4.pdf

Back to Our Future: Challenging New Compliance and Leadership Accountabilities for Human Resources, Courtesy of Sarbanes-Oxley Patrick R, Dailey, Chicago Change Partners; David A. Brookmire, Corporate Performance Strategies

38 HUMAN RESOURCE PLANNING 28.3

T he Sarbanes-Oxley Act af 2002

(SOX) has created big new

challenges for publicly traded

organizations, most often with

little to no involvement by the HR func-

tion. The burden of compliance has

fallen primarily on Finance, as SOX

has tangible implications that result in

severe penalties and reduced share-

holder value. Nevertheless, HR has a

key role in the development and imple-

mentation of systemic and sustaining

policies, procedures, and programs

that ensure the organization fully com-

plies with SOX. HR leaders need to

step up to these accountabilities, for

the benefit of their companies and their

functions. The authors detail five critical

opportunities for HR leaders to assist in

the implementation of successful SOX-

related initiatives and establish their

leadership roles with boards of direc-

tors and senior management. Ironically,

compliance, once a reason to criticize

HR, now becomes a way to elevate the

function and its leaders.

The Field Shifts, Again Federal legislation oiice again has shifted the playing field for

Human Resources. This time, the Sarbanes-Oxley Act (SOX) of 2002 requires HR leaders to rise up to new accountabilities for building an ethical culture, as well as partnering with other leaders, especially in Finance, to insure statutory compliance with the legislation. SOX legislation was designed to restore public trust in corporate account- ability and external auditor independence following the revelation of concealed financial transactions and significant abuses by Enron, HealthSoutb, Worldcom, Cilobal Crossing, and others (PriceWaterhouscC^oopers, 2004). Overall, tbe legislation imposes:

• Fiigher standards for financial rep{)rting by public companies

• Greater acc()untabilit>' from boards of directors for corporate governance

• More stringent standards for insuring fxtcrnal audit independence

• Stiffer civil penalties to corporations for SOX violations

• CTiininal penalties against CEOs or C ; K ) S for significant noncom- pliaiice or "bad faith" financial filings

Implementation and nHJiiitoring of SOX has thus far been the pri- mary responsibility of Finauce, or newly created Compliance Officers operating at tbe top levels of US corporations, but full compliance and effective monitoring requires strategic leadership and operational attention from HR leaders (Deloitte &; Touche, 2003). First, HR lead- ers {iversee a significant portion of company expenses through payroll and lieneFits. Yet HR leaders generally bave little experience in finan- cial and internal controls. Instead they have relied on company processes, without enough direct knowledge of proper controls and accounting. Second, the legislation falls short in recognizing that people make decisions daily about adhering to laws, p{>licies, and company guidelines. SOX does not go far enough witb preventive solutions that address the root of the problem: unethical and illegal

Build Ethical and Transparent Cultures The SOX legislation was founded on the belief that ethical

behavior and an atmosphere characterized by "transparent" financial transactions are essential elements in restoring shareholder confidence. Ihinsparency was a matter of significant concern by law enforcement arms of the SEC while investigating Enron and other violators of SEC and federal legislation. Top management in these corrupt companies effectively obfuscated the facts and the true picture of their business dealings and financial conditions, while enriching chemselves beyond the imaginations of most people.

Where was HR leadership at Enrou? Enron had a Code of Ethics. It was a 65-pagc handbook issued to employees by C!EO Ken Lay; bowcver, senior Enron leadership winked at its own code while creating a culture that encouraged employees to "push the envelope," including cooking the numbers. Enron rewarded employees who produced bottom-line profits, even while they manipulated tbe figures to conceal operating losses. Rewards went to those who played the game, while the few people who raised objections were persecuted. HR leaders were silent and compllcit, as were most of their colleagues.

Wong (2002) described tbis an "ethical deficit," created hy toxic executives. In his view, an organization must have strengths in four areas to be healthy and productive: financial capital, technological capital, human capital, and social-spiritual capital. Enron failed in most of these areas, particularly the last one, the most difficult to man- age and to quantify. FnroEi's executives, and its board, were lacking in ethical leadership and personal integrity.

