SOX Compliance: Challenges and Benefits

Exploring the challenges and benefits of SOX compliance through the use of spreadsheets, auditor independence to technology


As surprising as it may sound, the Sarbanes-Oxley Act (SOX) has been around longer than cryptocurrencies, and yet publicly listed corporations and those considering going public are still grappling with the financial services compliance law. So much so that the 2020 Protiviti survey states that 65% of the 650 audit, compliance, and finance leaders polled reported a 10% increase in SOX compliance hours over the previous year. Increased demands, regulatory requirements, and shifting market dynamics have all made SOX compliance processes an unstable target. And, when you add a corporate activity like entry into new markets, mergers and acquisitions, and digital transformation to the mix, it is easy to see why SOX internal controls remain a costly and challenging undertaking. Here are some key challenges that come with SOX compliance. 


Excessive Use of Spreadsheets

Spreadsheets have been a vital component of the SOX compliance audit process since 2002, and it still is, thanks to their ability to link data across multiple documents and automate routine tasks. However, modern audit projects now demand more attributes and information regarding controls, and the labor-intensive, error-prone manual methods can result in version control difficulties, partial or missing data, errors, lost data, analysis of incomplete data sets, and process owners being kept in the dark. This, according to the survey alone, contributes majorly to the increase in SOX compliance hours.


Minimum Usage of Technology

According to the survey, technology is primarily used in testing the accounts payable process by 48%, financial reporting process by 43%, and account reconciliations process by 43% of the survey respondents for SOX compliance while leaving a vacuum for other areas of the process. This signifies that the lack of automated processes and controls and technological tools to evaluate controls that can help achieve long-term efficiency, greater accuracy, and significant time and cost savings are either not adopted or not apt enough for most businesses. As a result, many organizations still need to embrace automation in various aspects of the SOX compliance process, including for all internal SOX compliance activities and those performed by external auditors, to reduce their costs and challenges. 


Ever-changing Regulations

The Public Company Accounting Oversight Board (PCAOB), created by the Sarbanes-Oxley Act, monitors audits of public corporations and other issuers to safeguard investors' interests. However, according to the Harvard Law School Forum on Corporate Governance, many people are concerned about the PCAOB's ever-expanding supervision and reforms. The forum also claims that external auditors' monitoring has also increased the amount of effort and money required to comply with SOX.


Despite the challenges, organizations are recognizing the benefits of SOX compliance in a variety of ways:

  • Increased Corporate Governance – According to a Securities Exchange Commission (SEC) study, prior to SOX, just 51% of public companies had audit committees utterly independent of management. Then, SOX mandated all publicly traded firms to establish an audit committee with independent members and include at least one financial expert. As a result, today's audit committees are better prepared to produce accurate and fair financial reports, thus enhancing corporate and information governance solutions by forcing audit committees to be more regulated.

  • Increased Responsibility – SOX compliance protects investors by holding CEOs to a higher standard of accountability and expecting them to personally certify financial reports. And since fraud is penalized severely, the self-responsibility amongst the executives has grown.

  • Auditor IndependenceSarbanes-Oxley compliance enhances auditor independence by prohibiting audit firms from performing financial, actuarial, or managerial activities for the corporations they audit.

Fewer Financial Restatements – According to a Protiviti survey, since the Sarbanes-Oxley Act, the number of financial restatements has steadily decreased, from 1,851 in 2006 to just 737 in 2015.

Comments

Post a Comment

Popular posts from this blog

How Financial Services Sector Can Reduce Costs and Time in Operations

Since the global financial crisis of 2008, bank profit margins have remained considerably low in the United States and other advanced economies. One of the biggest reasons is that the expenses have been outpacing revenues and, especially in Europe, the average return on equity of banks has dropped to undesirable lows. Furthermore, regulatory compliance and high levels of expenditure due to the suddenly remote workforce and increased risks due to defaults, insurance claims, client insolvency, and other factors added to the pressure. Therefore, the financial sector must act fast to increase profits, or be forced to continue laying off staff, which reached half a million last year, since 2014.  The profits can be increased in many ways, such as streamlining offerings, digitizing processes, seeking low-cost organic growth, and scaling up through mergers, acquisitions, and partnerships. But apart from increasing the profits, cutting costs can also help the financial services industry bette
Read more

The Role of a Compliance Strategy in Mitigating Cyber-Attacks

  Discussing why, now more than ever, privacy compliance procedures are required to combat cyber-attacks Cyber-attacks are not uncommon in today's day and age. However, because of the COVID-19 pandemic, cyber-attacks have skyrocketed, with some reports suggesting a 600% rise . At the same time, some anticipate that IoT cyber-attacks will double by 2025. And, with a 0.05 % rate of detection (or prosecution) of such attacks in the United States, it is difficult to conceive the devastation produced by even a modest increase in attacks. So, what do we do? Create a systematic compliance effort for your company. A structure that ensures, at the very least, the following: Having a Comprehensive Compliance Strategy Many businesses do not have a centralized plan in place to ensure data privacy compliance that is simple yet comprehensive, integrated, quantified, and centralized. This may be achieved by developing a high-level set of principles and documents that outline the measures that m
Read more

Traversing Through eDiscovery Data Sources Amid the Hybrid Work Environment

  A look at eDiscovery data sources, the issues they provide in today's hybrid work environment, and possible solutions The COVID-19 pandemic unleashed a tsunami of new technologies, software, procedures, methodologies, and upgrades to old ones, allowing the world's suddenly remote workforce to interact and collaborate more effectively . Meanwhile, cloud service providers saw an unprecedented increase in product utilization since businesses now require it more than ever. However, after almost two years, as we transition from completely remote work culture to a hybrid or back-to-office work culture, companies are yet again struggling. This time, the concern is the ever-increasingly complex regulatory compliance environment. And it only requires more severe and strong systems and procedures to cater to the massive surplus of eDiscovery data sources generated recently. Amid this chaos are the legal professionals, specifically the eDiscovery and compliance teams. They are entruste
Read more