New Protiviti Survey Finds Companies Prioritising Enabling Technology for SOX Compliance

Audit and finance leaders are investing in automation and advanced technology tools with continued PCAOB pressures and ESG and Cyber disclosure mandates as a backdrop

MENLO PARK, Calif. – September 12, 2023 – The fourteenth annual Sarbanes-Oxley (SOX) Compliance Survey, conducted by global consulting firm Protiviti, finds that 74% of organisations are seeking opportunities to further enable automation, while 58% reported an increase in hours spent on SOX compliance in the last year. Companies are prioritising investments in automation and broader enabling technologies, such as GRC solutions, as well as advanced technology tools, such as artificial intelligence (AI) and machine learning (ML) to support SOX compliance activities. These technologies help counteract pressure from the PCAOB and external auditors to increase scope and procedures. The SEC’s recently adopted rules related to cybersecurity disclosures and highly anticipated climate disclosure rules only increase the potential for expanded scope.

Companies prioritising automation as a key tool to moderate rising cost pressures are experiencing increased efficiency, effectiveness and a decrease in business and operational costs. Yet when faced with automation opportunities, many audit and finance leaders cite lack of time to explore automation and enabling technologies due to other priorities (39%), lack of effort to implement, train, govern and maintain the new systems (34%), and lack funding and/or executive buy-in (31%).

With Generative AI (GenAI) and large language models (LLMs) now a top technological consideration for business, organisations need to focus on areas including data governance, change management and upskilling when pursuing these new technologies. Otherwise, they will struggle to reap the benefits. The increase in hours spent on SOX compliance during the most recent fiscal year underscores the need to create and implement sustainable change through technology tools and automation.

“The investment in technology and automation has the potential to deliver strong ROI – helping to streamline routine tasks, increase the quality and efficiency of communications, enhance the effectiveness of the overall programme and allow for a more optimal allocation of resources,” said Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm's Internal Audit and Financial Advisory practice. “There is significant untapped potential through the implementation of automation, enabling technologies and increasingly GenAI and LLMs.”

Cybersecurity & ESG Disclosures Driving Increased Regulatory Scrutiny

Technology and automation have helped companies manage an increasing volume of disclosure requirements from the SEC. The SEC’s recently adopted rules around cybersecurity disclosures highlight the broader changing landscape of non-financial data reporting for SOX compliance and how organisations are preparing for it.

“The SEC rule will inherently increase disclosures related to cybersecurity risk management, governance and material incidents. With a quickly evolving cyber threat landscape and an increasing vulnerability footprint for many organisation, cyber risk will remain poised for having a material impact on financial reporting and SOX compliance,” added Struthers-Kennedy.

When looking at ESG more closely, the survey found that 37% of organisations are already disclosing ESG metrics, however, only 16% have added additional controls to address the SEC’s proposed climate change requirements, a number expected to increase significantly in the upcoming years.

The Protiviti report, titled “The Evolution of SOX: Tech Adoption and Cost Focus Amid Business Changes, Cyber and ESG Mandates,” is based on a survey of more than 560 audit and finance leaders, representing a wide range of industries. The survey was conducted with support from AuditBoard, a leading cloud-based audit, risk, IT security, and ESG management platform, in April and May of 2023.

Survey Resources Available

The annual Protiviti SOX Compliance Survey benchmarks compliance costs, hours, processes and improvements, including how these areas are affected by current business conditions. The survey report is available for complimentary download here, as is a podcast featuring Struthers-Kennedy and Angelo Poulikakos, a managing director and global leader of Protiviti’s Technology Audit practice, discussing key findings from the study.

Protiviti and AuditBoard will conduct a free, CPE eligible one-hour webinar on September 26 at 1:00 p.m. EDT with Scott Madenburg, senior market advisor, AuditBoard, along with Protiviti’s Tom Moon, a managing director, and Laura Price, director, to further explore the study's results and implications.

About AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, IT security, and ESG management. More than 40% of the Fortune 500 leverage AuditBoard to move their businesses forward with greater clarity and agility. AuditBoard is top-rated by customers on G2, Capterra, and Gartner Peer Insights. To learn more, visit

About Protiviti

Protiviti ( is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and its independent and locally owned member firms provide clients with consulting and managed solutions in finance, technology, operations, data, digital, legal, HR, risk and internal audit through a network of more than 90 offices in over 25 countries.


Named to the Fortune 100 Best Companies to Work For® list list for the 10th consecutive year, Protiviti has served more than 80 percent of Fortune 100 and nearly 80 percent of Fortune 500 companies. The firm also works with government agencies and smaller, growing companies, including those looking to go public. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI).