Abstract
In the following article we will explain what the Sarbanes Oxley law is and how section 409 directly affects Mexican companies that are suppliers of large US companies. It will also explain what SCM is, its general role and how an SCM solution can help to comply with the law. On the other hand, the importance of the Information Technology department to carry out the management of the value chain (Supplier-Product) will be determined.
Introduction
Information Technology has become the heart of any organization's operations, from transactional systems to applications focused on senior management, it helps both to operate and to define the direction that an organization has to follow. Within the operations of an organization and one of the areas that is becoming more relevant is when you have different processes in your value chain and it is in charge of a third party. On the other hand, the operations of an organization have to follow certain standards and guidelines and this in turn can cause changes in the way things are done. The supply chain management and the Sarbanes Oxley law are closely interrelated and the IT department plays a very important role.
What is a Sarbanes Oxley Act
In the United States, there have been major financial scandals where companies falsify information in order to publish positive results when the company is actually losing money. The shares have a greater value than they really have and when this is discovered the price of the shares drops dramatically until it causes a company to go bankrupt.
2 United States Senators, concerned about this phenomenon, which began to repeat itself frequently, proposed to the United States Congress the power to establish certain norms or rules which would prevent the financial information of organizations from being fraudulently altered by the CFO or CEO or shareholders were reliably aware of the behavior of the value of their shares.
What is the relationship between the SOX law in IT
As the IT area is the heart of any organization, it is the CIO who is responsible for offering the different tools and strategies to enforce the law. All the financial information of the organization is stored and operated by Information Technologies.
Within the sections there are 3 that directly involve the IT department and that are 302, 404 and 409. The first one talks about the obligation to generate reports that show the financial result of the company and that this must be endorsed in terms of its integrity by the CEO and the CFO. Clause 404 tells us that there must be procedures and policies that ensure the integrity of the information as well as the availability of it. Finally, clause 409 indicates that every organization must notify in less than 48 hours. when one of the processes in the supply chain is not going to be delivered on time and this seriously affects the organization's sales.
How the Sarbanes Oxley Act Affects the Value Chain
Clause 409 says very clearly in a textual way “Companies must notify in real time and in less than 48 hours. that an event in the product chain compromises the financial statements of the organization ”. It is in this way that the Sarbanes Oxley law directly involves supply chain management. Let's look at an example where the Nike company, which has 100% of its production processes in Outsourcing and the company in charge of making up the final tinting touch before the tennis is sent for distribution is delayed, if Nike does not have a notification of a setback and it is also the launch of the stellar product of the year and in which millions of dollars have been spent in launch advertising, this directly affects Nike's finances.Failure to notify your shareholders or the board of directors of this situation will cause a drop in the shares since you will not have the time to define a strategy to save the situation.
What role does the SCM have under this situation?
The supply chain management helps to make decisions regarding the behavior of the different suppliers that are available. In the previous example, contingency plans can be launched in the event that one of the links in the chain breaks and it is possible to act quickly to be able to select another option or see how the missing process can be supplied or restructured. process to ensure the delivery of a product on time.
Simchi defines SCM as a system of approaches used to efficiently integrate suppliers, manufacturers and warehouses to produce merchandise and distribute them in the correct quantities, to the correct locations and at the correct time.
And the Mexican companies?
The Sarbanes Oxley law is applied to those companies that as of November 15, 2004 generate more than 75 million dollars a year. In 2004, our country is going to export about 16.2 billion dollars and a large percentage to transnational companies located in our country. It is in this aspect that the law affects Mexican companies. Let's imagine that a maquiladora of jeans cannot deliver a batch of the Levi's company on time, it is logical to think that a company of this importance worldwide does not have unique suppliers, they are aware of the risk that can be had when working with a single company and that is why they have alternate companies for any contingency.If the maquiladora company does not comply with the request that Levi's has requested, the latter can terminate the maquiladora contract, resulting in the complete disappearance of the company and consequently the impressive dismissal of workers.
On the other hand, this forces Mexican companies to have a true control of their internal processes to be able to ensure that they will be able to comply with the accepted agreements. It is important to say that doing things faster and with better efficiency and intelligence will give Mexican companies a good positioning and a competitive advantage against their possible competitors.
What companies should do
Mexican companies must ensure their processes aided by information technologies such as ERP's, SCM and CRM, these 3 areas complement the value chain of products and especially the SCM helps to control the processes that are had externally and that somehow you don't have full control of them.
On the other hand, it will oblige Mexican companies to ensure their processes and certify them in different international standards such as ISO 9000, 14000 and since the heart of organizations' processes is IT, it is essential to think about the ISO 17799 standard. ISO 17799 standard tells us about 3 main areas that are the assurance of information through confidentiality, integrity and availability of information, which in the words of the Sarbaney Oxley law and the administration of the SCM supply chain is that it must be ensured that the financial information of the organizations is not maliciously or unintentionally altered, that it can also be accessed when required and that it is also confidential and controlled access.
Conclusions
It seems that the Sarbanes Oxley law has nothing to do with the area of Information Technology and much less with the supply chain and its administration, we have seen throughout this article how directly product supplier companies have even a direct relationship with one of the sections of the law. Ensuring that inventories will be at a low level due to the Just In Time methodology and not due to the lack of raw material or problems with the supplier chain. Currently, information is power and in the Sarbanes Oxley law in relation to the administration of the supply chain it takes a real meaning since good chain administration can prevent a company from losing money and above all can give the customer what is agreed upon in regarding delivery time and service
Bibliography:
Turban, Efraim “Information Technology Management” Ed Wiley 4th Edition, 2003
Rusbacki, Tim “Sarbanes-Oxley, IT Governance and Enterprise Change Management”, 2004 MKS White Paper
Novell “A Flexible Approach for Sarbanes-Oxley and Other Business Drivers, NOVELL” 2004, White Paper
DataSec "Sarbanes Oxley and Informe Coso"
Simchi-Levi, David & Kamisnsky, Phil & Simchi-Levi, Edith “DESIGNING & MANAGING THE SUPPLY CHAIN” Second Edition, New York, McGraw-Hill.
INEGI “Summary Table
International Organization for Standardization ”SO“ ISO / IEC 17799: 2000 Information technology - Code of practice for information security management ”
KPMG “Strategy
Pricewaterwouse Cooper “Operational Risk, a competitive advantage
