CFO Perspective: Reducing the Cost of SOX Compliance
March 31, 2016
By Mark Kissman, CFO, Pathlock Technologies
More than a dozen years after the adoption of the Sarbanes-Oxley Act (SOX), we would expect the effort expended by organizations to comply decrease over time. However, according to Protiviti’s 2015 Sarbanes-Oxley Compliance Survey, 67% of the 460 audit executives and professionals polled reported an increase in the hours that their organization dedicated last year to addressing SOX compliance.Automation is the key to reducing the cost of SOX compliance while improving overall controlsthroughout the year. As Protiviti points out, automated controls are an important part of a strong internal control environment. This is because they increase the efficiency of operations, improve accuracy and help eliminate fraud. Automated controls are more reliable than manual controls because they are not susceptible to human error or failure.Automation efforts are on the rise. The poll showed a year-over-year increase in large organizations with significant or moderate plans to automate more IT processes and controls. In 2014, 40 percent of large company respondents reported having significant or moderate automation plans; this past year, 58 percent of large organizations described their automation plans as significant or moderate.Savings from automation could be significant. More than half of all large organizations (58 percent) who responded to the poll spent $1 million or more on SOX compliance costs (excluding external audit-related fees) in their previous fiscal year, and 25 percent of all large organizations spent more than $2 million.One area to focus on automating is Segregation of Duties (SoD) because it is a key part of achieving SOX compliance. Automated SoD analysis identifies users who actually conducted transactions that constitute SoD violations. The ability to determine who has the potential to commit an SoD violation vs. who actually committed an SoD violation helps to quickly prioritize the risks that must be addressed first. In addition, capturing SoD transactions in real-time enables organizations to put compensating controls in place and greatly streamlines and simplifies SOX audit prep and reporting.Another compelling benefit of automation is that it not only protects a business from SoD violations throughout the year, it also exposes SoD risk in dollar values that the business can clearly understand and prioritize. A review of SoD for many organizations is a manual process performed once a year. Not only does this take a long time to complete but these companies have no visibility into what happens the rest of the year.SoD automation brings tremendous benefits to virtually every enterprise. Such an approach can reduce costs and improve risk management by ensuring timely, thorough, and consistent reviews, while helping to ensure SOX compliance.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.