Now, SOX legislation clearly places the creation of an ethical and transparent culture as an essential, yet still subjective, goal for corpo- rations. The expectation extends beyond attention to purely financial transactions. The new reality acknowledges that senior leaders play the most critical role in successful, ethical companies. They need to be openly supportive and strongly committed to tbe ethical values of the company. Leaders must promote and uphold this commitment in

For all the times HR has been criticized in the past as the policy police, now compliance is vital to ensure ethical behavior, proper compensation practices, and the financial future of the company.

bebaviors performed by employees in tbe company as well as compa- ny agents and outsourced partners.

Compliance, of all things, once again becomes a primary focal point for HR leaders. For all the times HR has been criticized in the past as tbe policy police, now compliance is vital to ensure ethical behavior, proper compensation practices, and the financial future of the company. In achieve this level of compliancL'—much further- reaching than before—HR leaders must engage iu tbese five behaviors:

1. Build ethicnl and transparent cultures 2. Strengthen HR's role in corporate governance 3. Bring executive compensation practices into compliance 4. Adopt robust vendor management prtKcsses 5. Partner witb Finance to liuplement safeguards and ensure

compliance

speeches, directives, company publications, employee meetings, and personal actions. Leaders set the tone for the company's ethics; when they do not, the "grapevine" is quick to spread the story of expedience over ethics.

The HR leader has a clear responsibility to grow this ethical culture. No other position, aside from the CEO, has the scope and reach to external stakeholders and internal employees to build a culture of integrity aud honesty. Progressive policy development, employee training, and controlled monitoring all help create this. Encouraging the reporting of unethical and illegal situations and appropriately addressing unethical and illegal behaviors enables HR to oversee dealing with these issues. Compliance with ethical behavior is necessary daily, in an affirmative manner, not just by exception when things break down (PriceWatcrhouseCoopers, 20()3|.

HUMAN RESOURCE PLANNING 28.3

are three things HR can and should do immediately to bnlld transparency and ethical behavior:

1. Upgrade the code of conduct policy. Creation of a code ot conduct is among the first tangib!e steps a company should use to comnmni- cate company requirements and employee obligations for business and financial conduct, ethical Ix-haviors., and reporting suspected "code of conduct" violations. An improved policy should address the company's supp<irt of fair treatment of employees and the standards of ethical and legal behavior expected of all employees [Hammer, et al., 2003).

• Require all associates to comply with the code of conduct policy and applicable statutes.

• Delineate specific behaviors and practices that are prohibited by the company.

• Adopt procedures of confidential, anonymous reporting of al!eged corporate fraud and code violations.

• Include specific duties and responsibilities in job descriptions for managers and supervisors about training employees on these matters and upholding code of conduct responsibilities.

• Establish procedures for investigating and documenting alleged abuses of the code or violations of SOX.

• Operate a compliance hotline.

• Obligate any esnployee or stakeholder to report suspected fraud or misconduct to a designated company officer.

2. Protect whist!cb[owers. SOX defines the protections afforded employees reporting suspected company violations, so-called "whistle- blowers." The employee need only "reasonably believe" the company to be in a violation of the Act and does not have to be accurate. Companies must put in processes to offer safe harbor to these people.

The legislation makes it unlawful for an employer to "discharge" or in any other manner discriminate against any employee because the employee has filed a complaint or instituted or caused to be mstituted any proceeding under this or related Act or has testified or is about to testify in any proceeding. SOX holds individual executives and super- visors personally Hahle for unlawful retaliation and makes retaliation a felony offense. Executives can be sued personally and held liable for termination and face criminal penalties.

3. Champion ethica! behavior. Written policies can never cover every- thing. HR leaders must reduce the gray areas in policy statements and practice that may confuse ethical behavior or obscure transparent dealings. By supplementing policy statements with training, commu- nications, performance management programs, Icey promotions, and compliance, HR goes a !ong way toward transparency and ethical behavior. As Vickers (2005) noted, HR's job is to cultivate an ethics- friendly environment, in word and defd.

