3 Crucial Tips from the 2018 State of the SOX/Internal Controls Survey
SOX and internal controls professionals know the importance of their work, but proving how valuable it is to key internal stakeholders—such as the CFO or CEO—can be challenging.
With that in mind, the SOX & Internal Controls Professionals Group, EisnerAmper, and Workiva collaborated to publish the 2018 State of the SOX/Internal Controls Market Survey. Inside, you will find the necessary facts and benchmarks your team needs to stay agile, modern, and prepared for an evolving risk landscape.
Here is a summary of three major takeaways from the survey, including actions you can take to reduce risk in your organization.
1. Co-sourcing compliance is popular and effective
The 2018 survey reveals an uptick in the co-sourcing of compliance—in other words, internal and external teams are collaborating at a higher rate. Compared to the 2017 survey, about 10 percent more respondents reported a co-sourced internal audit model, and 29 percent of respondents reported using a co-sourced model for their SOX compliance.
This increase of co-sourced work has its perks. Survey respondents who perform their internal audit function in-house or co-sourced reported fewer, on average, time-consuming, costly significant deficiencies and material weaknesses.
Why the growth in outsourcing? The survey posits that the introduction of new regulations, such as ASC 606, may have prompted companies to invest in outside parties for assistance. In terms of which internal audit and compliance activities are being co-sourced, the function most commonly handled in-house was reporting to the audit committee, while the top co-sourced function was testing controls.
Key lesson: Use software that allows teams to collaborate easily, whether inside or outside your organization, to simplify the process of handing off vital documents and to save time.
2. Manual processes burden internal controls
When you have to do the same complex process over and over without the assistance of tools, you are bound to slip somewhere along the line. One command-v in the wrong spot, and the integrity of your entire final report is in question.
As the 2018 State of the SOX/Internal Controls Market Survey found, manual processes are responsible for the majority of internal control failures—more than poor control design or circumvention of existing controls.
Unforeseen circumstance and human error were on the rise over the 2017 State of the SOX/Internal Controls Market Survey, rising 8 percent and 10 percent, respectively. Poor control design dropped 5 percent from the 2017 survey as well.
Key lesson: Automate the small, rote tasks your team conducts and get more time back for valuable work—and prevent manual error along the way.
3. Desktop software is on the way out
If you are still using traditional desktop software to manage compliance, you are now in the minority, according to the survey. Companies that have made the switch to cloud SOX compliance keep a single master document of all necessary work and access their work from anywhere, among other benefits.
The use of manual desktop tools such as Microsoft® Excel to gather, analyze, and present data has declined a stunning 20 percent from the 2017 survey. Only 46 percent of the SOX and internal controls professionals use desktop tools, while 17 percent use SOX-specific software, 14 percent employ GRC software, and 7 percent have a homegrown system.
Key lesson: Make the change to cloud compliance to save time, eliminate redundant work, and improve collaboration.
What this means for you
These three major takeaways from the 2018 State of the SOX/Internal Controls Market Survey point toward the importance of collaboration—both with the tools your team uses and with the outside parties used to help get work done. Through more reliable tools and more agile teams, the state of the SOX and internal controls market has never been stronger.
Read the full 2018 State of the SOX/Internal Controls Market Survey to discover more valuable stats, including internal audit team models, the cost of compliance, how many auditors most teams have, and more.
Excel is a registered trademark of Microsoft Corporation in the United States and/or other countries.