Sarbanes-Oxley compliance costs and hours continue to rise, but there are significant opportunities to make measurable, meaningful changes in the form of technology, automation and alternate sourcing strategies.
Protiviti’s annual SOX Compliance Survey benchmarks compliance costs, hours, processes and improvements, including how these areas are affected by current business conditions. This year’s results show that costs, along with the hours that internal audit teams devote to SOX compliance, continue to increase across most, if not all, company sizes, industries and reporting types.
Escalating compliance costs, time and efforts have a silver lining: They are driving more investments in automation and technology tools that generate greater efficiencies — and potentially cost savings as well as effectiveness and coverage benefits — into the SOX compliance process. Our data indicates that technology tools currently support an average of one-fourth of SOX compliance work across all companies, and a majority of programs deploy audit management and/or GRC platforms. We also see a rise in outsourcing, with 46% of organizations relying on third-party service providers for SOX testing.
Important takeaways from our research:
- Costs continue to climb due to a range of factors: A combination of internal and external factors creating volatility — technology-driven transformation and innovation, talent shortages, strategic pivots and more — is contributing to rising SOX compliance costs. More companies spend $2 million or more on compliance while fewer spend $500,000 or less.
- Hours on the rise as well: A majority of organizations increased the number of hours logged for SOX compliance during their most recent fiscal year. This growth is driven by the same factors contributing to rising compliance costs.
- A growing number of companies are deploying automation to support SOX work; more should follow suit: Automation platforms and applications bring greater efficiency to SOX compliance activities. The deployment of process mining, advanced analytics, robotic process automation and continuous monitoring, along with other advanced technological tools, can significantly reduce the volume of manual compliance tasks as well as retention risks associated with subjecting internal full-time staff to heavy loads of repetitive, task-driven work.
- A widespread desire for efficiency is kindling interest in centers of excellence and alternate sourcing strategies: The ongoing goal to moderate SOX compliance cost increases makes alternative delivery models for SOX compliance services more appealing. In addition to investing in supporting automation, efficiency-minded compliance and internal audit leaders are evaluating and adopting internal shared services models as well as partnerships with third parties that operate external centers of excellence for controls testing.
More than 560 audit, compliance and finance leaders and professionals, representing a wide range of industries, participated in Protiviti’s 2022 Sarbanes-Oxley Compliance Survey, which was conducted online in March and April of 2022.
AuditBoard, a leading cloud-based audit, risk and compliance management platform, collaborated on the 2022 Sarbanes-Oxley Compliance Survey questionnaire and report. Protiviti and AuditBoard formed an alliance in 2019 to collaborate in providing organizations with a comprehensive solution of software, consulting and thought leadership for advancing their SOX and internal audit initiatives.