment Is Late Invoice/Order Over $X Major Write-offs Sales Expected to be Below Projection Major Project is Behind Schedule
Copyright©2004 Cathy Cakebread
DocumentPolicies and Procedures
Document Policies Review and Document Procedures/Processes
Utilizing Best Practices Identify Risks and Controls For Each Procedure
What Are They? How to Avoid Risks? How Will You Know When Exceptions Occur?
Actual Use of Policies and Procedures Validate Effectiveness
Internally Auditors
Copyright©2004 Cathy Cakebread
Key Processes Customer Maintenance
Who Can Add, Change, Inactivate? Who Controls Credit Limits? Who Can Change Names? What Are Your Controls for Adding New
Customers? Addresses? Inactivating? Invoices/Debit Memos/Credit Memos
Do You Use Separation of Duties? Are the Actual Forms Locked up? Have All Interfaced Items Made It?
How do You Know? Who is Responsible?
Copyright©2004 Cathy Cakebread
Corrections Credit Memos
What Controls Do You Have? Who Can Create Credit Memos? What is Your Monitoring Mechanism?
Especially if Over $x Adjustments
Do You Really Use Limits? And Varying Levels of Limits?
Check For Multiple Adjustments on Single Item?
Copyright©2004 Cathy Cakebread
Receipts Payments Received
Utilize External Lockbox? Control Cash Received in House? Handling of Non-AR Cash?
Credit Card Processing Prevent Fraud? Pre-Authorize? Protect Customer’s Credit Card Information? How do You Deal with ‘Stuck’ Items?
Copyright©2004 Cathy Cakebread
Visibility Collections
Restrictions on Who Can See What? On What Collectors Can Do?
Reporting of Doubtful Accounts and Bankruptcies? Disputes?
Reporting Who Can View Key Reports? Who Can Run Key Reports?
Copyright©2004 Cathy Cakebread
Close Process Make Faster and More Efficient Insure Proper Controls in Place Perform Reconciliation with Aging Verify Reconciliation with GL Create Month End Packet
Retain as Needed See www.cathycakebread.com for Close
Checklist and Paper on Improving Close Process
Copyright©2004 Cathy Cakebread
Control Revenue Recognition SAB 101 –
SEC – Staff Accounting Bulletin SOP 97, 98 –
AICPA – Statement of Position
Hot Topic! Lots of Scrutiny and Visibility!
Copyright©2004 Cathy Cakebread
Key Concepts Persuasive Evidence of an
Arrangement Exists, Delivery Has Occurred or Services
Have Been Rendered, The Seller’s Price to the Buyer Is Fixed
or Determinable, And Collectibility Is Reasonably
Assured
Copyright©2004 Cathy Cakebread
Sensitive Areas Deferred Revenue
Maintenance/Support/Subscriptions/Service Items Where Acceptance Is Required Where You Can’t Start Recognition Until
Another Event Occurs And
Sales of Future Items Arrangements (Related Sales) Standard Terms and Exceptions Return/Refund Policies
Copyright©2004 Cathy Cakebread
Revenue Recognition Questions to Ask Do You Have Items Where Revenue Can’t
Be Recognized Upon Shipment? Does the Person Entering the Order
Know When the Revenue Should Be Recognized?
When Do You Know? How? What Determines When Revenue May Be
Recognized? Do You Have Standard Payment Terms?
Do You Ever Have Exceptions?
Copyright©2004 Cathy Cakebread
And Do You Have a Return Policy? E.G., Full
Money Back in 30 Days? Do You Use ‘Arrangements’ With Your
Customers (Where the Revenue for One Invoice May Not Be Recognized Until the Subsequent Items Ship)?
How Do You Deal With the Revenue for Invoices Where You Don’t Expect to Receive Payment?
Copyright©2004 Cathy Cakebread
And Do You Use Standard Pricing?
How Do You Deal With Variable Pricing and Revenue Recognition?
How Do You Handle Discounts With Bundled Products?
Do You Sell ‘Beta Products’? Or ‘Future’ Products
How Does This Process Impact Your Reporting of Cost of Goods Sold?
Copyright©2004 Cathy Cakebread
Conclusion This Is a Positive Thing! Potential Results:
Better Run Department (Best Practices) Detailed User Documentation and Training
Materials Confidence With Accuracy of Data Assurance That Proper Controls Are in Place Risks Are Mitigated
Copyright©2004 Cathy Cakebread
Links for Sarbanes-Oxley The Actual Act – in a PDF
http://news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf
American Institute of Certified Public Accountantshttp://www.aicpa.org/sarbanes/index.asp http://www.aicpa.org/info/sarbanes_oxley_summary.htm
Securities Exchange Commission FAQshttp://www.sec.gov/divisions/corpfin/faqs/soxact2002.htm
Price Waterhouse Coopers Site on Sarbanes Oxleyhttp://www.pwcglobal.com/Extweb/NewCoAtWork.nsf/docid/D0D7F79003C6D64485256CF30074D66C
Nice Synopsis With Effective Dateshttp://www.cfodirect.com/cfopublic.nsf?opendatabase&content=http://www.cfodirect.com/cfopublic.nsf/vContent/MSRA-5QJQ6C?open
Copyright©2004 Cathy Cakebread
Contact Information Cathy Cakebread
(650) 562-1167 www.cathycakebread.com Cathyc@cathycakebread.com
AR List Server Ar-list@egroups.com