BEWARE: If your accounting department hasn't yet taken an interest in your meeting spend documentation, it will. That's because section 404 of the Sarbanes-Oxley Act — a bill enacted in 2002 to increase corporate responsibility and curtail accounting scandals — recently became law for large public companies.
The upshot of SOX section 404, says David Kaufman, a partner in New York-based Acquis Consulting Group, is that planners will need to show not just that numbers are correct, but that processes are audited and controlled.
Here are six things that Kaufman says you need to know about SOX to be prepared when the auditors call:
ITS EFFECT WILL BE HUGE — SOX is slowly having a snowball effect on companies, hitting various departments and employees hard and creating a significant impact that affects everyone in the company. What's different about SOX is that it will focus on every area of a company, including those traditionally considered noncore — such as meeting planning.
INCENTIVES ARE A TARGET — Companies need to make sure that they can explain their expenditures for incentive programs and document that the programs are appropriate for the business, are justifiable, and are consistent in the way they're awarded.
CREATE A COMPLIANCE ROAD MAP — The best way to begin is with a comprehensive assessment of all the controls and documentation you have in place in your department. Then you should identify all areas of risk, including fraud, errors, or inconsistency among policies, and mitigate these risks with controls — or with documentation on why the risk is acceptable.
LEARN TO DOCUMENT DIFFERENTLY — Section 404 of SOX requires companies to provide a report that demonstrates appropriate internal controls and control effectiveness, and requires that registered external auditors attest to the controls report. It requires documentation of the processes, policies, and procedures that are in place — but companies must also relate the controls to the policies and procedures.
One of the most difficult jobs is choosing a format for this documentation. To do so, you should solicit suggestions from your accounting or auditing departments. Some companies even set up internal SOX teams, which can help you by supplying basic documentation templates.
The focus needs to be on areas in which there are risks of error, fraud, or noncompliance with policies, and you must document the controls that are in place to mitigate those risks. This covers the scope of your job description, including site-selection criteria, requests for proposals, planning and organization of activities at meetings, post-meeting activities, and contractual agreements. SOX does not state what the approval process needs to be for booking a vendor such as a hotel, but you should have a documentation process for each expenditure with a provider, and that process should lay out what type of approval you need and in what form. The documentation should also point out what controls have been put in place to ensure compliance with corporate policies.
BE CLEAR! — Although all this documentation of processes needs to be detailed, it also must be clear and easy to follow. You should use process flow charts, outlines, and lists to help with the organization. If people cannot easily explain it, or someone can't pick up the documentation and understand it, you have not successfully completed the task. Also, auditors will be focusing on internal controls, so these should be tied in directly to the process flows.
KNOW WHEN TO GET SENIOR MANAGEMENT TO SIGN OFF — Having senior management sign off on meeting objectives andcould be helpful, but this does not mean that you need to get the CFO's signature for every expenditure. Planners should maintain control of their responsibilities without taking on too much personal risk.
It's about balance. If you typically sign vendor contracts and something comes up that has not been written before, even if it seems minor, you might want to get someone senior to sign off on thatto protect yourself.
SOX Hits Travel Managers, Too
In a white paper released last year, WorldTravel BTI, Atlanta, said that travel managers should consider using automated expense-reporting systems to assist in the enforcement of financial controls. The corporate travel management company suggested contacting the company controller or internal auditor to discuss compliance requirements. It also outlined a number of internal controls that meeting/travel managers can implement, such as reviewing company travel policies, supplier rebate and discount programs, travel authorization processes, value-added tax reclamation procedures, employee per diems, corporate card programs, and client billing processes; mandating compliance for preferred supplier and travel management programs; and revising employee handbooks to include sections on business ethics and a code of conduct. For a free, downloadable copy of the white paper, visit www.worldtravel.com/CDP/webform1.aspx?DeploymentId=4&PageId=33