Sarbanes-Oxley compliance is not the stagnant and predictable process it was once assumed to be. Protiviti’s 2016 SOX Compliance survey reveals that Sarbanes-Oxley has become an increasingly expensive and time-consuming process for many businesses. Increased scrutiny by the PCAOB, the updated COSO framework requirement, and changing external audit demands are forcing companies to readjust their SOX Compliance strategies. Below, we break down the 2016 Protiviti survey’s top three takeaways, and what they suggest.
Hours (Continue) Rising
55% of Public companies reported hours devoted to SOX compliance increased. 68% of public companies reported hours devoted to SOX compliance increased more than 10%. This may be due to increased scrutiny by the PCAOB. Another possible explanation Protiviti puts forth for increased hours is the ongoing implementation of the new COSO internal control framework. Both possible scenarios lead to more testing and increased documentation and evidence requests, which lead to more administrative hours spent on SOX.
What the rising hours means is that as companies look ahead to 2017, they must weigh the value of attempting to streamline SOX against the cost of letting it continue to bleed out a considerable amount of Internal Audit’s resources year after year. For most companies, saving a thousand resource hours on SOX each year can lead to invaluable benefits, such as having more time to focus on operational audits or value-add activities that can significantly benefit a company.
External Audit Costs are Rising
External audit fees increased for half of all large accelerated and accelerated filers. When SOX first came into effect, the costs were high, followed by a period of stabilization. However, in recent years costs have surged. One reason Protiviti puts forth is that external auditors are digging deeper for supporting documentation compared to prior years. Another reason is that audit testing is on the rise, as seen in the PCAOB’s latest inspection reports around information produced by the entity - which leads to additional work for auditors. As noted in Compliance Week, this increase in SOX costs is the new normal. However, costs will begin to stabilize as companies figure out how best to comply with the new requirements.
What these factors ultimately become are incentives for companies to seek out ways to reduce costs. There will be a renewed effort by companies to look for ways to stabilize and reduce SOX costs to a sustainable level. Which brings us to the next point.
Organizations are Rethinking SOX Compliance Strategies
Well over half of the organizations responded that they have plans to automate manual processes and controls in fiscal year 2016. Among those, large percentages of non-accelerated filers and emerging growth companies indicated plans to automate their manual processes and controls.
What this means is companies are being strategic in asking more questions about automating controls in an attempt to combat rising costs and improve efficiency. What this also indicates is that organizations are willing to consider looking beyond their current processes to streamline their SOX processes. This means being receptive to solutions such as leveraging software to reduce the SOX time sink, being willing to look at strategic innovations in how to manage SOX, and attempting to reallocate the internal audit workload, as outlined in the article “How to Leverage Technology to Reduce SOX Efforts.”
As internal audit professionals review these new survey findings, they can be assured that the landscape of SOX solutions has evolved since SOX first passed. SOX professionals should not be deterred from seeking out solutions to streamline SOX out of fear of poor product fit or cost - instead they should educate themselves on the practical, proven methods in SOX automation that exist. To learn more, visit SOXHUB’s solutions page.