Strengthen HR's role in Corporate Governance In the wake of the scandals. Congress was alarmed especially at the

lack of oversight provided by boards of directors. Board members were criticized !oudly for not providing necessary accountable leader- ship to their chief executives and companies for whom they had fiduciary responsibility. Congress and the SEC concluded that too many boards operated in the "hip pockets" of corporate executives, had little impact upon good governance, and failed to be the checlc and balance upon CEOs they were supposed to be.

hidependent scrutiny by external financial audit firms also was ineffective. Investigations documented that audit firms shielded

themselves from the real transactions of the corporation or, more egregiously, were complicit in obscuring financial matters that violat- ed GAAF guidelines and SEC statutes. As a consequence, financial reporting was lax, and offending companies and their crooked leaders avoided revealing their true business transactions and financial conditions.

HR can help address this, with a broadened charter to establish access to all board members. Access and dialogue with boards and audit committees will help ensure the company is complying with all aspects of SOX. I IR leaders should report on the policies, procedures, and controls for areas that have material impact on the company, including executive and director compensation, employee compensa- tion, payroll, health and welfare, pension, and equity plans. HR should enlist board member support and involvement in various com- mittees that provide directit)n and oversight in corporate plans such as health and welfare, pension, and equity' plans.

Many of the steps to strengthen corporate governance are the direct responsibility of the chief human resource officer.

1. Clarify directors' roles and committee responsibi!ities. HR leaders need to assume visible and active roles witb boards of directors. They should develop and outhne the specific responsibilities of directors in areas of HR compliance, especially in all compensation and benefits matters that have material impact. HR leaders a!so should assist CEOs to oudine the types of specific experiences that would be beneficial for compensation committee membership. Einally, HR executives should detail the involvement required by board members throughout the year for accessibility, decision-making, time requirements, and meeting dates.

2. Educate directors on comp!iance processes and HR's ro!e. HR lead- ers must document al! relevant compliance processes for each materi- al aspect of the company's compensation and benefits programs. Each phase of tbe process (i.e., annual/periodic review, changes, additions; delivery of compensation and benefits; vendor management; and financial accounting) should be provided to board members and reviewed on a frequent basis. As a part of implementing a control process, company audit committees may develop action plans for overseeing the qnarterly review of controls and assessing the ade- quacy of remedial actions to satisfy SOX. Action plans can help a company communicate risk targets and policy, organize the ongoing audit, monitor process, and act to document or fix problems. Recently, HR Magazine (2005) outlined several areas HR can play in board member orientation and education. With access to the board on compensation, benefits, director selection, and succession, HR leaders have great opportunities to expand their roles to implement compli- ance with SOX.

.̂ . Eacilitate effective meetings. HR leaders should lead in organizing efficient and effective meetings for directors in compensation and ben- efit topics. This is an enormous opportunity for HR executives to dis- play leadership. Critical topics include compensation, benefits, key executive additions, new hire terms and conditions, SOX contro!s, sta- tus of employee allegations of wrongful actions, cultural audit results, and updates of employee training in the promulgation of ethical and transparent cultures.

Bring Executive Compensation Practices into Statutory Compliance

!n tbe span of just 20 years, the gap between the compensation for a topical company's senii^r executive and its entry-level employee has widened dramaticallv. What at one time was a ratio of 20:1 has

40 H U M A N RESOURCE P L A N N I N G 2 8 . 3

grown, in many cases., ro a j^ap of 400-500:1. The average range of total compensation for chief executives of US public companies is now $3 to $5 million. These pay levels have been challenged for rhcir legit- imacy, as have the types of performance (or in some cases., nonperfor- mance) incctuives that executives can earn. Some shareholders bave poinrcd out the errors of executive compensation when tbeir interests have diverged from those of enriched executives, and some of the abuses have placed a spotlight on executive compensation. Legislators have installed statutory restrictions and protections for shareholders, rhough pay levels have not changed much.

These new restrictions void many of rhe special compensation arrangements that bave been practiced within rhe executive suite (Bokert &: Hahn, 2002). SOX includes specific restrictions in execu- tive compensation practices that discourage extreme personal financial gain and wealth accumulation to the detriment of shareholders and employees. Severe civil and criminal penalties have been pur inro place ro punish executives who violate these new statures.

