Optimizing SOX Compliance Using Digital Tools

For over two decades, public companies have allocated time and resources to comply with the Sarbanes–Oxley (SOX) Act, which aims to “protect investors by improving the accuracy and reliability of corporate disclosures.” As the SEC and PCAOB have issued additional guidance over the years, companies face a growing administrative burden in meeting SOX compliance requirements. 

However, there is an opportunity for organizations that have higher levels of digital maturity in the use of technology and innovation to accelerate their SOX optimization efforts and realize a broad range of benefits including:

• Efficiency gains to drive down the cost of SOX compliance
• Increased risk coverage
• Real-time control monitoring 
• Talent upskilling and job satisfaction

Reimaging an Efficient SOX Program

Challenging current SOX processes, rationalizing the number and type of controls, identifying key hurdles to a more sustainable SOX program should be an ongoing and continuous process. However, the effort to take a deeper look into an organization’s SOX program can be laborious and time consuming coupled by a natural resistance to change.

Nonetheless, the advancements of digital technology and data analytics can be used to help organizations assess their Risk and Control environment and identify control automation and rationalization opportunities. A clear understanding of challenges and opportunities helps organizations compare their SOX compliance program to current leading practices to achieve substantial efficiencies and ROI.     

Automation Enhances Controls

Companies can incorporate automation into their SOX compliance program to significantly reduce their burden of control execution and testing efforts. Automated monitoring helps organizations take a proactive approach to risk management by identifying and mitigating risks as they arise, which highlights the return on investment of a program refresh. 

Below, you can see a list of business and IT processes that are great candidates for control testing automation and continuous control monitoring:

• Segregation of Duties
• User Access Reviews
• Financial Reconciliations
• Financial Variance Analysis
• Manual Journal Entries  
• A/R and A/P
• Change Management
• Vendor Management
• Anti-Money Laundering

A New Process Creates Opportunities for Upskilling

Upskilling has emerged as an effective way for organizations to attract and retain employees at a time of upheaval in the labor market. Automating the SOX compliance process reduces the manual task workload, opening opportunities to upskill employees for value-added work and analysis. In this way, digital transformation presents a chance for organizations to upskill and train Internal Audit team members.

Offering additional learning opportunities in Data Analytics and Automation can help employers increase their digital IQ and equip more staff members with the skills to drive the digitization of compliance processes. Upskilling Internal Audit team members can help companies prepare to address future SOX guidance from regulators while building the Compliance workforce of the future. 

An Opportunity to Optimize

Organizations that incorporate today’s analytics and automation technology into their SOX compliance program are well-positioned to maximize ROI and staffing initiatives for greater efficiency and resiliency.

Tools such as BDO’s web-based SOX Insights solution is available for companies looking to reduce the cost and disruption of SOX compliance at a time when economic and staffing considerations are top of mind. The tool helps organizations:

• Rightsize their SOX controls program
• Identify areas where controls can be rationalized and automated
• Visualize a SOX optimization roadmap
• Calculate expected savings and ROI from the use of digital tools