SOX and Time Entry 1375

  • Our purchasing dept. - in charge of our work time entry system - indicates that time sheets must be physically signed to be in compliance with SOX. Wouldn’t electronic signing - via a system login - be adequate?
    Any thoughts?

  • I’m thinking you might have to use another approach. For example, what if the system were offline. The employee might also start paperwork at their desk and get called into a meeting before they could login? Some systems log off folks who might be idle, so I’m not certain this is a reliable process.
    One approach that I think might work could be where a non-exempt employee forwards their submitted timesheet for the week to their manager, who in turn approves this. This could be via email there their sending the message would constitute a ‘signature’ in the system.
    These ideas may not be applicable in your situation. For example, in the past, I had proposed some SOX standards from an IT standpoint with electronic efficiencies and workflows in place, but the implementator in charge of SOX standards still wanted that physical piece of paper 😉
    Hopefully, more knowlegeable SOX experts here can share what may or may not be required.

  • It states ‘Auditing Standard No. 2 does not contain a presumption that a control is ineffective solely because there is no documentation evidencing the operation of the control. Such a presumption mught suggest an emphasis on the ‘sing-and-file’ mentality for management’s approach to maintaining effective internal control-that a signature or other evidence of the performance of a control might become more important that the performance of the control itself.’
    In a nutshell, PCAOB is stating that the lack of a physical signature does not necessarily mean a lack of control.
    Hope this helps.

  • Electronic signing - via a system login - is adequate, if the audit trail via log be established.

Log in to reply