SOX Pros Say Digital Transformation is the Key Driver to More Efficient SOX Compliance

Rhea-AI Summary

The SOX & Internal Controls Professional Group, in collaboration with KPMG US and Workiva (NYSE:WK), released its sixth annual survey highlighting trends in SOX compliance amid the ongoing impacts of the COVID-19 pandemic. Key findings indicate that 53% of companies shifted to fully remote work, while 62% reported no loss in SOX compliance staff. The average number of key controls increased to 300, driven by company revenue. Despite positivity in compliance adjustments, 75% of practitioners still utilize multiple technologies, and automation remains underutilized, with two-thirds not employing bots.

Positive

• 62% of SOX compliance teams did not experience any loss of headcount.
• Average number of key controls increased to 300, showing a positive trend in compliance efforts.

Negative

• 75% of respondents use multiple systems, leading to inefficiencies.
• Automation and analytics are not widely implemented; two-thirds do not use bots.

Sixth Annual Survey Identifies 2021 Trends in SOX Compliance 

• Companies believe they weathered the pandemic well
• Cybersecurity risks are still a top concern for compliance
• Key controls are increasing and revenue is the driver 
• 75% of SOX Pros use multiple technologies for the SOX processes
• Analytics and automation aren’t yet widely used

AMES, Iowa--(BUSINESS WIRE)-- The SOX & Internal Controls Professional Group today released the findings of its sixth-annual State of the SOX and Internal Controls Market Survey. The survey, which was conducted with KPMG US and Workiva Inc. (NYSE:WK), asked respondents to weigh in on technology challenges, key controls, automation and the effects of COVID-19 on their company’s Sarbanes-Oxley Act (SOX) compliance.

“SOX compliance has been a fixture in the corporate world for nearly 20 years, with no sign from regulators that compliance standards will ease,” said Lauren Uyeno, director of the SOX & Internal Controls Professionals Group. “Now more than ever, SOX compliance leaders need to be a strategic partner for the enterprise; to collaborate across teams and push company leaders to adopt new, automated technology that will reduce risk and directly benefit the first line of defense.”

The COVID-19 pandemic created a major disruption for SOX compliance teams in 2020 and continues to impact business overall to this day. However, most respondents said their compliance teams adjusted quite well to working remotely. 53 percent said their companies moved to a fully remote work policy when the pandemic hit, while 43 percent adopted a partially remote policy. 48 percent said their businesses enacted layoffs or furloughs, however 62 percent responded that their SOX compliance teams didn’t suffer any loss of headcount.

Cybersecurity and IT Controls have historically been among the top three areas of concern for SOX/IC professionals. These too have received increased attention during the COVID-19 pandemic and into 2021 as more companies have restructured teams, moved to remote work, and become more reliant on cloud-based technologies.

This year, respondents reported having more key controls. On average, respondents had 300 key controls, with the majority reporting 250 to 300. In contrast, nearly half of last year’s respondents had less than 250 key controls. Company revenue was a major driver of increased controls. The average number of key controls among respondents at companies with less than $700 million in average revenue was 242. Among respondents at companies with $5 billion or more in average revenue, the average was 536.

Fragmented or inefficient technology continues to be a sore spot for SOX practitioners. 75 percent said they use multiple systems for their SOX processes Multiple systems create unnecessary inefficiencies and increase the risk of mishandling data.

Survey respondents also noted that automation and analytics are still not widely used. Most respondents said their use of data analytics in their SOX programs were still at basic levels for sample selection, scoping, and evaluating severity of control failures. Two-thirds of respondents said they don’t use bots or automated routines at all.

“It’s possible that companies are hesitant to embrace automation because they don’t know where to start,” added Uyeno. “But the proper implementation of technology can strengthen the control environment, alleviate staffing challenges, embed compliance processes into first-line activities, improve reporting and cut costs.”

About SOX & Internal Controls Professionals Group

The SOX & Internal Controls Professionals Group is a global community for in-house professionals to promote thought leadership and create opportunities for members to share best practices with like-minded professionals to help them increase their value and influence across their organizations.

These exclusive professional membership organizations represent more than two-thirds of large U.S. public companies. The member-based professional group was founded by Workiva Inc. (NYSE:WK).

View source version on businesswire.com: https://www.businesswire.com/news/home/20211014005707/en/

Media contact:

Lauren Uyeno

SOX & IC Pro Group

(714) 642-1532

lauren.uyeno@soxprofessionalsgroup.org

Source: SOX & Internal Controls Professionals Group

FAQ

What were the key findings of the SOX compliance survey in 2021?

The survey revealed that companies adjusted well to remote work, with 62% reporting no loss in compliance staff and an average of 300 key controls.

How has COVID-19 impacted SOX compliance according to the survey?

COVID-19 disrupted compliance, but most teams adapted well; 53% enacted fully remote work policies.

What is the average number of key controls reported in the 2021 SOX survey?

The average number of key controls reported was 300, up from last year's respondents.

What are the concerns regarding technology in SOX compliance as per the survey?

The survey highlighted that 75% of respondents use multiple systems, which creates inefficiencies and increases the risk of data mishandling.

Is automation widely used in SOX compliance processes?

No, automation remains underutilized; two-thirds of respondents do not use bots or automated routines.