ESTABLISHING CHECKS AND BALANCES HR should look for risks such as “control deficiency,” where internal checks and balances against fraud or other wrongdoing are weak or nonexistent. Control deficiencies can lead to problems ranging from preferential hiring and promotion to embezzlement and fraud. Judicious segregation of duties usually ensures that, for example, an executive is not able to hire his own nephew in violation of federal anti-discrimination laws or corporate nepotism policy. HR has many responsibilities that should be rigorously analyzed for possible exposure under SOX. For example, incorrectly calculated benefits could lead to lawsuits under ERISA or force the company to restate earnings. Improper calculation of commissions, which are paid out over time and are difficult to audit, are also a potential liability. Violations of stock blackout periods could result in insider trading charges. Improper network access could lead to fraud, embezzlement, or identity theft. Managing access to sensitive information and intellectual property is a critical HR function, especially when people transfer, leave, or are promoted. “HR needs to make it so that someone can come in and open a book and see every policy and procedure,” said Michael Petrecca, a PricewaterhouseCoopers private company services partner based in Columbus, Ohio.
COPYRIGHT © 2006 BY THE BUREAU OF NATIONAL AFFAIRS, INC., WASHINGTON, D.C. 5
Finally, the most highly publicized aspect of SOX is the protection it provides to the “whistleblower,” usually an employee who reports financial wrongdoing to regulators. HR, through anonymous employee hotlines or its relationship with a corporate ombudsman’s office, may be the initial conduit to top management for this kind of information. Therefore, HR’s role in facilitating the reporting of possible wrongdoing is critical for maintaining the corporation’s reputation and financial standing.
LEVERAGING SOX TO ACHIEVE BEST PRACTICES Internal systems are crucial under SOX and are under intense regulatory scrutiny. HR processes can tighten the bottom line, mitigate risks of legal exposure, reduce costly turnover, and improve corporate morale—or expose the business to financial and reputation losses if proper controls are not in place. The changes wrought by SOX may be a financial burden, but many business leaders are discovering that these same changes can strengthen a company’s financial and ethical foundation. Even some privately held companies—which are not subject to SOX requirements— are instituting SOX best practices. In a PricewaterhouseCoopers survey released in January 2006, one in four CEOs of fast-growing private companies said they are voluntarily adopting SOX “best practices.” These CEOs said that the SOX emphasis on self-examination, internal controls, and financial disclosure had improved corporate governance and financial transparency. A March 2006 survey by Boston-based consulting firm AMR Research found that 36 percent of the 325 North American business leaders and IT professionals interviewed said streamlining business processes was a top business benefit of SOX compliance. Other benefits cited were better quality (28 percent) and a more secure information environment (14 percent).
Benefits of Compliance With SOX
St reamline Business Processes Bet ter Qualit y More Secure Inf ormat ion Environment
f R es