Questions about SOX 317



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • They are not public owned, but because their revenue is over USD75 million they must compliance with SOX.

    This is incorrect. Private companies do not normally need to comply, regardless of revenue.



  • P.S. The USD75 million figure is for accelerated filers i.e. large PUBLIC companies that need to report 12 months ahead of smaller public companies.



  • I have been offer a position with an organization in the Payroll Dept. They are not public owned, but because their revenue is over USD75 million they must compliance with SOX. Before I except the offer I’m trying to find out what are the SOX requirements for payroll. I know that their has to be a clear seperation of duties. If someone can give me more detail on the compliance side. Currently the position would be handling the payroll process to include manual checks, banking, reconciliation, employee data changes, all payroll functions.’
    What does accepting a position have to do with SOX requirements? If you are not a CEO, CFO or upper VP/Management, you are not the one attesting to the control. These upper levels of management are requireing you to be doing your job though and have to be assured there is no financial misstatements.
    Payroll requirements are on the COSO side of the objectives for manual financial controls but these objectives are similar to the CoBIT objectives that would need to be met on the IT side as automated or system controls, as in Data Management, Security, accuracy, validity, edit checks, reviews of access, seperation of duties, error checks etc…
    Some payroll applications are mostly automated, some are mostly manual. COSO is finance’s requirements, CoBIT is IT’s requirements.
    As previously stated, you normally do not need to comply with SOX if you are not publicly traded. Possibly your firm is going to go public, thus wants to make sure they are in compliance…



  • The USD75m is in reference to the market capitalization (not revenues) which is which triggers accelerated filing status. Private companies do not have to SOX comply unless the have registered debt or equity instruments and are usually not accelerated filers.
    USD75m in annual revenues in relatively small. Therefore I would assume your company is probably gearing to registered private placement debt/ equity or IPO. Regardless, your position in payroll will probably be affected very little by SOX outside of some process documenting and maybe some testing. The SOX heavies will most like be in the internal audit, controls, IT, financial reporting and disclosure groups.



  • I have an Area Manager that insist on setting accounting policies. I am an Area Controller that falls under SOX. Just today, he instructed my staff, Payroll, A/P, Purchasing and Contracts that they will report to him directly and not me, the Controller.
    What FASB, GAAP or SOX rules, regulations is he violating?



  • I have been offer a position with an organization in the Payroll Dept. They are not public owned, but because their revenue is over USD75 million they must compliance with SOX. Before I except the offer I’m trying to find out what are the SOX requirements for payroll. I know that their has to be a clear seperation of duties. If someone can give me more detail on the compliance side. Currently the position would be handling the payroll process to include manual checks, banking, reconciliation, employee data changes, all payroll functions.
    Need help…


    Hi:
    I understand your issue. Whether your company needs to be filing for SOA or not- I recommend that you plan on implementing good Internal Controls related to Payroll processing.
    The main objective of Payroll audit for Sarbanes is to ensure that there are sound internal controls in place to Calculate and record payroll (including payroll deductions) accurately and timely. Payroll has a decent place in your books (some times significant too) and hence is subjected to a careful audit for Sarbanes.
    Some of the other controls within payroll processing cycle that I suggest you should consider are as follows:

    1. Pay rates or deductions are properly authorized and are accurate
    2. Pay Hours are properly authorized or are accurate
    3. Time cards or other source information are validated to ensure only authorized/existing employees are getting paid.
    4. Ensure that information or source documents are retained for the audit period
    5. Review payroll register and checks for reasonableness
    6. Reconcile the employee subsidiary ledger to the general ledger
    7. Compare total hours and number of employees input
    8. Ensure that all automated controls- IT controls (Access to the Payroll System, Modules, limit access to modify the data etc) are audited and are in conformity to company’s internal standards. Refer to ISACA/ITGI.
      I also suggest that look into see if this company has already developed a narrative for payroll and may be a risk assessment identifying key controls within payroll.
      If you have any other questions, please feel free to post them on this forum or drop me an email.
      Madhav Vedula CISA
      Sr.Internal Audit Consultant
      mvedula_at_go.com

Log in to reply