SOX and Time Entry 1375
FuadsCurse last edited by
Our purchasing dept. - in charge of our work time entry system - indicates that time sheets must be physically signed to be in compliance with SOX. Wouldn’t electronic signing - via a system login - be adequate?
harrywaldron last edited by
I’m thinking you might have to use another approach. For example, what if the system were offline. The employee might also start paperwork at their desk and get called into a meeting before they could login? Some systems log off folks who might be idle, so I’m not certain this is a reliable process.
One approach that I think might work could be where a non-exempt employee forwards their submitted timesheet for the week to their manager, who in turn approves this. This could be via email there their sending the message would constitute a ‘signature’ in the system.
These ideas may not be applicable in your situation. For example, in the past, I had proposed some SOX standards from an IT standpoint with electronic efficiencies and workflows in place, but the implementator in charge of SOX standards still wanted that physical piece of paper
Hopefully, more knowlegeable SOX experts here can share what may or may not be required.
OCSOXer last edited by
It states ‘Auditing Standard No. 2 does not contain a presumption that a control is ineffective solely because there is no documentation evidencing the operation of the control. Such a presumption mught suggest an emphasis on the ‘sing-and-file’ mentality for management’s approach to maintaining effective internal control-that a signature or other evidence of the performance of a control might become more important that the performance of the control itself.’
In a nutshell, PCAOB is stating that the lack of a physical signature does not necessarily mean a lack of control.
Hope this helps.
Chhaava last edited by
Electronic signing - via a system login - is adequate, if the audit trail via log be established.