Report: Companies Still Working to Automate SOX Compliance Work

Compliance

A new report finds that companies still haven’t completely mastered SOX compliance. It finds that more than half reported an increase in time spent on SOX, even as they work to add automation to the process.

The fourteenth annual Sarbanes-Oxley (SOX) Compliance Survey, conducted by global consulting firm Protiviti, finds that 74 percent of organizations are seeking opportunities to further enable automation, while 58 percent reported an increase in hours spent on SOX compliance in the last year.

Companies are prioritizing investments in automation and broader enabling technologies, such as GRC solutions, as well as advanced technology tools, such as artificial intelligence (AI) and machine learning (ML) to support SOX compliance activities. These technologies help counteract pressure from the PCAOB and external auditors to increase scope and procedures. The SEC’s recently adopted rules related to cybersecurity disclosures and highly anticipated climate disclosure rules only increase the potential for expanded scope.

Companies prioritizing automation as a way to moderate rising cost pressures are experiencing increased efficiency, effectiveness, and a decrease in business and operational costs. Yet when faced with automation opportunities, many internal audit and finance leaders cite lack of time to explore automation and enabling technologies due to other priorities (39 percent), lack of effort to implement, train, govern, and maintain the new systems (34 percent), and lack funding or executive buy-in (31 percent).

“With Generative AI and large language models (LLMs) now a top technological consideration for business, organizations need to focus on areas including data governance, change management, and upskilling when pursuing these new technologies,” the report’s authors write. “Otherwise, they will struggle to reap the benefits. The increase in hours spent on SOX compliance during the most recent fiscal year underscores the need to create and implement sustainable change through technology tools and automation.”

“The investment in technology and automation has the potential to deliver strong ROI – helping to streamline routine tasks, increase the quality and efficiency of communications, enhance the effectiveness of the overall program and allow for a more optimal allocation of resources,” says Andrew Struthers-Kennedy, a Protiviti managing director and leader of the firm’s Internal Audit and Financial Advisory practice. “There is significant untapped potential through the implementation of automation, enabling technologies and increasingly GenAI and LLMs.”

Increased Regulatory Scrutiny

Technology and automation have helped companies manage an increasing volume of disclosure requirements from the SEC. The SEC’s recently adopted rules around cybersecurity disclosures highlight the broader changing landscape of non-financial data reporting for SOX compliance and how organizations are preparing for it.

“The SEC rule will inherently increase disclosures related to cybersecurity risk management, governance and material incidents. With a quickly evolving cyber threat landscape and an increasing vulnerability footprint for many organizations, cyber risk will remain poised for having a material impact on financial reporting and SOX compliance,” added Struthers-Kennedy.

When looking at ESG more closely, the survey found that 37 percent of organizations are already disclosing ESG metrics, however, only 16 percent have added additional controls to address the SEC’s proposed climate change requirements, a number expected to increase significantly in the upcoming years.

The Protiviti report, titled “The Evolution of SOX: Tech Adoption and Cost Focus Amid Business Changes, Cyber and ESG Mandates,” is based on a survey of more than 560 audit and finance leaders, representing a wide range of industries. The survey was conducted with support from AuditBoard, a leading cloud-based audit, risk, IT security, and ESG management platform, in April and May of 2023.   Internal audit end slug

Leave a Reply

Your email address will not be published. Required fields are marked *