The State of the SOX/Internal Controls Market Survey

4 Lessons from the 2019 State of the SOX/Internal Controls Market Survey
4 November 2019

Since 2016, the SOX & Internal Controls Professionals Group has conducted a yearly survey of its members, shedding light on little-seen corners of the profession.

In case you missed it, the 2019 survey was recently released. It is packed with all the benchmarking statistics you are looking for, and it leverages four years of data to foretell where the industry is headed.

Keep reading for four major takeaways from the survey, along with actionable tips on how to put those lessons to use.

1. Desktop software remains the primary tool for SOX compliance

When asked about the primary technology utilised to support SOX processes, the majority of respondents cited desktop tools such as Microsoft Excel®, Microsoft Word® and others.

While this is not entirely surprising—desktop tools were listed as the top choice throughout the four-year history of the survey—the number is on the decline. This reflects the continued trend toward purpose-built tools for SOX and internal controls, including the use of GRC-specific software, which increased to 25% from 14% on the 2018 survey.

What to do now: As desktop software is a major barrier to efficiency, as well as a major source of compliance error, it is time to shift to more connected reporting and compliance tools.

2. The overall cost of SOX/IC compliance is on the rise

On average, SOX compliance costs rose slightly, and more than half of survey respondents report an increase in external audit fees. In the 2018 survey, almost half of survey respondents reported an increase, indicating a year-over-year trend.

As for the cause of the cost uptick, additional PCAOB requirements of public auditors, the adoption of new accounting standards and the demand for internal controls around IT and cybersecurity share the blame, according to the report.

What to do now: The world of compliance will always shift to accommodate what goes on in the overarching world of finance, just as SOX came in the wake of Enron. Take the time today to plan for future changes, and win the support of stakeholders controlling your function's budget.

3. Interest in advanced SOX technology is increasing

While desktop tools are prevalent to the point of ubiquity, more and more professionals are researching, if not outright investing in, modern SOX technology.

The use of data analytics in the SOX function doubled from last year, and more than half of survey respondents are considering the use of continuous controls monitoring (CCM), which automates the monitoring and testing of internal controls.

What to do now: Jumping headlong into the world of SOX technology may be daunting, but it doesn't have to be. Educate yourself on the latest advances in compliance—keep a close eye on the Workiva Resource Library for more.

4. Cybersecurity and IT controls top respondents' priorities

In May of 2019, a malware attack hit compliance software vendor Wolters Kluwer, resulting in three days of downtime. More and more companies are shifting to the cloud to ensure rigorous safeguarding of data. These and other reasons are bringing cybersecurity and IT controls to the forefront of risk and controls leaders' minds.

From a list of nine common challenges, including changing requirements from external audit and a shortage of skilled resources in the profession, a focus on cybersecurity and IT controls bubbled to the top of the list.

What to do now: Take a careful look at your vendor and what they offer from a cybersecurity perspective. Use this checklist as your guide.

Download the full version of the report to see how you compare in other critical areas.

Microsoft Word and Excel are registered trademarks of Microsoft Corporation in the United States and/or other countries.

About the author

Conor has over 20 years of experience as a senior finance executive for multinational corporations. He is a fellow of the Institute of Chartered Accountants in Ireland (FCA). He was also a Member of Council at the Institute of Chartered Accountants in Ireland from 2002–2005.