Sixth Annual Survey Identifies 2021 Trends in SOX Compliance
The SOX & Internal Controls Professional Group released the findings of its sixth-annual State of the SOX and Internal Controls Market Survey. The survey, which was conducted with KPMG US and Workiva Inc., asked respondents to weigh in on technology challenges, key controls, automation and the effects of COVID-19 on their company’s Sarbanes-Oxley Act (SOX) compliance.
Survey reveals: Now more than ever, SOX compliance leaders need to be a strategic partner for the enterprise.
“SOX compliance has been a fixture in the corporate world for nearly 20 years, with no sign from regulators that compliance standards will ease,” said Lauren Uyeno, director of the SOX & Internal Controls Professionals Group. “Now more than ever, SOX compliance leaders need to be a strategic partner for the enterprise; to collaborate across teams and push company leaders to adopt new, automated technology that will reduce risk and directly benefit the first line of defense.”
Top iTechnology Netwroking News: Menlo Security Research Shows 75% of Organizations Re-evaluating Security Strategy as Remote and Hybrid Working Set to Remain
The COVID-19 pandemic created a major disruption for SOX compliance teams in 2020 and continues to impact business overall to this day. However, most respondents said their compliance teams adjusted quite well to working remotely. 53 percent said their companies moved to a fully remote work policy when the pandemic hit, while 43 percent adopted a partially remote policy. 48 percent said their businesses enacted layoffs or furloughs, however 62 percent responded that their SOX compliance teams didn’t suffer any loss of headcount.
Cybersecurity and IT Controls have historically been among the top three areas of concern for SOX/IC professionals. These too have received increased attention during the COVID-19 pandemic and into 2021 as more companies have restructured teams, moved to remote work, and become more reliant on cloud-based technologies.
Top iTechnology Netwroking News: Red Hat OpenStack Platform 16.2 Now Generally Available
This year, respondents reported having more key controls. On average, respondents had 300 key controls, with the majority reporting 250 to 300. In contrast, nearly half of last year’s respondents had less than 250 key controls. Company revenue was a major driver of increased controls. The average number of key controls among respondents at companies with less than $700 million in average revenue was 242. Among respondents at companies with $5 billion or more in average revenue, the average was 536.
Fragmented or inefficient technology continues to be a sore spot for SOX practitioners. 75 percent said they use multiple systems for their SOX processes Multiple systems create unnecessary inefficiencies and increase the risk of mishandling data.
Survey respondents also noted that automation and analytics are still not widely used. Most respondents said their use of data analytics in their SOX programs were still at basic levels for sample selection, scoping, and evaluating severity of control failures. Two-thirds of respondents said they don’t use bots or automated routines at all.
“It’s possible that companies are hesitant to embrace automation because they don’t know where to start,” added Uyeno. “But the proper implementation of technology can strengthen the control environment, alleviate staffing challenges, embed compliance processes into first-line activities, improve reporting and cut costs.”
Top Cybersecurity News: EfficientIP North America and TD SYNNEX Announce Strategic Distribution Agreement
[To share your insights with us, please write to sghosh@martechseries.com]