A new survey finds that companies aren’t moving to advanced technologies in big numbers to address the difficult work of complying with the Sarbanes-Oxley Act (SOX). The survey also finds that nearly 20 years after SOX took effect, companies are spending more time and money to comply with the regulations.
The eleventh annual Sarbanes-Oxley (SOX) Compliance Survey, conducted by consulting firm Protiviti, identified that only 46 percent of audit teams are using advanced technologies to optimize compliance processes, a decrease from the previous year’s survey findings. “The longstanding challenges associated with compliance with the SOX, such as the cost of compliance and reliance on time-consuming manual tasks, are being exacerbated by the COVID-19 pandemic, as finance and audit teams are required to perform audit tasks remotely,” Protiviti said in a statement.
“The tasks associated with SOX compliance continue to be significant and time-consuming,” said Brian Christensen, executive vice president and global leader of Protiviti’s internal audit and financial advisory practice. “The pandemic brings added burdens to the SOX compliance process, and it will be important for companies to reassess any temporary changes in control design and operation to ensure they continue to be aligned with their risk appetite as the business environment begins to normalize.”
Register now for the June 18 Webinar: Conducting Risk Assessments the Total Quality Auditing Way (1 CPE).
Taking Longer on SOX
The new survey revealed that the number of hours devoted to the SOX compliance process continues to rise, despite regulatory requirements remaining the same year-on-year. Among companies that saw an increase in their SOX compliance hours, 67 percent reported the number of hours went up by more than 10 percent over the prior year, highlighting their lack of automation for simple functions. This finding can also be attributed to the increasingly more complex operations of modern companies. Yet SOX teams that rely solely on spreadsheet and word processing applications, or legacy GRC (governance, risk, and compliance) systems to manage their control environments, spend extensive time dealing with version control issues, manually making individual control changes across a dozen or so documents and preparing status reports.
The cost of compliance also continues to climb. While internal SOX compliance costs dropped slightly in fiscal year 2018, they rose again in this year’s survey, continuing a longstanding trend over the 11 years of our study. Despite efforts and expectations to the contrary, the hours and level of commitment dedicated to SOX compliance have not decreased notably over the past decade. For large accelerated filers, the cost of SOX compliance increased an average of 5 percent, and it increased by an average of 15 percent for accelerated filers.
While RPA (robotic process automation), GRC, data analytics and advanced technology tools would better enable SOX work to be performed more efficiently and effectively, many companies surveyed expressed reluctance about embracing centralized control testing and increasing their use of automation. However, companies are starting to take notice, with a quarter of those who do not currently utilize technology tools in their organization’s SOX compliance process responding that they plan to do so in the next fiscal year and nearly half (48 percent) responding that they plan to do so within two years.
Among the survey respondents already leveraging technology in their organization’s SOX compliance process, it is most frequently applied in testing the accounts payable process (48 percent), financial reporting process (43 percent), and account reconciliations process (43 percent).
“The current pandemic is a vivid reminder of how important it is for audit leaders to be resilient, adapt to unexpected and disruptive events and ensure they can complete SOX compliance activities even when they are dispersed and working offsite,” said Chris Wright, a Protiviti managing director and leader of the firm’s Business Performance Improvement practice. “Now is the time to address longstanding industry resistance to using technology and automation that has been holding back the evolution of compliance teams for years.”
The Protiviti report, titled “SOX Compliance Amid a New Business Equilibrium,” is based on a survey of more than 700 audit, compliance and finance leaders and professionals at U.S. companies, representing a wide range of industries. The survey was conducted with support from AuditBoard, a leading cloud-based audit, risk, and compliance software company, during the first quarter of 2020, based on the fiscal year 2019. 