Audit and finance leaders are investing in automation and advanced technology tools with continued PCAOB pressures and ESG and Cyber disclosure mandates as a backdrop.
MENLO PARK, CA - September 12, 2023 – The fourteenth annual Sarbanes-Oxley (SOX) Compliance Survey, conducted by global consulting firm Protiviti, finds that 74% of organizations are seeking opportunities to further enable automation, while 58% reported an increase in hours spent on SOX compliance in the last year. Companies are prioritizing investments in automation and broader enabling technologies, such as GRC solutions, as well as advanced technology tools, such as artificial intelligence (AI) and machine learning (ML) to support SOX compliance activities and counteract pressure coming from the PCAOB and external auditors to increase scope and procedures. The SEC’s recently adopted rules related to cybersecurity disclosures and hotly anticipated rules related to climate disclosure only increase the potential for expanded scope.
Companies prioritizing automation as a key tool to moderate rising cost pressures are experiencing increased efficiency, effectiveness and a decrease in business and operational costs. Yet when faced with automation opportunities, many audit and finance leaders cite lack of time to explore automation and enabling technologies due to other priorities (39%), the level of effort to implement, train, govern and maintain the new systems (34%), and lack funding and/or executive buy-in (31%).
With Generative AI (GenAI) and large language models (LLMs) now a top technological consideration for business, organizations need to focus on areas including governance, change management and upskilling when pursuing these new technologies. Otherwise, they will struggle to reap the benefits. The increase in hours spent on SOX compliance during the most recent fiscal year underscores the need to create and implement sustainable change through technology tools and automation.
“The investment in technology and automation has the potential to deliver strong ROI – helping to streamline routine tasks, increase the quality and efficiency of communications, enhance the effectiveness of the overall program and allow for a more optimal allocation of resources,” said Andrew Struthers-Kennedy, a Protiviti managing director and global leader of the firm’s Internal Audit and Financial Advisory practice. “There is significant yet-to-be-realized potential through the implementation of automation, enabling technologies and increasingly GenAI and LLMs.”
Cybersecurity & ESG Disclosures Driving Increased Regulatory Scrutiny
Technology and automation have helped companies manage an increasing volume of disclosure requirements from the SEC. The SEC’s recently adopted rules around cybersecurity disclosures highlight the broader changing landscape of non-financial data reporting for SOX compliance and how organizations are preparing for it. In 2022, 41% of organizations were required to issue a cybersecurity disclosure, emphasizing the increasing relevance of cybersecurity in the realm of SOX compliance.
“The SEC rule will, naturally, result in an increase in the information disclosed related to cybersecurity risk management, governance and material incidents. With an ever-evolving cyber threat landscape and an increasing vulnerability footprint for many organization, cyber risk will remain front-and-center with an increasing potential for cyber incidents to have a material impact on financial reporting and SOX compliance.” Struthers-Kennedy said.
When looking at ESG more closely, the survey found that 37% of organizations are already disclosing ESG metrics, however, only 16% have added additional controls to address the SEC’s proposed climate change requirements, a number expected to increase significantly in the upcoming years.
The Protiviti report, titled “The Evolution of SOX: Tech Adoption and Cost Focus Amid Business Changes, Cyber and ESG Mandates,” is based on a survey of more than 560 audit and finance leaders, representing a wide range of industries. The survey was conducted with support from AuditBoard, a leading cloud-based audit, risk, IT security, and ESG management platform, in April and May of 2023.
Survey Resources Available
The annual Protiviti SOX Compliance Survey benchmarks compliance costs, hours, processes and improvements, including how these areas are affected by current business conditions. The survey report is available for complimentary download here, as is a podcast featuring Struthers-Kennedy and Angelo Poulikakos, a managing director and global leader of Protiviti’s Technology Audit practice, discussing key findings from the study.
Protiviti and AuditBoard will conduct a free, CPE eligible one-hour webinar on September 26 at 1:00 p.m. EDT with Scott Madenburg, senior market advisor, AuditBoard, along with Protiviti’s Tom Moon, a managing director, and Laura Price, director, to further explore the study’s results and implications.