A SOC to the System: keeping your HR in check
There is a lot I am charged with as chief operations officer for NorthgateArinso (NGA) but one of my most important roles is keeping NGA, and by extension our clients, in check.
Compliance may a dreaded word full of penalties and anxieties for many executives, but I view it as a signal for opportunity. An opportunity to prove our commitment of quality service to our clients...an opportunity to ensure our clients have the support and accuracy they need to be successful…and an opportunity to bring the full benefit of HRO to fruition.
So what does compliance have to do with HR outsourcing? Companies enter into HR BPO arrangements because their HR landscape is complex and best serviced by outside expertise. With their sophisticated operations and needs, however, HR BPO clients expect assurance that their outsourced services are being properly performed and monitored. This is especially crucial given BPO clients’ focus on accurate financial reporting. Simply put, compliance is key.
SOC1 means peace of mind
NGA specializes in helping its clients successfully advance their business goals by allowing them to focus on the strategic tasks of their jobs, while NGA handles HR administrative elements, such as payroll and insurance processing. One reason our clients can trust us with their HR operations is because they know that we have the controls and approach to compliance necessary for accurate reporting and transparency. This confidence is in part owned to SOC1.
SOC1 is not just another acronym in the jargon-filled world of HR outsourcing and technology, but a critical proof point that works to solidify NGA as a leader in the HRO BPO space. For those of us not immersed in the world of compliance, SOC1 stands for Service Organization Control Reports, which verify that a service organization, such as NGA, has completed an in-depth audit of its internal control processes, including IT and enterprise wide controls, related to its outsourced services.
HR matters to financial compliance
This audit and process is vital to our business and our clients’ success. Due in part to the passing of the Sarbanes-Oxley Act – which requires a company’s annual confirmation that its internal controls over financial reporting are effective – accuracy and transparency around HR and financial reporting are crucial for our clients.
NGA and other service organizations that provide outsourced HR and financial services can affect the overall financial presentation of a client company. As such, assuring that our outsourced services are being properly performed and monitored in order to ensure the successful presentation of our clients’ financial reports is a top priority. We never want to be the reason a client is cited for non-compliance.
But adherence to SOC1 is only in part about quality assurance regarding HR and financials. We seek to bepartners to our clients, not just vendors. As such, completing successful SOC1 audits provides HR BPO clients with a sense of trust regarding NGA’s capabilities and technologies.
It helps prove our dedication to not only that client relationship, but also our relationship with the entire industry. Outsourced services are only a benefit when they are a support and compliment, not a complication, to the company’s financials.
Clean bill of health
NGA regularly undergoes SOC1 audits to ensure our clients have the financial content they need for accurate reporting. Our SOC1 audit specifically:
- provides an independent, third-party assurance around the adequacy of our internal controls
- demonstrates that NGA has a sound internal control environment over financial reporting data
- establishes an avenue for identifying opportunities for improvement in business processes and management of information technology operations NGA enjoyed unqualified (or a “clean bill of health”) SOC1 audits in 2011 and is currently underway in its 2012 audit cycle.
But compliance for NGA does not stop with SOC1. We hold a number of certifications to internationally defined standards to ensure the quality of our outsourcing services and processes. Some of these certifications include:
- ISO 9001- to ensure efficient and effective quality management processes are in place
- ISO 27001- regarding information security to validate to our customers that their employee population’s personal data is safe
- BS 25999- focused on business continuity to provide comfort to our clients that NGA is able to maintain its service operations despite disruptions beyond our control; this standard is transitioning to the ISO 22301 throughout 2013
Simply stated, NGA understands that effective compliance controls are essential to the success and prosperity of our clients. While I am hyper focused on ensuring that our systems and our clients are compliant, compliance should be a continuous and strategic focus for us all. How are you and your teams working with your clients to ensure successful reporting and compliance?
I’d love to hear your thoughts.
- Paul Hutchison