Sarbanes-Oxley Act of 2002 Requirements

This section discusses:

  • SOX Overview

  • Security

  • Audits

  • Managing Processes

  • Archiving

SOX Overview

To fulfill the requirements of the Sarbanes-Oxley Act of 2002 (SOX), Global Payroll for Switzerland provides features that support security and audit requirements, makes recommendations to manage your payroll information, and supports processes that archive history according to the needs of the Principles of Orderly Electronic Bookkeeping (POEB).

SOX is a United States federal law enacted on July 30, 2002. The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies.

The Act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law.

Security

Customer should define at least two roles that allow you to separate the entry and calculation of payments from the process of approving and authorizing final payments. A detailed sample of how these roles might share the activities is provided in the Manage Process section.

As such we recommend that you implement these roles:

  • Payroll Administrator:

    This role allows administrators to manage all HCM and payroll relevant entries (hire, termination, assign payments). To process the payroll itself you might define a third role or grant those rights to the Payroll Administrator as well.

  • Finance Administrator:

    This role allows to manage the transfer of payments to GL and to the bank. Thus, payments only make it to the beneficiary after a second person had reviewed those payments.

Note: A sample of how these roles might share activities is provided in Guidelines to Fulfill the Needs of Sarbanes-Oxley Act. Additionally, you might set up any number of different roles that share security to meet your specific needs. The methodology that we describe in this documentation explains the minimum requirements to meet SOX requirements.

Audit Reports

The PeopleSoft HCM application provides these reports to track and document additional changes:

  • Employee Turnover Analysis (PER010).

  • Below Minimum Analysis (CMP004).

  • Above Maximum Analysis (CMP005).

Note: You can set up auditing on any field and then decide what changes can be reviewed by a second person at any time. The Database Audit (PER029) report lists the changes kept by auditing.

The Global Payroll for Switzerland application provides these reports for auditing support:

  • Calculation Reconciliation (GPCHAL02).

  • Swiss Audit.

  • Banklist (GPCHBK01).

  • Summary Statement for Bank File (GPCHBK02).

Additionally, you can perform queries on GL data.

See Setting Up Swiss Banking.

See Generating Payslips and General Reports.

Managing Processes

Global Payroll for Switzerland Sarbanes-Oxley Act provides a sample methodology to manage a payroll that fulfills the requirements of Sarbanes-Oxley Act. In this section, the H role stands for the Payroll Administrator and the F role stands for Finance Administrator.

See Guidelines to Fulfill the Needs of Sarbanes-Oxley Act.

Archiving

All data that determines payroll calculations is frozen in write array tables, which are created during a payroll run. The system keeps these data as well as all results in history. For example, if there is a retroactive change to any date, the original calculated results as well as the input that was valid for those original results is retained and is available for review at any time. Additionally, all year end XML data, which contains all the legal reporting that is sent to Swissdec, is archived and stored each time it is generated, including all re-sends and corrections.