When a company seeks to streamline its SOX and internal controls environment by implementing a software solution, it is often because the team has difficulty managing its controls offline and is experiencing the common pain points: version control, data redundancy, change management, decentralized files, etc. If finding a solution to automate your SOX environment is a priority, it is important to consider both the advantages of a software solution and the potential drawbacks, such as cost, implementation time, and whether it will really reduce the amount of time spent managing your program or not.
This article will explore four common mistakes companies make when buying SOX software, and will incorporate feedback from our customers who have gone through the implementation process. Keeping these proven lessons in mind will help you make more informed decisions during the buying process and ultimately help you purchase a true value-add solution.
1. Not Thinking Critically About Customer Support
SOX implementations are unique. Customer support teams are dealing with high volumes of data and possibly thousands of spreadsheets as they build out your environment. The first, and arguably most important, step of an implementation involves cleansing your data prior to the upload. This involves the nuanced process of reviewing your existing environment to identify inconsistencies, duplicates and areas where things can be streamlined and standardized to adhere to best practices. Only after your data has gone through an extensive standardization process will you be able to migrate it into your new software.
For this reason, when it comes to implementing SOX software, having a strong customer support team is not enough - you need people who understand your data beyond the zeros and ones. You need a team that understands the extremely complex world of SOX and internal controls to be able to effectively synthesize your data before uploading it to the tool. Not recognizing the importance of a Customer Support team with a strong internal audit background can have negative consequences. After investing in software and putting in time and resources towards implementation, you could end up with a program that:
- Has inconsistent and redundant data
- Does not satisfy your business and operational needs
- Does not live up to your expectations and investment
- Results in more admin time spent managing the new software than your old manual environment
As you research different tools, ask questions about the Customer Success and Implementation Teams. Understand what type of services and support they provide and how they will work with you to migrate your SOX data into their tool. Ideally, the Customer Support team will be comprised of dedicated specialists who come from backgrounds in Internal Audit and who have had experience converting environments for similarly sized companies.
2. Not Seeing How Your Data Looks Inside the Tool
An important step during the evaluation process is to see how your data looks inside the tool. Keep in mind that sales teams can promote features during the demo that have not been fully developed for production, or that may work differently once you are onboarded. A tool may have features that sound like they could be impactful for your SOX program such as flowcharting or PDF markup features, but it is important to see how these tools work with your data in the system.
Through test driving the tool with your data you can quickly determine whether it is working the way it was promised, which will be a strong indicator of whether your implementation will be a smooth process. As you test drive a tool, a few things to keep in mind:
User experience: Are the menus complicated or easy to understand? Is the interface intuitive or clunky? An underwhelming or flawed user experience can create further inefficiencies and challenges to everyone using the tool.
Performance: Do pages load seamlessly or is there a lag? Does this change as your environment grows? Organizations should look for lackluster performance, processing speed, and usability when evaluating a new tool to prevent such surprises.
3. Falling For Pricing Traps
Oftentimes, sales proposals and contracts are written with the intent of being vague and with options ranging between per-user and enterprise license pricing. Basing your decision on the initial enticing cost of a per-user licensing model can end up being detrimental for your overall program, for several reasons:
- A mature SOX environment can sometimes have upwards of 500 users across the internal audit team, co-sourced partners, external auditors and process owners. In a per-user model, to prevent rising costs, an organization is discouraged from adding more user licenses and has to decide who gets a license and who doesn’t. The benefits of a solution become harder to realize if not all the users that should be using the tool are given access.
- The inability to coordinate with process owners and the business units will only limit the effectiveness of the overall SOX effort.
- The short term benefit of cost savings will ultimately prevent the audit team from fully utilizing the application in the long run by not rolling it out to the right users.
- Most user-based pricing models are designed to go up throughout the year, as many organizations onboard new people and expand the scope of their projects.
For example, narratives and control descriptions should be drafted and validated by control owners. However, in an environment with limited user licenses, the audit team will need to act as liaisons with the control owners throughout the process to shepherd those changes throughout the various spreadsheets and files.
When buying software, you should focus not only on what your pricing looks like today, but more importantly, what it will look like over time. An ideal solution will have a transparent enterprise pricing model with unlimited users and unlimited data. This gives you insight into what your pricing is going to be today, as well as at the end of the year and beyond.
4. Not Looking For A Solution That Was Purpose-Built For SOX
When SOX was rolled out in 2002, the existing task management and data analytics tools on the market were simply modified to accommodate the SOX audit workflow. Because these tools were not purpose-built for SOX, they lacked the intuitive interface and SOX-specific features that would help auditors streamline their SOX programs.
Even with improved automation and project management best practices, SOX is a challenging program to manage and perform. Audit fatigue affects people beyond the testing team. Relationships often get strained because of poor communication while staff become unmotivated due to the heavy administrative burden of updating multitudes of spreadsheets. The CFO and senior leadership often become frustrated with the lack of transparency and resource constraints impacting the business.
When evaluating your SOX solution, make sure to ask your sales rep about the software’s underlying architecture to understand how the solution was designed for SOX. Mediocre solutions will require more support requests, bug fixes, and enhancements or “customizations” to meet your needs which will increase the cost of the tool, while a purpose-built solution will meet the majority of your needs with the out-of-the-box offering. The product’s features will work intuitively to meet the complex requirements involved in managing a SOX engagement.
Investing in SOX or internal controls software is a big decision, not only from a financial standpoint but also in terms of the potential impact it can have on improving your internal audit team’s productivity and ability to add value to your company. Most solutions on the market today deliver half their promised value and ultimately end up costing audit teams more administrative time than if they had stayed on their manual environments.
If you are looking for a purpose-built SOX software solution to manage your internal controls environment, AuditBoard is the industry-leading solution with the fastest implementation time on the market. Our Customer Support and Onboarding teams are comprised of experienced internal auditors and our enterprise pricing model includes unlimited user licenses as well as unlimited data. AuditBoard will empower your team to begin automating their internal controls environment right away and will help free up your people to spend more time on true value-add activities.