According to Protiviti’s 2018 Sarbanes-Oxley (SOX) Compliance Survey, released today, most companies are not taking advantage of available tools and technology, such as automated controls and testing and robotic process automation (RPA), to reduce the time and cost expended to achieve SOX compliance. Less than one-third of organizations are using technology tools such as automated process approval workflow, access controls and user provisioning, and nearly two-thirds (63 percent) are still not using technology tools at all in the testing of their controls to comply with SOX Section 404. While RPA promises to automate currently manual and repetitive tasks with higher accuracy, only 11 percent of organizations surveyed are using RPA.
The good news is that nearly half of survey respondents (49 percent) confirmed they are planning to embed technology in their SOX activities by 2019. Also encouraging is the finding that 83 percent of companies in their first year of SOX compliance are using process mining and analytics.
SOX compliance costs and hours continue to go up for some companies, according to the survey. This is due in part to increased external audit costs for more rigorous SOX compliance testing and reporting – attributed to greater demands on auditors by the Public Company Accounting Oversight Board (PCAOB) – and an increase in merger and acquisition activity. The survey analyses these costs based on these and other factors, such as company size, SOX year, number of locations, and other unique circumstances.
Take a look at the infographic below for key findings at a glance. To download the full survey report, visit www.protiviti.com/SOXsurvey.