Today, nearly every company has some degree of control automation configured to perform either a preventive or detective function. Automated controls are commonly found in critical areas like backup of application files, network security, and change management.

Their use is highly recommended in these processes to ensure consistency and reliability of operations. Furthermore, with the rapid integration of ERP systems in modern companies, use of automation in activities such as procurement 3-way matches, workflow approval routing, and data field validations has become widespread.

SOX compliance efforts benefit immensely from the existence of automated controls in a company’s internal control environment. Both from a time and cost perspective, automated controls dramatically improve the efficiency of SOX compliance and testing, especially in companies that have deployed powerful ERPs, such as SAP and Oracle. However, many companies have not optimized their internal control environment to take advantage of the configurations available within their ERP platforms. A company’s internal auditors do not have the technical expertise to advise process owners on the best ways to utilize the ERP’s automation features.

Companies that have successfully optimized their control environment through automated controls have realized tangible benefits in their SOX compliance process. Some of these benefits include:

Increased External Auditor Reliance

An increase in automated controls has a direct impact on the degree of external auditor reliance. The PCAOB, through AS5, clearly points to the advantage of having automated controls in an audit of internal controls by saying “an automated control would generally be expected to be lower risk if relevant information technology general controls are effective.” In order to rely on automated controls, it is essential that there is a host of underlying IT general controls that are working effectively.

Increased Operational Efficiency

The existence of automated controls in an internal control environment ensures employees are spending more time on strategic initiatives rather than working long hours on manual, repetitive tasks. Automated controls also drastically reduce the odds of human error and fraudulent manipulation. Additionally, they greatly simplify the knowledge transfer process required during a transition of roles among employees.

Reduced SOX Compliance costs

Studies have shown that reducing manual controls has a significant impact on the SOX Compliance spend of a company. Manual processes that constantly require the involvement of employees, consultants, or auditors are not sustainable. In the long-run, having automated controls is more stable, largely because this enables a repeatable, reliable, and predictable framework while significantly lowering the cost of compliance.


John Kim
About the author: John Kim, CPA is a SOX Subject Matter Expert and Technical Sales Director at AuditBoard. He has over 10 years of experience in Internal Audit, first as a Risk Assurance Manager at PricewaterhouseCoopers and then as the Senior Manager of Internal Audit for Zynga.