Driven by the fallout from the Public Company Accounting Oversight Board (PCAOB) inspection reports of audits over financial controls and requirements to implement the updated COSO internal control framework, companies are facing significant new challenges around their Sarbanes-Oxley (SOX) compliance efforts, according to findings in a new survey by global consulting firm Protiviti.
Nearly half of the 600 respondents (48 percent) reported that their organization has yet to begin applying the new COSO framework to their key controls. More than half (52 percent) of those who indicated they have begun to implement the COSO framework reported that this effort will increase the amount of resources their organization devotes to SOX compliance.
“A surprising number of companies underestimate how much time and effort goes into the implementation process to apply the new COSO framework to internal controls,” said Brian Christensen, executive vice president at Protiviti and leader of the firm’s Internal Audit and Financial Advisory practice. “Our survey findings suggest a large number of companies are not being attentive enough to these changes and may be behind where they should be in the process.”
Among the companies in the survey that faced significant changes to their SOX compliance programs, the majority attributed the changes to the impact of the PCAOB’s inspection reports of external auditors that found deficiencies in recent audits of internal control over financial reporting. Forty-seven percent of these survey respondents said that they “very much” believed that these reports were a cause for significant changes.
The SOX compliance areas most affected by the PCAOB inspection reports were: Testing review of controls (26 percent indicated extensive/substantial impact; 32 percent indicated moderate impact) and IT considerations (25 percent extensive/substantial; 30 percent moderate).
These two areas also ranked highest in terms of additional time and effort required based on the impact, which drives up the cost of compliance. Nearly half of respondents report these costs are rising, with 41 percent reporting increases of 20 percent or more – a significant year-over-year jump based on past survey results. This is the fifth SOX Compliance Survey Protiviti has conducted.
“The PCAOB inspection reports had a tremendous impact on the way companies handled SOX compliance in 2013, and we foresee that continuing,” said Christensen. “However, the costs are still expected to be manageable going forward, in part because companies are continuing to work to improve their efficiency.”
Organizations in which the audit committee has primary responsibility for SOX compliance increased year-over-year between 2013 and 2014 from 11 percent to 18 percent. Conversely, organizations that allow their project management office to be primarily responsible decreased year-over-year from 10 percent to 5 percent.
Meanwhile, automated controls remain powerful tools to ensuring a strong internal control environment, and over time prove not only highly effective, but efficient as well. According to the survey results, 83 percent of organisations have plans in place to automate either a broad range or selected IT processes and controls.