Remember Enron? WorldCom? Tyco? These accounting fraud cases shook investor confidence and spawned a new era: one in which there are tighter regulations that address financial oversight for corporations. In the wake of these scandals, U.S. Congress responded by enacting the Sarbanes-Oxley Act (SOX) in 2002.
In short, SOX regulations revamp the types of financial disclosures that corporations are required to submit. These regulations require an extra level of certification from senior management to confirm the accuracy of reported financial statements. This clearly adds a level of accountability and responsibility. SOX regulations also require that internal controls be established by management and auditors, and that these controls are routinely monitored to be adequate. This is one of the more arduous aspects of SOX—the requirement that auditors check the internal financial controls.
Another aspect of SOX is whistleblower protection. If an employee knows or suspects illegal activities, that employee—the whistleblower—should have the ability to come forward without fear of retribution; SOX protects this right. It’s important to note that the protection exists even if the would-be whistleblower turns out to be wrong about his or her assertions. And, the whistleblower is protected simply by speaking up within the company—he or she doesn’t have to take the information to a government agency to have whistleblower protection.
All publicly traded companies must comply with SOX regulations.
What Is SOX? Here’s More
Here are some additional highlights of SOX and how it is administered:
- SOX is administered by the U.S. Securities and Exchange Commission. It is responsible for setting the deadlines for compliance with SOX and publishing rules and requirements.
- The name Sarbanes-Oxley comes from the congressmen who drafted it, Paul Sarbanes and Michael Oxley.
- SOX also created the Public Company Accounting Oversight Board (PCAOB) that monitors auditors.
Many companies find the SOX requirements to be arduous to meet. Not only is financial reporting affected, but the IT department is often tasked with creating and maintaining complete archives to manage all electronic records for the required time frame (5 years). In fact, all business records—even e-mails—must be kept for this time, and the penalties for noncompliance are steep, including fines and jail time.
How Does SOX Affect HR?
Many of the regulations within SOX may be implemented outside of HR, and indeed it will depend on the organization’s implementation of SOX to determine how much HR will be affected. But, there are many ways that SOX could impact HR directly and indirectly, such as:
- HR may be tasked with hiring or coordinating auditors (and all affected departments) while the audit takes place.
- Many organizations needed to hire additional staff when SOX was implemented. While this was back in 2002, it remains the case that there are additional roles that came about solely because of the implementation of SOX.
- With whistleblower protections in place, HR may find itself at the front lines of employee whistle-blowing activities.
- HR is often responsible for keeping a large portion of company records, and all records must be kept in accordance with SOX regulations. As such, HR recordkeeping and payroll accounting accuracy are of utmost importance for SOX compliance.
- HR may need to take the lead in ensuring that all decisions that affect company records (such as payroll decisions or decisions on who can approve employee expenses, etc.) are recorded. It is no longer adequate to have something approved verbally if it affects payroll or recordkeeping.
What has been your experience implementing SOX? What other ways has SOX impacted the HR function at your organization since its 2002 implementation?
*This article does not constitute legal advice. Always consult legal counsel with specific questions.
About Bridget Miller:
Bridget Miller is a business consultant with a specialized MBA in International Economics and Management, which provides a unique perspective on business challenges. She’s been working in the corporate world for over 15 years, with experience across multiple diverse departments including HR, sales, marketing, IT, commercial development, and training.