Use of Automation Still Low Despite Technology’s Potential to Increase SOX Compliance Efficiency, Finds Protiviti Survey

Press Release

MENLO PARK, Calif., August 9, 2018 – According to the 2018 Sarbanes-Oxley (SOX) Compliance Survey released today by global consulting firm Protiviti, most companies are not taking advantage of available tools and technology, such as automated controls and testing and robotic process automation (RPA), to reduce the time and cost expended to achieve compliance.

“In the age of digital transformation, it has never been more important for companies to take responsibility and automate their compliance processes, as well as explore the use of artificial intelligence and predictive analytics in their control structure,” said Brian Christensen, an executive vice president at Protiviti and leader of the firm’s global Internal Audit and Financial Advisory practice. “Change may be uncomfortable, but compliance leaders need to get on board because the train is leaving the station.”

The annual Protiviti survey found that less than one in three organizations are using technology tools such as automated process approval workflow, access controls and user provisioning, and nearly two-thirds (63 percent) are still not using technology tools at all in the testing of their controls to comply with SOX Section 404. While RPA promises to automate currently manual and repetitive tasks with higher accuracy, only 11 percent of organizations surveyed are using RPA. However, there is some good news as nearly half of survey respondents (49 percent) confirmed they are planning to embed technology in their SOX activities by 2019. Also encouraging is the finding that 83 percent of companies in their first year of SOX compliance are using process mining and analytics.

The study also found that SOX compliance costs and hours continue to go up for some companies, which is due in part to increased external audit costs for more rigorous SOX compliance testing and reporting – attributed to greater demands on auditors by the Public Company Accounting Oversight Board (PCAOB) – and an increase in merger and acquisition activity. SOX compliance costs typically hinge on a company’s filer status, size, SOX year and its unique circumstances and structure, including the numbers of controls, as well as the number of locations and regions in which it operates.

“From new accounting standards and continuing PCAOB inspections of external auditors to ongoing digital transformation efforts, the landscape for SOX compliance continues to shift,” said Jordan Reed, a Protiviti managing director in the firm’s internal audit practice. “In this environment, progressive companies that take advantage of new technologies, tools and data analytics will benefit from more consistent and accurate testing results, fewer control deficiencies and reduced compliance spend.”

The Protiviti study, titled Benchmarking SOX Costs, Hours and Controls, shares data gathered during the first quarter of 2018 from more than 1,000 executives and leaders in finance and internal audit functions with publicly held companies in a broad mix of industries. The majority of companies represented in the global survey are from North America, and 55 percent have revenues of $1 billion or more.

Resources Available to Learn More; Webinar on August 21

The SOX Survey report, an infographic of key findings, and videos are available for complimentary download at

Additionally, Protiviti will host a webinar on August 21 at 9:30 a.m. PDT to discuss key take-aways from the survey. Moderated by Christensen, the webinar features guest speaker Tom O’Reilly, director and internal audit practice leader, AuditBoard. They will be joined by Andrew Struthers-Kennedy, managing director and global IT audit lead, Protiviti, and Eric Groen, managing director, internal audit practice, Protiviti. Please register for the free 75-minute webinar here.

About Protiviti Inc.

Protiviti ( is a global consulting firm that delivers deep expertise, objective insights, a tailored approach, and unparalleled collaboration to help leaders confidently face the future. Protiviti and its independent and locally owned Member Firms provide clients with consulting and managed solutions in finance, technology, operations, data, analytics, governance, risk and internal audit through its network of more than 85 offices in over 25 countries.

Named to the 2021 Fortune 100 Best Companies to Work For® list, Protiviti has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Ready to work with us?

Kathy Keller
Kathy Keller