Actually, the definition of an executive is of importance. An exec- utive is more broadly defined in SOX tban in SHC documcTirs. Accordmg ro SOX, an executive includes a presidenr, cerrain vice pres- idents, and any orher officers who perform a policy-making funcrion. Kxecunve officers of subsidiaries arc nor deemed ro be execurive officers of the primary corporate body unless rhey are involved in policy-making decision for rhe primary corporate enrity.

A company's board of dirccrors also are included in rhe SOX legislarion.

I Icrc is how to bring compensation pracrices in line witb SOX:

I. Discontinue illegal practices. It is illegal ro provide personal loans, guarantees, credir, or direct or Indirect involvemenr in credir arrange- ments ro executives and officers and direcrors. Also, rrading in com- pany srock during reriremenr plan blackour periods is prohibited, if

moderating jusr a little bit.

3. Monitor compensarion issues and trends. As the SOX legislarion is further interprered and shaped by case law, several areas of compen- sation may be problematic. The areas rhar need monitoring ro insure companies remain compliant include:

• The inclusion of emeritus., advisory, or honorary directors in rhese resrrictions

• Company conrriburions ro splir-dollar life insurance policies

• Loans for margin calls, and/or cashless option redemption

• Rclocarit)n loans

• Rourine cash advances for reimbursable rravel and business purposes

• Personal use of company credir cards

• Company funds for executives' payroll tax obligations for nonqual- ified deferred compensarion bcnefirs

• Signing bonuses subject to repaymenr upon early rermination

• Loans from 401(K.) plans

• failure to repay loans

4. Outline HR's roles and responsibilities. HR leaders should establish and docuinenr rheir roles in execurive compensarion and benefirs wirh respect to CHOs, CFOs, orher officers and board members. HR plays a key role in setting up the criteria for eligibility, conducting periodic reviews of compensation and benefits, recording changes and communicating these in an accurate and rimcly basis to Finance, approving specific pay packages and changes in conjuncrion with rhe board, periodically moniroring compliance ro plans, as well as record- keeping and dara lntegnry. Finally, cenrrahze rhe monitoring of executive employment contracts in the HR department.

Managerial accountability and liability now extend into the business decisions and operations of ogents and sup- pliers. Increased use of outsourcing and partnering have elevated the exposure companies may have with SOX statutes as well as code-of-conduct requirements.

the individual acquired rhe srock in connecrion with employment as a director or execurive officer.

2. Re-shape the company's compensation philosophy. Realign senior leadership pay wirh tbe financial outcomes of rhe business and rhe inreresrs of shareholders and employees. Insure rhere is balance in executive pay plans ro support rhe shareholder's long-rerm inreresrs. Plans thar rely heavily on srock oprions are being furrher scrutinized as "our of balance" with loug-term interests.

Beyond rbe specific rcstricrions and cautionary areas discussed, HR executives should sreer compensarion philosophy and pracrices in directions thar acknowledge a culture of transparency. Compensation and wealrh programs rhar create exrreme motivation for persona! gain at rhe appareur disadvantage of shareholders and employees will increasingly be viewed as counrer ro rhe spirir and rhe law of SOX. (]ash compensarion in contrast ro equity-based compensarioii seems on the rise, wirh executive compensarion levels shovt'ing eariy signs ot

Adopt a Robust Vendor Management Process Hisrorically, the business values and operating practices of suppli-

ers, vendors, and other service providers were nor scrutinized. The prevailing notion was rhat companies purchased "producrs and ser- vices" from these providers, and the means and merhods used by the suppliers were nor particularly relevant. These long-sranding assump- tions are no longer valid. Companies now are erhically and legally bound ro insure rhar pracrices and compliance levels operating wirhin conrracror and vendor companies fall wirhin the policy guidelines and sraruror\' requirements of SOX and other federal and state legislation.

Managerial accountability and liability now exrend inro rhe busi- ness decisions and operations of agenrs and suppliers. Increased use of outsourcing and partnering have elevared rhe exposure companies may have wirh SOX srarures as well as code-of-conducr requiremenrs. Orher legal ennties—contractors and tbeir employees, consulrants, joinr ventures, partners, suppliers, downstream resellers—acting as

H U M A N RESOURCE P L A N N I N G 2 8 . 3 41

ijompany agenrs conic wirhin the scope of accountability tor SOX compliance.

For HR leaders, rhis becomes a major area of attention, with so many people-related services now outsourced to third-party vendors. The era of outsourcing to a trusted vendor under an "assumed" cumpliance to standard approaches is over. HR leaders must have documented internal controi procedures and accountability reviews wirh all vendors that handle employee services. Areas of particular scrutiny include matters that require financial estimation and future proiections resultmg in establishment or adjustment to reserve accounts or income statement or balance sheet calculations.

Here's what to do:

1. Limit service offerings provided by external audit firms. Companies are limiting service from audit firms to either audit or the firm's other consulting services—not both—as a step toward improved internal controls and transparency. Services now restricted from being provid- ed by external audit firms include bookkeeping or other services related to acconnting records or financial statement of the audit, creation, or management of financial information systems design and implementation, valuation and actuarial services, internal audit outsourcing services, HR functions, investment banking or broker services, and legal services or any expert services unrelated to audit.

2. Hold vendors providing contingent workers to company standards. Temporary agency workers, contract employees, consultants, and ont-

consisteudy complying with depository responsibilities regarding the plan assets in accordance with the trustee agreement?), problem resolution (e.g.. Does vendor have a documented problem-resolution procedure in place with guaranteed response times and escalation pro- cedures?), employee communications (e.g.. Is vendor preparing SPDs for all eligible employees?), compliance (e.g.. Is vendor consistently preparing an annual SAS 70 Report?), management reporting (e.g., ls vendor providing management reports to company?), actuarial (e.g.. Is vendor following accepted FAS standards?), and security and disas- ter recovery (e.g.. What are vendor's forma! back-up procedures and disaster recovery plan?).

Partner with Finance fo Insure Compliance A new dynamic is emerging in every public company. Finance and

Audit are providing much greater levels of internal controls and scruti- ny (Ernst & Young, 2004).

Although Fiuance and Audit have been in the lead, HR activities have a significant impact upon the financial condition, legal compli- ance, and ethical reputation of tbe company. Priority areas include the previously mentioned areas of executive compensation, defined bene- fits programs, health and welfare programs, payroll operations, and recruitment activities—areas where financial forecasts and significant monetary transactions occur.

In this world, management by exception is obsolete. A major emphasis in Section 404 of the legislation is the upgrading of internal

Sarbanes-Oxley elevates the accountabilities and responsibilities of HR leaders toward increasing levels of business focus and requires a strong and informed partnership v îth Finance, as well as with other corporate leaders.

soLirced workers wbo conduct their business on company property or through company networks raise concerns over the issue of co-employment and SOX-related statutes. The recruitment, back- grcjund checks, tax payments made by their actual employers, and even the legal working status of these contingent workers fall into areas with a possible impact on compliance issues. HR leaders should create policies and conduct audits to insure hill compliance.

3. Estabbsh required contractor and vendor policies and procedures. Starting with the RFP process and continuing through the provision of services, HR needs to establish, monitor, and take corrective actions for all vendors that handle compensation and benefits, payroll, heakb and welfare, retirement plans, nonqualified plans, and other pay arrangements. HR leaders cannot assume that a reputable vendor is delivering the intended benefits, compliance, record keeping, and reporting without taking an active role in this compliance.

HR leaders should insure that department heads have a docu- mented vendor management process and that vendor audits are performed routinely. An audit checklist will contain responsibilities for the vendor based on the legal, service agreement, and company plan requirements. For example, sections of the defined benefits vendor audit would include administrative provisions (e.g.. Is vendor accurately aud m a timely manner calculating participant vesting levels?), management and disbursement of benefits (e.g.. Is vendor

control processes that insure compliance and "flag" transactions or situations that deviate from established policy or procedures. SOX places significant importance on internal control procedures, as well as formal documentation and record keeping of compliance. Unfortunately, HR does not have the internal controls or financial reporting as core competencies; therefore, it is imperative that effective communications and collaboration be established among HR, Finance, Legal, and Treasnry departments to implement the required controls.

