Case Study:
Kimberly-Clark, famous for making Kleenex and Scott paper products, has automated its accounting controls playbook for compliance with the Sarbanes-Oxley Act. This multinational manufacturer generates annual revenues of more than $15 billion and employs 60,000 people in 200 facilities spread across fifty countries. Enforcing strict, consistent controls on accounting information in all locations has long been a top priority for Kimberly-Clark’s finance department. Nonetheless, testing and documenting internal controls to bring the company into complete compliance with SarbanesOxley were a major challenge because of the “different languages, cultures, time zones, and systems,” remembers Jerry Rehfuss, the finance director who spearheaded the compliance effort. This is why the company decided to have software stand guard over accounting. The basis of Kimberly-Clark’s compliance initiative was its fivebook set of corporate financial instructions, a detailed playbook for avoiding fraud and manipulation in accounting procedures. “From location to location, country to country, the actual controls might vary,” says Rehfuss. “But the basic principles—say, for each transaction, one person needs to prepare it, and another person needs to authorize it—have been in place for each process.” Next, Rehfuss hired an outside accounting firm to specify the individual accounting processes and controls that could have the greatest impact on accuracy in Kimberly-Clark’s financial statements. He also had internal experts review this list with an eye toward adding new controls where needed. The completed list was sent to coordinators in the company’s 200 facilities, who, in turn, identified the employees responsible for applying these processes and controls. The objective was to determine the number and type of accounting elements that would have to be tested and documented in each location to comply with Sarbanes-Oxley. In the end, the company tested approximately 4,000 controls worldwide and assembled the information into a “control map” indicating what guidelines were being used in which locations. To automate these controls, Rehfuss turned to software that allowed or restricted access to accounting systems based on the playbook’s rules. The software also alerted employees electronically when it was time to document their processes and controls for legal purposes. Outside auditors used the software on a “readonly” basis to check that problems actually were resolved but not to make changes to the system. Kimberly-Clark managers used the software to obtain problem reports, learn what auditors were testing, and track test results. The company found no fraud, although Rehfuss says that it uncovered some mistakes caused by “human error,” such as when a new employee was unaware of certain control details. Finally, special software was installed to prevent employees from handling more aspects of an accounting transaction than the playbook allowed. Using software to automate the playbook and document controls for compliance is especially important because Kimberly-Clark has thousands of employees tapping into local or corporate systems to post transactions, prepare financial statements, and handle other accounting tasks. Rehfuss says that this “could create the potential for widespread errors and, in the worst case, intentional fraud [without proper control over access] because so much of our business and transactions are run by computers.” Electronically restricting access to authorized personnel only, electronically enforcing the playbook’s controls, and electronically reviewing documentation are cost-effective ways for Kimberly-Clark to stand guard over accounting information. In one year, the company was able to slash more than $2 million (25 percent) off the annual cost of complying with the Sarbanes-Oxley Act. The technology also saves the company about forty hours per audit per location while strengthening its protection against accounting fraud.
For more information about this company, go to Webiste- kimberly-clark.
Q1. According to Jerry Rehfuss, Kimberly-Clark uses a basic accounting principle of having more than one person involved in accounting processes to uncover mistakes or fraud. How can getting more people involved in the accounting process act as a safeguard against fraud and mistakes?
Q2. It would seem that one important goal for a good accounting system would be to provide financial information to any of Kimberly-Clark’s 60,000 employees. And yet Kimberly-Clark has restricted access to its accounting system so that only a limited number of people can access certain information. Why is restricted access important?
Q3. Do you think Kimberly-Clark’s outside auditors should be allowed to make changes to the company’s accounting software if they discover a serious problem? Why or why not?
Q4. Today, most large corporations such as Kimberly-Clark spend millions of dollars to ensure that their accounting information is accurate and complies with the Sarbanes-Oxley Act. Is the expense worth it? Why or why not?
Your answer must be typed, double-spaced, Times New Roman font (size 12), one-inch margins on all sides, APA format and also include references.