Does your company fall under the Sarbanes-Oxley (SOX) act? Created in 2002 in response to the Enron scandal, SOX is a set of
laws meant to regulate the governance of public companies. Since then, SOX has been met with a range of reactions from companies covered by the law, but according to the Protiviti 2016 SOX Survey, it doesn’t have to be all bad for your firm. The Protiviti survey identified some of the biggest SOX compliance issues that companies face including: external audit expense, internal compliance costs, and staff hours needed for this compliance. Based on the survey, let’s see if there are some options to ease those compliance burdens.
External Audit Expense
According to the 2016 Protiviti SOX Survey, many companies saw an increase in external audit expense over last year. Something to recognize when looking at external auditor costs is that auditor focus in given year may be based on the findings of the PCAOB. The Public Company Accounting Oversight Board (PCAOB) is the governing body created by SOX to maintain the regulations and to ensure compliance over time. As the laws adjust, auditors adjust their focus to address new items. Companies benefit by adjusting as well. Recognizing new regulations from the PCAOB that apply to your firm and implementing them early can limit the number of unnecessary controls the auditors have to focus on. Having a governance framework that is aligned with the latest regulations can make for a more efficient process. Aligning your organizations controls with the PCAOB’s priorities can help make audits easier and reduce costs.
Protiviti’s 2016 Survey reported that, on average, last year filers spent between $900 thousand and $1.4 million on internal compliance costs. While these expenditures may be daunting, many spent less than $500,000, while others spent over 2 million. The internal costs of compliance can be made up of a number of things including internal audits, control mitigation, system administration and more. A consistent method for reducing internal compliance costs uses system automation to increase automated controls. This reduces the time and effort that goes into control management. Not every process can be automated, but with a GRC program like Assure from Fastpath, segregation of duties issues can be quickly identified for correction or mitigation. Protiviti’s survey shows that internal control costs can be expensive and time consuming, but there are some great options to reduce those costs.
Finally, the Protiviti survey takes a significant look at the number of staff hours utilized for compliance. Not every business saw an increase this year, and most of those who did were in their IPO stage or first year of SOX compliance. SOX compliance can be viewed as a curse or an opportunity. Leading companies leverage SOX requirements and internal audit time to improve business operations and reporting, not just satisfy SOX minimums. The survey displayed that the majority of filers saw at least a moderate, if not significant improvement in the structure of their financial reporting. Smart firms use SOX to drive improvements across your company.
We have only touched on the information to be found in Protiviti’s 2016 SOX Survey, click below to download the whole report for yourself.