The increasing number of hours devoted to Sarbanes-Oxley compliance, along with the COVID-19 pandemic, have accelerated the need to use technology and automation to cope, according to a new survey.
The
The Sarbanes-Oxley Act of 2002, which was passed after a wave of accounting scandals in the early 2000s, required companies to regularly do audits of their internal controls, get sign-offs from management on financial reports, established the Public Company Accounting Oversight Board to oversee audit firms, mandated enhanced financial disclosures, as well as other reforms. Most public companies have by now grown accustomed to SOX compliance, but the costs haven’t gone down over the years.
“While audit teams are eager to make SOX compliance and other regulatory requirements less manually intensive through automation so that they will have more capacity to focus on higher-level strategic tasks, we're finding that the majority don’t know where to start, especially without buy-in from their senior leaders,” said Brian Christensen, executive vice president and global leader of Protiviti's internal audit and financial advisory practice, in a statement. “We’ve found that the best way to begin and demonstrate the clear, bottom-line value that automation tools deliver in regulatory compliance processes is to start small: identify a simple, small-scale process to automate and present the use case to leadership to pave the way for broader applications across the organization.”
The survey found that the following areas, given their simplicity and accessibility, were seen as the optimal starting points to equip SOX compliance teams: IT application controls (43%), accounts payable process (42%), IT general controls (41%) and the account reconciliation process (37%).
The digital leaders are organizations that seem to have higher levels of maturity in the use of technology and innovative practices. They reported seeing a lesser impact of increasing hours, suggesting they are gaining advantages through greater use of technology such as in the SOX compliance process.
Among these digital leaders, the survey found that 56% said that their use of technology tools had changed over the past year, compared to 41% for all others polled. When asked whether technology tools had been used in testing of controls to comply with Section 404 of SOX, which requires audits of internal controls, 51% of the respondents in 2021 said yes, compared to 46% in 2020. Among the group seen as digital leaders, 66% said yes, compared to 45% for all others.