Here are three ways to partner with Finance.

1. Adopt a standard approach for managing internal control procedures. An effective "internal control" discipline is the key to managing these SOX accountabilities. Most HR Functions do have documentation of many internal processes, but most have not com- pleted tbe comprehensive documentation aud process evaluation that independent auditors will begin to request. Do not mistake process for controls. F.xhibit I shows these levels of internal controls. The most commonly used framework for evaluating internal controls is that contained in the report of Tbe Committee of Sponsoring Organizations of the Treadway Commission (COSO). This report identifies categories of controls: effectiveness and efficiency in opera- tions, reliability of (financial) reporting, and compliance with laws and regulations.

42 H U M A N RESOURCE P L A N N I N G 2 8 . 3

EXHIBIT 1

Internal Control Rigor LEVEL 1

Uru-eliable

C;ontrols are . . .

• N o t in place

LEVEL 2 Informal

Controls are . . .

• Designed but inade- quately documented

• Mostly people-driven

• Not communicated through forma! policy or training programs.

LEVEL 3 Operarional

Controls are . . .

• Documented and com- municated to employees

• Deviations or excep- tions may not be reported and corrective action haphazard

• Sporadic monitoring may occur

LEVEL 4 Monitored

Controls are . . .

• Operational with peri- odic testing of effective- ness

• Automation or tools may be used to spot check compliance

• Procedures are in place to take immediate cor- rective after violations or policy deviations occur.

LEVEL 5 Optimized

Controls are . . .

• Automation or tools continuously track compliance

• Procedures are in place to block policy devia- tions from occurring

• Formal risk manage- ment procedures are operational.

Source: Adapted from Ernst &c Young, 2004.

The relevant questions are:

• Do you have policies?

• Arc you in control of your policies and procedures?

• Are you able to provide documentation of compliance?

2. Institute a regular audit review of key human resources processes. VCbrkinj; with your Fiuanue organization, prepare an audit protocol of those HR processes that may have significant SOX compliance value. Regularly conduct HR audits to uncover deficiencies in processes and outcomes. Finally, invest in remediation of those processes that are assessed to be noncompliant and regularly disclose these to audit.

3. Develop feedback channels in performance reviews and attitude surveys for rcinforcmg and monitoring compliance issues. Examine your current performance management and reward systems to insure that these promote and reinforce an ethical and transparent culture. They should evaluate both results and tbe behaviors that are used to get results. Insure that anyone evaluated below standard on any o( the values or ethical standards is flagged and reviewed for appropriate actions. HR leaders play significant roles in promotion decisions and should insure that role models for the company's values and ethics get ahead. Periodic employee survey and feedback processes to monitor adherence to company ethics should be used. This t>'pe of monitoring is essential in compliance efforts.

Conclusion (Compliance with SOX is not optional, and is no longer the sole

accountability ot Finance or the compliance officer. Sarbanes-Oxley elevates the accountabilities and responsibilities of HR leaders toward increasing levels of business focus and requires a strong and informed partnership wirh Finance, as well as with other corporate leaders. HR accountabilities span policy creation, stakeholder communication and trainmg, completion of regular and proactive compliance audits, and, finally, full documentation and storage of audit results and remedial activiries. Refer to Exhibit 2 (on the next page) for some checklist examples to assist in the audit of SOX compliance. Human Resources

leaders who are willing to step up to these heightened compliance accountabilities will have bigger and louder voices at tbe executive committees and boards. Ironically, stepping back to the future of com- pliance helps HR in its modern business partner role.

BIOGRAPHICAL SKETCHES

Patrick R. Dailey is a senior HR leader with experience in both con- sulting and corporate organizations including PepsiCo, Lucent Technologies, and Hewlett-Packard. Currently, Pat works with Chicago Change Partners, an HR consulting firm. He earned a Ph.D. in I/O Psychology from the Uuiversitv" of Houston.

