Jack Welch, former chairman and CEO of General Electric, once remarked, "Change before you have to." This sentiment rings true with the rise of generative artificial intelligence in finance.
While basic automation has driven incremental changes in recent years, those who do not look to the future of gen AI may miss opportunities to revolutionize compliance with the Sarbanes-Oxley Act of 2002. By streamlining tasks such as risk assessment, control testing, and reporting, gen AI has the potential to increase efficiency across the entire SOX lifecycle, accelerating improvements that might have otherwise taken much longer. Ultimately, GenAI may have the potential to extract more value from the SOX compliance process by providing insights that can drive more informed business decisions.
Since its inception, SOX has provided safeguards for financial transparency by imposing controls, but staying compliant has been a challenge for many companies due to limited resources and evolving regulations. Artificial intelligence is changing the landscape. By offering automation that simplifies routine tasks, accelerates research and streamlines documentation, AI and gen AI applications are making SOX compliance less time-consuming and more efficient.
Let's explore how these tools are transforming compliance and potentially resulting in better business outcomes for both established and newly public companies.
Gen AI's role in streamlining SOX compliance
Gen AI's transformative impact is already taking root. According to Deloitte's
The speed is incredible, too. Gen AI and AI tools can accelerate traditional processes, offering the ability to more quickly research and track regulatory updates, near real-time automated updates to SOX program materials and documentation, and rapid analysis of internal controls. With AI and gen AI, tasks like control assessments, which once took days to complete, can now be drafted in a matter of minutes, improving efficiency, reducing risk and enabling professionals to spend more time on strategic operations and more complex tasks. Ultimately, this may improve financial decision-making over time as well.
Easing SOX compliance for newly public companies
Newly public companies can find it difficult to simultaneously build an effective SOX compliance program and meet the many requirements that come with going public. These companies need to prioritize SOX by establishing strong internal controls over financial reporting, which can increase accuracy in disclosures and help manage risk effectively.
As risk, control and compliance frameworks are critical to SOX compliance, gen AI can help create an effective framework by efficiently providing answers to complex compliance questions. Moreover, newly public companies can enhance SOX compliance processes by automating portions of key tasks like generating initial drafts of documentation, analysis and communication. Gen AI tools can convert process data into draft reports, generate visual diagrams and provide control insights, making it easier for SOX teams to assess and refine compliance controls. These tools can also clarify technical guidelines and identify potential gaps, allowing for timely adjustments.
By managing these complex tasks, compliance teams can focus on strategic oversight, improving both efficiency and accuracy in managing compliance and risk.
The future of SOX compliance
Since the law was enacted in 2002, many organizations have found SOX compliance and the process of appropriately addressing risk to be challenging and time-consuming. But now and in the future, gen AI's ability to streamline and automate labor-intensive tasks — guided by accounting and audit professionals grounded with skills such as core judgement, skepticism and transparency — provides an opportunity to enhance SOX program efficiency, broaden capabilities and reduce costs traditionally tied to compliance.
As these technologies evolve, companies may be able to reallocate resources toward more strategic, complex tasks, while carefully having professionals oversee AI-driven processes to maintain accuracy and mitigate risk.
Furthermore, as gen AI improves SOX compliance, it can assist organizations in extracting value from processes by providing timely insights into potential issues. For example, real-time monitoring and quicker identification of governance, risk and control problems can enable faster remediation before public filings. This proactive approach can not only improve compliance but can also assist in decision-making and operational efficiency.
Also, digital analytics can profile data populations, identifying outliers and driving more-informed business decisions. By leveraging these technologies, organizations can transform SOX compliance from a mere regulatory requirement into a strategic asset that delivers tangible business benefits.
Gen AI's power to automate and speed up manual tasks can boost SOX program effectiveness, expand its capabilities and reduce the costs historically tied to SOX compliance. Through gen AI, employees may be empowered to work more efficiently and focus on strategic and complex tasks, including carefully monitoring gen AI activities to maintain quality and mitigate risks. SOX compliance is being fundamentally reshaped for both established public companies and new market entrants and can ultimately improve business outcomes for companies at any stage of the business lifecycle.