SOX Compliance: Where Are We Now?

Although Sarbanes-Oxley (SOX) has been on the regulatory scene for more than a decade, organizations are still coming to terms with its implications. And while how companies address it continues to evolve, SOX compliance is a reality that has forever changed financial reporting processes.

So where are we today in terms of compliance activity and its costs? A recent study from Robert Half and and Financial Executives Research Foundation, the research affiliate of Financial Executives International, found 99 percent of U.S. executives expect compliance costs to increase or stay the same over time.

In terms of SOX compliance, findings from global consulting firm Protiviti’s 2014 Sarbanes-Oxley Compliance Survey of more than 600 finance professionals indicate some organizations still have a ways to go to get up to speed.

The survey report highlights four key findings:

1. Companies have been slow to implement the new COSO framework.

Nearly half of respondents report their organizations haven’t begun applying COSO’s 2013 Internal Control – Integrated Framework to their key controls. For those who have gotten started, more than half (52 percent) expect implementing the new framework will increase the total hours their organization dedicates to SOX compliance.

2. The PCAOB’s inspection reports are driving significant changes.

The Public Company Accounting Oversight Board (PCAOB) put into place by SOX is changing the auditing process. More precision and testing of management reviews of controls is being required. Respondents named "Testing review of controls" (58 percent) and "IT considerations" (55 percent) as the top areas most impacted by the PCAOB inspection reports.

3. Compliance costs are going up, but they remain manageable.

Forty-one percent of professionals surveyed reported their SOX compliance costs have gone up by 20 percent or more. However, 61 percent said their organizations manage to spend $500,000 or less annually. By contrast, 28 percent of companies reported spending $1 million or more.

4. Automation is gaining ground, but there’s still room for more.

Automated controls are proving both effective and efficient. Survey results showed 83 percent of organizations have plans to automate some IT processes and controls in the coming year.

In addition, the survey noted a shift in primary responsibility for SOX compliance from project management departments (down from 10 percent to 5 percent) toward audit committees (up to 18 percent from 11 percent).

“The PCAOB inspection reports had a tremendous impact on the way companies handled SOX compliance in 2013, and we foresee that continuing,” said Brian Christensen, executive vice president at Protiviti and leader of the firm’s Internal Audit and Financial Advisory practice. “However, the costs are still expected to be manageable going forward, in part because companies are continuing to work to improve their efficiency.”

How is your organization managing SOX compliance at this stage? Share your thoughts below.

Related Posts