Three Tips for Streamlining SOX and Internal Control Testing and Review

Three Tips for Streamlining SOX and Internal Control Testing and Review

With rising economic uncertainty, employee shortages, and ongoing workplace changes, SOX compliance and internal control teams face enormous pressure to do more work with fewer resources than ever before. If these factors were not enough, teams are also challenged with complying with ongoing regulatory changes, which may include new ESG and Cybersecurity financial report disclosure rules soon. The question now becomes, how can teams focus on adding more value to the organization with the same or fewer resources? This article will share three tips to successfully improve SOX/internal control testing efficiency to free up resources for higher-value initiatives.

1. Identify SOX Program Inefficiencies

A good first step to streamlining your SOX/internal controls program is to perform an efficiency assessment of your program. You should be able to quantify how much the company spends on SOX compliance as a whole, including time spent on testing specific controls. Reviewing information such as budget to actual hours spent on control testing, can help you identify inefficiencies and opportunities for automation.

For example, if fieldwork takes longer than expected to complete, this could indicate a need to re-review the design of controls, re-train team members on how to test and review controls, or take advantage of automated testing. We’ve seen automation used often to test large and/or complex data sets, such as journal entries. This enables your team to provide higher levels of assurance by using data analytics to test an entire population versus a sample selection. 

2. Centralize and Streamline Communication

With a remote work environment becoming more prevalent, teams are spread across many locations, resulting in challenges with maintaining effective communication. We have found that teams can improve communication by investing time upfront to develop standardized  workpaper templates and a centralized process for teams to provide feedback/review comments.

Using standardized templates will provide clear guidance on documentation requirements without having to spend a lot of time training or onboarding new team members. In the event that there are changes to team structure due to turnover or other factors, new team members can be onboarded in a consistent manner to avoid inefficiencies, with testing and documentation expectations clear to all parties involved.

Additionally, using one source to provide feedback will streamline the test and review process by centralizing all review notes across controls in one area, eliminating excessive emails back and forth between team members while increasing audit quality and ensuring feedback is appropriately addressed before finalizing testing results. 

3. Leverage Technology to Drive Accountability

Another way teams can streamline the testing and reviewing experience is by encouraging and providing opportunities for testers and reviewers to take accountability for their assignments. AuditBoard’s SOX compliance and internal controls solution includes purpose-built dashboards for testers and reviewers that are automatically updated in real-time to enable team members to quickly see what is in their queue to complete.

Having a dashboard or other type of visual that provides a clear status on your testing plan increases transparency across the team and reduces the opportunity for delays in providing final documentation to external auditors or other stakeholders. Testing delays can result in external auditors changing their testing approach from relying on the internal team’s work to testing controls independently. This means higher audit fees, more time spent supporting external auditors, and less time available for internal team members to focus on other initiatives. 

Within AuditBoard, you can also configure automated notifications to remind team members of outstanding assignments on a predetermined cadence. This eliminates the need to manually perform administrative tasks while freeing up resources for higher-value initiatives.

The Evolution of SOX: Tech Adoption and Cost Focus Amid Business Changes, Cyber, and ESG Mandates

Compounding Benefits of Streamlined Internal Controls Testing

The tips outlined in this article are designed to help your team drive efficiency with fewer resources, however, optimizing your internal controls program can lead to further benefits. One of the most important benefits is a reduction in audit fatigue. Internal controls testing and reviewing involves several different parties including control owners, testers, reviewers, senior leadership members, and external auditors.

Streamlining your program eases the burden on all parties involved and boosts morale. Team members will also have more time to work on other activities that add value to your organization. Having visibility over your entire SOX/internal controls function provides an ideal vantage point to see the whole picture and identify continuous improvement opportunities. With so many potential benefits, there is no reason to delay streamlining your SOX/internal control program with these tips today.  


Kim Pham, CIA, is a Market Advisor, SOX & Compliance at AuditBoard, with 10 years of experience in external and internal audit. She started her career in at Deloitte & Touche LLP., and continued to grow her experience in internal audit focusing on SOX compliance and operational audits at Quiksilver, the California State University Chancellor’s Office, and CKE Restaurants.


Sukriti Billah, CISA, is a Senior Manager of Implementation at AuditBoard. Sukriti joined AuditBoard from EY, where she provided consulting services over SOX cmpliance and performed operational-based internal audits. Connect with Sukriti on LinkedIn.