Since the beginning, SOX has been a resource-heavy program. To roll out a SOX compliance program requires thousands of hours from Internal Audit groups and process owners, plus additional hours to maintain SOX documentation and testing year after year.
Like other activities performed for an organization’s various functions, SOX is extremely technical in nature, requiring very experienced and knowledgeable resources to help administrate and manage the effort. However, one thing that is glaringly overlooked is just how mired in administration SOX can be.
On average, for every 6 hours an internal auditor spends testing or evaluating an issue, they spend 4 hours sending, collecting and tracking management evidence requests, preparing status reports, creating test templates, searching for files and – most time-consuming of all – cleaning up version control issues and reconciling their RCM and controls documentation. The #1 reason why SOX is so administrative is that these programs are currently being managed through the use of over 3,000 spreadsheets and hundreds of shared folders. Meanwhile, these highly experienced and expensive SOX personnel spend significant amounts of time each year cleaning up, formatting, and reconciling the multiple versions of spreadsheets.
What does this all mean?
An average company with 200-300 key controls, that spends 10,000 hours on SOX management each year, is spending 4,000 of those hours on administrative, rudimentary tasks, such as cleaning up and formatting spreadsheets and managing document files.
This atrocious number begs the question of how companies can reduce these 4,000 hours and enable their IA function to perform more value-add activities – like operational audits or other special projects. As so many other departments in enterprise have come to realize, there is one real, final solution: to identify and leverage the right technology solution that can automate these tasks. Ideally, a solution that can facilitate or altogether eliminate the administrative activities required to complete SOX.
Enterprises have increasingly turned to technology to solve administrative processes where the tedious nature of the work was once considered a necessary manual activity. So why is it that the concept of using software to improve efficiency for departments such as accounting, inventory management, payroll, tax, and sales management cannot also be applied towards a company’s SOX program?
Last year, audit professionals reported a rise of at least 16% in the amount of time their organizations spent addressing SOX compliance. As the PCAOB continues proposing new standards in 2016, these SOX hours will only continue to increase over time. Considering the environment of SOX management today, there is no better time than now for internal audit and accounting departments to think critically about changing how they manage their SOX programs today and how they can effectively reduce administrative tasks and overall inefficiency.