Engineer has a SOX question 1645



  • I am an engineer at a large company that uses contract labor for maintenance and installing equipment in our factories. I requested a quote from a supplier for a 2 week contract to do specific work. Upon receiving the quote I turned it into our purchasing department. They get the money approved, create the purchase req’s, call the supplier with the official numbers and authorized funds.
    While waiting for this internal process to be complete, the supplier called and said they have the labor available and they sent them to our site. I was not comfortable with allowing them to work on our site with out the req going through. But I was more worried about a liability issue if they were to be hurt and were on site with out an official contract and funding.
    I called our purchasing department about this and if there were any liability issues. Their response was, they could not be allowed on site due to a SOX violation. What they said is : You would be in violation of SOX if you knowingly allowed someone to work on site with out an approved contract/funding.
    So I am an engineer and have no knowledge in this field, but this peaked my interest and here I am with the question. So what does any one know about a situation like this? Sorry for the long post - Mike



  • It’s not in violation with SOX, but it can be in violation with the internal routines in your company.
    In my company, we have 2 stages of approval:
    The technical approval, and the approval of expenditure.
    Sometimes we have to go ahead with only a technical approval, because waiting for approval of expenditure will end up with us losing more than 10-100 times what the actual cost of the expenditure is.
    All this has to be well documented 😉



  • If you think about this, what is the financial reporting (i.e., SOX) exposure of allowing the contractor on site? If it was a prevalent practice to ignore company policies regarding approvals for on-site contractors, then that would reflect a lack of control over policies which is an entity-level control. Making an exception in order to get a job done that needs to be done is not a SOX issue in my mind as long as the cost of the work is recorded accurately, timely, etc.
    As far as risk of injury to the contractor working without all of the appropriate approvals, that is an operational control, not a financial reporting control. You are right to worry about this, not in the context of SOX, but in the context of managing your operational risks.



  • Irqui and kymike share good perspectives on this … As a compliant company, an organization will certainly tighten IT, operational, and financial policies, procedures, and controls. Thus, often new changes are proclaimed to be SOX-related when there may be indirect or no relationships to true financial exposures.
    Even if it’s not directly SOX-related, it’s a good thing to dot the ‘i’s’ and have all approvals in place before having the work by the 3rd party commences 🙂


Log in to reply