The Sarbanes-Oxley Act of 2002 (SOA) was enacted by the United States Congress to prevent accounting scandals and reporting problems from recurring and to rebuild public trust in business practices and reporting activities across companies. The Act applies to companies traded on U.S. stock exchanges. Provisions of particular interest to HR organizations tasked with helping their companies to achieve compliance with the Act are listed below:

Internal Controls

One of the most far-reaching implications of SOA is contained in Section 404. This section outlines the responsibility of management for establishing and maintaining an adequate internal control structure for financial reporting. Your CEO and CFO are now required to sign off on the accuracy of financial reports. The first step many companies are taking is to document existing processes with the goal of assessing the effectiveness of internal controls. Vulnerabilities can then be pinpointed and appropriate authorizations and controls put in place. HR may play a key role in documenting and assessing authorization profiles and practices.

Whistleblower Protection

The Act calls for protection for employees who raise concerns about, or bring to light, questionable accounting practices. The whistleblower protection outlined in Sections 301 and 806 of the Act is accompanied by the criminal penalties (fines and up to 10 years in prison) for acts of retaliation against informants. It clearly suggests that employers adopt and communicate policies prohibiting retaliation against whistleblowers. Additionally, companies should put processes in place to handle worker allegations of accounting irregularities.

Procedures for the receipt, retention, and treatment of complaints will most likely fall under the purview of HR. This includes complaints and confidential anonymous submissions by employees regarding the company’s accounting, internal accounting controls, or auditing matters. It’s up to management (the CFO, most likely) to act on these complaints, but a system needs to be in place that provides a means for submitting, documenting, and tracking the action taken. At some companies, this system will be managed by the HR organization. Companies can begin by documenting their current practices of handling internal complaints. They then can assess the method and effectiveness of corporate follow-through and identify areas for improvement.

Trading During Blackout Periods

Section 306 outlines insider trading during pension fund blackout periods and describes a 30-day advance notice policy that must be distributed to all participants and beneficiaries under the plan to whom the blackout period applies. This section prohibits the purchase or sale of stock by officers, directors, and other insiders during blackout periods. The internal communication of blackout dates will most likely be a new HR responsibility.

Executive Compensation

An area where there is still confusion among HR experts is executive compensation. It is now unlawful for companies to extend credit to any director or executive officer, except in the ordinary course of business, or on the same terms and conditions made to the general public.

Section 402 clearly stipulates a prohibition on personal loans to executives, but does split-dollar life insurance (i.e., the employer pays all or a portion of a life insurance premium) qualify as a personal loan under the new regulations? How about stock options? The full impact of Section 402 is still unclear, but it has the potential to restructure executive compensation packages — possibly replacing equity ownership options with cash-based incentives and further distancing executives from their shareholders. To maximize the potential of employees and increase organizational performance, HR departments should monitor how Congress further defines Section 402 and set up procedures for reviewing compensation packages.

Enhanced Stock Purchase Disclosures

Section 403 contains an amendment to Section 16 of the 1934 Securities Exchange Act requiring enhanced disclosures of directors, officers, and principal shareholders about stock purchases made under a 401(k) plan. Discretionary transactions, such as the relocation of an existing 401(k) balance to increase or decrease the investment in employer stock, require notice be given two days after receiving confirmation of the transaction from the plan administrator. HR procedures for administering employee benefit plans may need to be changed to accommodate the enhanced disclosure requirements.

Protecting Securities Analysts

Section 501 is particularly relevant for HR departments within companies that employ securities analysts. This section stipulates that companies need to establish structural and institutional safeguards to ensure that employers, officers, managers, and other agents refrain from retaliating against analyst employees based on the content of their reports. HR departments can begin by raising the level of awareness of section 501’s prohibition on retaliating, or threatening to retaliate, against analysts based on unfavorable research reports. The next step would be the design and development of policies and procedures to help protect analysts from retaliation.

The expertise of the HR departments can be of enormous benefit when it comes to assessing the effects of the Act on operations and in formulating policies. For example, HR may be called upon to help design cross- organizational teams to head up the compliance process.

To learn more about SOA, visit the following Web sites: www.sec.gov/ spotlight/sarbanes-oxley.htm or www.sarbanes- oxley.com.

Taylor Erickson

Taylor Erickson has more than 12 years of experience with ERP systems. He has worked with SAP for eight years, specializing in SD/SCM, reporting, and compliance. Taylor is a member of the Institute of Internal Auditors and has facilitated global SAP system implementations and trained numerous SAP customers. He is currently a manager at BearingPoint. Prior to that, he was a consultant for SAP America, and later, practice director of corporate compliance and security for Virtuoso, LLC, an SAP FI/CO consultancy. His latest research is on the effects that Sarbanes-Oxley will have on IT departments running SAP, and leveraging existing R/3 functionality to achieve compliance.

You may contact the author at taylor.erickson@bearingpoint.com.

If you have comments about this article or publication, or would like to submit an article idea, please contact the editor.