In the late 1990’s, a stock market disaster cost ordinary investors trillions of dollars at the hands of a small group of deceptive business leaders. The Enron scandal and other similar scandals damaged investors’ confidence in the accuracy of corporate financial statements. In response to the public outrage, Senator Paul Sarbanes from Maryland and Congressman Michael Oxley from Ohio introduced a law intended to encourage improved business ethics and penalize unethical behavior in the stock market and in corporate financial reporting.



This important congressional act became known as the Sarbanes-Oxley Act of 2002, or “SOX" in its abbreviated form. It was put in place to prevent future scandals of Enron proportion, and is considered one of the most significant changes to federal securities laws in the U.S. Among the major provisions of the act are: criminal and civil penalties for securities violations, auditor independence/ certification of internal audit work done by external auditors, and increased disclosure regarding executive compensation, insider trading, and financial statements.

While Sarbanes-Oxley has increased regulations and exchange requirements for public companies, private companies are affected indirectly as well. Proactive small business owners have realized that voluntary compliance with the regulations could prove to be highly beneficial for privately held companies who hope for significant growth, who expect to go public in the future, or who anticipate being acquired. Investors are usually more willing to pay a premium to invest in or buy companies with sound financial practices. For this reason, many smaller private companies have already begun to comply with SOX because they expect that the future benefits will outweigh current administrative costs.

Accountability – Stepping Up to the Plate

In layman’s terms, the SOX act essentially says that you will go to jail if you are signing off on the accuracy of certain documents in a public corporation and they turn out to be incorrect, even if it wasn’t really your fault. It places the responsibility on top executives who must now sign off on the financial statements that stockholders typically examine before buying a stock. This potentially exposes those top executives to the risk of jail time.

So, if you’re a payroll manager, not a CFO, why should you pay close attention to the requirements of the Sarbanes-Oxley Act? Even if you outsource your payroll processing you still have compliance responsibility — and the risks. The Sarbanes-Oxley Act does not mandate any specific types of software or recordkeeping requirements. However, SOX requires employers to have proper controls and procedures in place. Given that payroll represents the largest cost incurred by a company and often with a lack of internal controls, payroll is a ripe area for employee fraud. For that reason, it is natural for auditors to question which controls are in place. The occurrence of payroll fraud can be devastating. Not only does it directly impact the corporate bottom line, but also as a strong indicator of inadequate internal controls, it challenges an organization’s compliance with Section 404 of Sarbanes-Oxley. Fraud can also fundamentally shake investor confidence, harm corporate goodwill, and diminish stock value.

Payroll – Prime Target for Fraud

With numerous federal and state laws like the Sarbanes-Oxley Act on the books, as well as union agreements and regulations, accurately tracking and recording employee time is critical to ensuring that employees are paid properly and within the confines of the law. IRS statistics reveal that approximately 33% of organizations make payroll errors and that these errors cost billions of dollars in penalties per annum. The American Payroll Association estimates that the gross payrolls of large, complex organizations are inaccurately inflated by 1-6%. For a typical large organization with a gross payroll of $1.5 billion, even a moderate inflation results in annual payroll overpayments exceeding $50M.

Why is payroll data so prone to error?

Manual timekeeping methods such as time clocks or paper time cards or sheets are susceptible to error, omissions, or fraud. In each instance, the accounting or payroll staff must re-enter time data into the payroll system or internal accounting spreadsheets. Companies needing to validate their records then turn to manual reviews, which consume employee and manager time and do not eliminate the potential for human error.

Fraud is a surprisingly common and rapidly growing trend. According to KPMG, 75% of all respondents surveyed reported experiencing fraud. Thirty-six percent incurred more than $1M in costs as a direct result. Employee fraud represented 60% of all fraud experienced by an organization and cost each company an average of $464,000 per year, without counting the sizeable cost of financial reporting fraud. Thirty-nine percent of respondents to KPMG’s survey cited inadequate internal controls as the key factor contributing to fraud.

Sarbanes-Oxley initiatives can also lead to more efficient business practices. Compliance with Section 404 institutes a process through which the general effectiveness and efficiency of workforce management processes can be evaluated. Improvements such as the automation and standardization of tasks and the elimination of redundant or inefficient controls can be implemented. Streamlining and improving business practices means greater efficiencies and direct cost savings. The results of a recent survey performed by the Hackett Group established that the cost of payroll operations could be reduced up to 70% with increased process efficiencies.

Many companies started looking at their SOX issues some time ago, but some are still just waking up to the challenge. We’ve provided some of the basics of SOX, but more information can be obtained through the U.S. Securities and Exchange Commission.