Understanding How Payroll Software Can Help with ‘SOX’ Compliance
The 2002 Public Company Accounting Reform and Investor Protection Act (more commonly known as the Sarbanes-Oxley Act after the Senator and Congressman responsible for it) was a response to the various corporate financial scandals of the 1990s (remember Enron?). The various audits and legal trials revealed a lack of transparency and rigor in public accounting and the Sarbanes-Oxley Act was the remedy, designed to, “…to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.” (Public Law 107-204). Although the Act was broad in scope – covering requirements for internal controls, bringing in new rules for the accounting community and making changes to elements of corporate responsibility and disclosure – this article focuses on those parts which are relevant to compliance with regards to payroll software solutions and should therefore figure into any organization’s selection process when looking at payroll automation.
How Does the Sarbanes-Oxley Act Link to Payroll Software?
Section 404 of the Act covers internal controls and is the section that occasioned the most furore as many affected organizations were required to completely overhaul their financial monitoring as a result. The regulations, according to 2011 research from Sage, “require an organization to have appropriate controls over its applications, people, and processes so that financial statements can be prepared in accordance with generally accepted accounting principles. In addition, organizations are required to document and follow these procedures.” The Act also created a mandate for “real time issuer disclosure”; which effectively requires the capability to run real-time reports from payroll software, as well as provides clear guidelines on where exactly within the organization financial responsibility lies.
Does the Sarbanes-Oxley Act Apply to Every Organization?
As the primary purpose of this legislation was to protect investors, the Act applies only to US public companies. However, although it is limited in this respect, non-publicly traded firms are increasingly finding themselves subject to financial scrutiny as the value of greater transparency of transactions and accountability spreads through the US financial system. In that sense, compliance with SOX standards of internal control have become ‘best practice’ regardless of the type of organization and non-public companies are now appreciating payroll software that gives them a Sarbanes-Oxley level of financial control. Additionally, the effects of the Act are being felt outside the US. As far back as 2005, the Antipodean magazine, Human Capital noted, “…not only must a US company comply with the Act, but the companies it deals with must also comply. This means contractors, sub-contractors and suppliers must have transparent audit trails and clear personal accountability. This provision applies whether the contractor, sub-contractor or supplier is a US resident company or a foreign entity.” As the article goes to conclude, companies in Asia-Pacific and Europe who deal internationally must now understand the implications of Sarbanes-Oxley and incorporate its requirements into their accounting and payroll software.
What Payroll Software Features Can Help With SOX Compliance?
Three sections of the Act will affect payroll software requirements.
Section 302 covers responsibility for financial reports and places the onus firmly on corporate officers to certify that financial statements, “fairly present in all material respects the financial condition and results of operations of the issuer.” This effectively creates a monitoring requirement which cannot be simply delegated. ‘SOX-savvy’ software will offer such capabilities as automated triggers in the event of irregularities and system monitoring of approval processes.
Section 404 places responsibility on management for both “establishing and maintaining an adequate internal control structure and procedures for financial reporting” and also assessing the effectiveness of that control structure. Proper security measures such as individual sign-ons and authorizations, together with customized user interfaces (so that personnel on see applications to which they have access) can create a SOX-compliant automated environment.
Section 409 covers the real time disclosure requirement and the right payroll application will offer flexible and customizable reporting capabilities, preferably with functionality that manages not only the creation of such reports but also reading access to them.
The Bottom Line – Can Payroll Software Guarantee Sarbanes-Oxley Compliance?
In a word, no. Regardless of what sales hype may imply, there is no SOX certification for payroll (or any other accounting) software. Nor can a software package tackle Sarbanes-Oxley compliance issues on its own. In other words, corporate officers cannot delegate their responsibilities to a payroll application. That said, the right software can certainly make the compliance process easier by facilitating financial transparency, enabling proper reporting, and maintaining appropriate levels of security. The first requirement for this is having the appropriate system of internal controls in place. Then (and only then), a software package can be sourced that will support and align to those controls. On its own, no software can guarantee Sarbanes-Oxley compliance, but the right software can be a central component in an organization’s compliance strategy. As such, it should come as no surprise that one of the key pre-selection compliance questions for any prospective payroll vendor is how they handle SOX.
In that sense, compliance with SOX standards of internal control have become ‘best practice’ (regardless of the type of organization); and non-public companies are now appreciating payroll software that gives them a Sarbanes-Oxley level of financial control.