Sarbanes-Oxley (SOX) legislation was enacted in the United States in 2002 in order to tighten financial processes, IT controls and accountability at publicly traded corporations. The law came in the wake of the Arthur Andersen, Enron and other high-profile accounting scandals.
Over the last few years, SOX-mandated controls have been applied to privately held companies as well. Although SOX touches on many aspects of company management and financial reporting processes, this brief will focus on how SOX affects HR processes.
How does SOX affect HR processes?
Among the many provisions that relate to financial accounting, IT processes and control, a few SOX provisions fall squarely in the domain of HR management:
Segregation of duties – Prove visually that duties are segregated or effectively controlled for key departments and individuals.
Contractor and contingent labor management – Demonstrate who contractors report to, both administratively and from a budget perspective.
Chain of command – Visually demonstrate the chain of command (and how it changed) for key departments and senior personnel.
Archiving – Produce supporting evidence for all key controls (requires monthly or quarterly data snapshots).
System access – Demonstrate who has access to which financial systems (or sub-ledgers that have impact on overall financial statements), when that access was given and revoked.
Complying with SOX regulations
OrgPlus products have powerful tools to assist with these and other areas of potential risk.
Segregation of duties – OrgPlus makes it easy to visualize key roles affected by SOX, and provides compelling, visual proof that the roles are occupied by different people, report to different groups or have additional mitigating controls.
Contractor management – OrgPlus allows you to highlight contractors and run contractor-specific reports that indicate who is managing contractor activity
day-to-day, and who has overall budget responsibility.
Chain of command – OrgPlus has powerful features that allow you to create visual reports on the chain of command for any department, or the entire organization at the push of a button.
Archiving – Every report and every view in OrgPlus applications can be easily archived and accessed at a later date, or presented to internal and external auditors. No coding is required, and you do not need to involve your IT department in producing these reports.
System Access – Maintaining accurate system access, and periodic audits to confirm that access granted to employees is warranted, was especially important in the post-SOX world, yet the information remained difficult to obtain. Enter OrgPlus. OrgPlus products give you a visual view into who has access to which system, allowing HR managers to easily distribute access reports and audit access to critical applications.