MENLO PARK, Calif., August 9, 2018 – According to the 2018 Sarbanes-Oxley (SOX) Compliance Survey released today by global consulting firm Protiviti, most companies are not taking advantage of available tools and technology, such as automated controls and testing and robotic process automation (RPA), to reduce the time and cost expended to achieve compliance.
“In the age of digital transformation, it has never been more important for companies to take responsibility and automate their compliance processes, as well as explore the use of artificial intelligence and predictive analytics in their control structure,” said Brian Christensen, an executive vice president at Protiviti and leader of the firm’s global Internal Audit and Financial Advisory practice. “Change may be uncomfortable, but compliance leaders need to get on board because the train is leaving the station.”
The annual Protiviti survey found that less than one in three organizations are using technology tools such as automated process approval workflow, access controls and user provisioning, and nearly two-thirds (63 percent) are still not using technology tools at all in the testing of their controls to comply with SOX Section 404. While RPA promises to automate currently manual and repetitive tasks with higher accuracy, only 11 percent of organizations surveyed are using RPA. However, there is some good news as nearly half of survey respondents (49 percent) confirmed they are planning to embed technology in their SOX activities by 2019. Also encouraging is the finding that 83 percent of companies in their first year of SOX compliance are using process mining and analytics.
The study also found that SOX compliance costs and hours continue to go up for some companies, which is due in part to increased external audit costs for more rigorous SOX compliance testing and reporting – attributed to greater demands on auditors by the Public Company Accounting Oversight Board (PCAOB) – and an increase in merger and acquisition activity. SOX compliance costs typically hinge on a company’s filer status, size, SOX year and its unique circumstances and structure, including the numbers of controls, as well as the number of locations and regions in which it operates.
“From new accounting standards and continuing PCAOB inspections of external auditors to ongoing digital transformation efforts, the landscape for SOX compliance continues to shift,” said Jordan Reed, a Protiviti managing director in the firm’s internal audit practice. “In this environment, progressive companies that take advantage of new technologies, tools and data analytics will benefit from more consistent and accurate testing results, fewer control deficiencies and reduced compliance spend.”
The Protiviti study, titled Benchmarking SOX Costs, Hours and Controls, shares data gathered during the first quarter of 2018 from more than 1,000 executives and leaders in finance and internal audit functions with publicly held companies in a broad mix of industries. The majority of companies represented in the global survey are from North America, and 55 percent have revenues of $1 billion or more.
Resources Available to Learn More; Webinar on August 21
The SOX Survey report, an infographic of key findings, and videos are available for complimentary download at www.protiviti.com/soxsurvey.
Additionally, Protiviti will host a webinar on August 21 at 9:30 a.m. PDT to discuss key take-aways from the survey. Moderated by Christensen, the webinar features guest speaker Tom O’Reilly, director and internal audit practice leader, AuditBoard. They will be joined by Andrew Struthers-Kennedy, managing director and global IT audit lead, Protiviti, and Eric Groen, managing director, internal audit practice, Protiviti. Please register for the free 75-minute webinar here.