Financial Controls and Contract Management Systems
Compliance officers understand that a company’s greatest risks surround access to and use of money. A CCO has to understand a company’s financial controls, and in a perfect world, should have a seat at the table in the crafting and enforcement of such controls.
A company faces serious harms, enforcement risks and collateral consequences from deficiencies in its financial controls. Sarbanes-Oxley requires public companies to maintain effective internal controls for financial accounting and reporting. The FCPA also imposes a requirement that a public company keep accurate books and records, and a system of internal controls sufficient to ensure management’s control over the company’s assets.
When questioned about weaknesses in its financial controls, a company’s financial officers will respond with the defense of “materiality.” In other words, the deficiency does not rise to the level of “material,” requiring disclosure under the Sarbanes-Oxley law. For a CCO, such non-material weaknesses may be relevant, because non-material transactions can be used to fund illegal activities – from basic theft to complex bribery schemes.
A critical part of a company’s financial controls involves accounts payable and accounts receivable. In the regular course of business, a company makes numerous payments to vendors and suppliers, and receives payments from customers. As I noted above, the functions surrounding money – payables and receivables are high-risk activities.
A core requirement for these functions is a contract management system. Many companies do not effectively manage their contracting function and contract records. Companies have to require all contracts to be coordinated through the legal office. Nonetheless, many companies have contracts drafted and executed without consistent standards and sometimes without the required approval for retaining a vendor/supplier or a third-party representative. A company’s legal department has to remedy this issue s quickly as possible.
A second significant area around contract management relates to payment and receivables. The accounts payable function is triggered by an invoice or purchase order. In most cases, the company has executed a contract with the vendor/supplier, although some relationships may be based on purchase orders.
If a company has a contract with the vendor/supplier and receives an invoice, the company has to verify that the charges are accurate and reflect the contract terms. In the absence of a contract management system, the company may not be able to conduct this basic verification function.
The same concern applies when receiving payments from customers. If a company cannot match a payment to the contract terms, a company ignores a risk that the payment is inaccurate, or the risk that the payment from a risky third party.
A company’s contracting system has to develop standards for use of contracts versus purchase orders. Employees favor purchase orders as a less burdensome process to finalize a sale. In many cases, companies have long-term relationships where contracts have expired but continued through the use of purchase orders.
A deficient contract system creates significant risks for compliance and commercial liability. A company’s purchase orders rarely contain robust compliance certifications. In addition, the use of purchase orders rather than contracts exposes a company to potential litigation in the event of a commercial dispute.
A company cannot ignore the risks of a deficient contract management system. While such deficiencies may not rise to the level of a material weakness, the risks can be exploited by bad actors.