SOX compliance in 2020
Fraser Doig 
Date published: Nov 25, 20
A key market research report delves into the state of SOX compliance in 2020, looking at firms' priorities in managing their responsibilities in recording and disclosing financial data. The Sarbanes-Oxley Act has been in place since 2002 and requires firms to provide accurate financial data and evidence of internal controls to protect that data. These measures are intended to prevent fraudulent practices and restore confidence in the industry after the high-profile ENRON scandal.
The events of 2020 have disrupted the normal running of things as companies had to adapt to dealing with COVID-19 and working safely around the pandemic. With this becoming the ‘new normal’, firms are able to prioritise their responsibilities in relation to compliance and start to look at ways of improving their processes in 2021 and beyond.
SOX internal controls market survey findings
The State of the SOX/Internal Controls Market Survey was undertaken by SOX Pro and Workiva to find out how firms are managing their SOX compliance audit activities in 2020, outlining areas to improve upon. The key findings based on 428 responses are summarised as follows:
- Senior management value their organisation’s SOX compliance program a great deal
- Making their SOX compliance processes more efficiently is a priority
- Tightening IT controls and cybersecurity is even more prevalent in the era of COVID-19, where the majority of staff are working remotely
- Automating Internal Controls and developing a more sophisticated system for managing data is a priority
This outlines what organisations are working towards when it comes to improving their SOX compliance processes and ensuring the security of their data.
Internal controls and the role of the auditor
The survey looked at various aspects of internal controls in relation to SOX compliance to determine how efficient their current measures are. Majority of controls fell into the business controls category. 65% of the participants reported issues with their controls, the main cause for this being a failure to follow correct procedures or lack of monitoring in adhering to the stipulated process.
Internal audit was named as the owner of organisations’ SOX compliance activities in almost half of the responses. Out of these, the majority are involved in testing and implementing new processes in relation to controls and SOX compliance audits.
While using dedicated software to manage SOX compliance is the case for most of the survey respondents, using a system that facilitates proactive change and improvement was less prevalent. This is a key finding, as one of the priorities for improving efficiency is streamlining the management of data in relation to SOX compliance - and the right software will be the answer to this.
Meeting the priorities for the coming year
The survey identified three main priorities for firms in improving their SOX compliance process throughout 2021:
- Looking to improve the way they handle SOX compliance into a more efficient way
- Focusing on IT controls and cybersecurity
- Maintaining the importance of SOX compliance
Evaluating their current processes and the tools used is the first step in meeting these objectives.
Ideagen’s audit management software, Pentana Audit, allows you to automate your SOX compliance activities, acting as a centralised location for all audit data. The centralised system streamlines what you’re already doing to maintain and evidence SOX compliance, allowing you to continuously risk assess your controls and focus on improvement and efficiency in your audit activities.
Resources:
State of the SOX/Internal Controls Market Survey: https://www.workiva.com/resources/2020-state-soxinternal-controls-market-report