QCommission and Sarbanes-Oxley Compliance

 
Overview

The U.S. Congress passed the Sarbanes-Oxley act in 2002, in response to multiple accounting scandals and collapses of major companies such as Worldcom, Enron and Arthur Anderson. The primary goal of this act is to protect investors by improving the accuracy and reliability of corporate financial information. It has done this by specifying new standards of accountability, needed controls, disclosure requirements and it is enforcing it by new penalties for acts of wrongdoing and non-compliance.

The most significant part of the act, called Section 404, requires a company’s corporate officers to assess whether the company’s financial reporting systems are effectively controlled. The act includes controls over internal financial processes, security, retention of information and auditability. Financial processes that have material impact on the company’s statements have to be especially compliant to these requirements.

Sales Commissions in many companies can account for 5 to 10% of the company’s revenue There have been many instances where a company’s financial numbers have been significantly different from estimates due to mis-management of the sales commission estimation and calculation process. Invariably, this is also one of the areas where a lot of flexibility is required and business managers are allowed to have the flexibility. In most companies sales commission plans are designed at the sales management level and calculated using spreadsheets. The sales commission process typically misses very basic auditability controls.

QCommission is a powerful, flexible sales commission software tool. It calculates sales people’s compensation, accurately, quickly and professionally. QCommission, the sales commission software, offers complete Sarbanes-Oxley compliance in its Premier models. The list of Sarbanes-Oxley requirements as it affects the sales commissions process is enumerated below.
 
Sarbanes-Oxley Compliance Checklist
Security
 
   
A unique Id and password is required to access the application. Compliant
Passwords can be required to be alphanumeric characters, with at least one character of both types. Compliant
Passwords can be required to be a minimum of 7 characters. Compliant
Password should not be useable for a minimum period of time after it has been set. Compliant
Password should become invalid after a specified number of attempts. Compliant
The last n number of passwords should not be reusable as a new password. Compliant
Password should be set to expire after a number of days Compliant
System default passwords can be turned off as legitimate passwords. Compliant
Should be able to restrict certain common passwords. Compliant
Guest Account access can be disabled. Compliant
Should be able to have a user role that is only allowed to execute security functions. Compliant
Authentication data should be encrypted. Compliant
Users should not have direct access to the database. Compliant
Users should have role based security that allows only specific functionality access. Compliant
 
 
Audit
 
User access should be logged Compliant
All changes to critical data should be tagged with user and time information. Compliant
Process execution should be logged with user and time information. Compliant
All security changes should be mandatorily logged. Compliant
All logged information should be reviewable as reports. Compliant
Database should be backed up at important processing junctures. Compliant
All imported data should be maintained in the system. Compliant
All commission credits should be available in the system. Compliant
All commission calculations should be available in the system. Compliant
Any commission calculation should be backtrackable to identify the calculation history. Compliant
 
 
 
Approvals
 
   
Import/Export processes should be restrictable to commission administrator role. Compliant
Commission calculation processes should be restrictable to commission administrator role. Compliant
Commission distribution processes should be restrictable to commission administrator role. Compliant
Commission Plans should have the ability to be approved before execution. Compliant
Commission statements should be reviewable before being distributed. Compliant
Commission statements should be copyable to managers and other reviewers. Compliant
 
 
Conclusion
QCommission protects your company by making sure your commission calculations are secure, auditable and compliant with Sarbanes-Oxley requirements.