David A. Brookmire is President of Corporate Performance Strategies, a human resource and leadership development consulting company specializing in HR effectiveness, interim HR leadership, and executive coaching. Prior to starting his company, David worked in HR with organizations including Cienerai Motors and PepsiCo, serving in senior HR and business roles. He earned his Ph.D. degree in I/O Psychology from the University of South Florida.

REFERENCES B<ikeri, M.E., & Hahn, A. \ZOOl]. '•Sarkinc^-Oxley Impacts Executive Compensation and Kmplnyiv Rt'rit-tits." Davis anil Gilhert, LLC Resoiirte Centtr (200). h ttp. //w w w. dg I a w.cu m/resou re e/ t,i 112 01 )2_0 2. s h tm I,

Dfloittf Si: T<Hichf (2003), "Siirbimes-Oxlt-y Act-SiiRL-y on the Implications tor I IK," White Paper.

Krnsr &; Young (2004). "Preparing f<ir Internal Control Reporting—A Guide of Managemenr's Assessment Under Section 404 of the Sarhanes-Oxley Act," White Paper

Hammer, I., Mnn, N., Stuart, L.E,, &C Sullivan, S. K. (2003). "Navigating the Civil and (!nminal Whistleblower Provisions of the Sarbanes-Oxley Act." Americari Corporate Cnimsct Asiociation (ACCA) Docket, March 2003: 23-41.

PriceWarerhouseCooptTS (2003). "The Sarbanes-Oxley ACT of 2002: Strategics for Vk'cting New Internal C:ontrol Reporting Challenges: A White Paper."

PriceWaterbouseOiopers (2004). "Sarbanes-Oxlcy Act: Section 404: Practical Guidance for Management." White Paper.

HUMAN RESOURCE PLANNING 28.3

EXHIBIT 2

SOX IMPACT AREAS

Build P t̂hicai C'lilturc.

Strengthen HR's Role in Corporate Governance.

Bring Executive Compensation Practices into Compliance.

Adopt Vendor Management Processes.

Partner with Finance to Implement Safeguards.

WHAT CAN GO WRONG

i.xccutivcs do not compK' wirh stared viiltics. Executives engage in illegal behavior. Employees discouraged or punished for speaking up. HR does not have adequate sensing tools in place to detect problems. HR not viewed as credible or confidential by employees. Code of Conduct not documented, disseminated, and lack of training. Lack of board oversight in this area.

HR leader not part of board meetings. CEO shields insiders from attending meetings. Board members not educated on their roles and responsibilities. Board members not actively involved in the business beyond the meetings. HR leader lacks credibility" with the executive team. HR leader not providing effective leadership to HR team for SOX compliance.

Incorrect earning per shate calculations could result in earnings misstatcmcnt. Executive loans made or not repaid. Executive stock trading during 40IK bliickout could t r i ^ e r SEC inquiry. Stock grants not properly treated for taxation. Improper stock option execution can trigger supplemental taxation. Stock option expense recorded in wrong period. Stock option valuation assumptions are incorrectly determined. Windfall compensation awards out of step with the overall performance of company can trigger investor

litigation. FAS 123 footnotes could be based upon inaccurate assumptions.

HR leader does not implement controls. HR department heads (e.g.. Benefits) do not have a documented process. Vendor audit checklist not documented. Board does not meet with key vendors on periodic basis. Appropriate vendor certifications are not required. Vendor calculations are not monitored for accuracy. Periodic vendor audits not performed.

Benefits, pension, and post-employment benefits costs not properly recorded for P&L document. Impact of census data and benefits claims data miscalculated by actuary affecting accruals. Pension and benefits reserves are incorrectly calculated and stated because of incorrect assumptions. Miscalculation of service credit for employees of acquired operations. Job eliminations not legally executed according to statutes and accounting standards in various countries. Co-employment violations could result in pension and benefit miscalculations. Payroll expenses could be recorded in incorrect periods and or fictitious payments made. Sales incentive compensation paid against revenue that was incorrectly recognized.

HUMAN RESOURCE PLANNING 28.3