“Seventeen years after passage of the Sarbanes-Oxley Act (SOX), those not involved in SOX compliance might assume that by now it would be a rote activity requiring diminishing effort. They would be wrong.” So begins a recent CFO.com article discussing the results of Protiviti’s 2019 Sarbanes-Oxley Compliance Survey.

In its 10th annual survey of finance professionals, Protiviti made five key findings:

  • SOX compliance costs are trending slightly down, although they remain significant.
  • Overall, SOX compliance hours continue to rise, with some notably significant variations.
  • The use of automated controls testing is increasing, as is interest in deploying advanced technologies to enhance SOX compliance efficacy.
  • More organizations are leveraging outside resources.
  • Cyber security continues to influence SOX efforts.

Looking back at a decade of survey data, the consulting firm notes three broader trends:

  • Despite efforts and expectations to the contrary, the time and resources dedicated to SOX compliance have not decreased notably over the past decade.
  • External auditors’ scrutiny of compliance capabilities continues to intensify, largely due to the PCAOB’s ongoing refinement of auditing standards and related oversight activities.
  • The best opportunity to reduce the hours and costs involved with SOX compliance is through automation and the introduction of new SOX compliance approaches.

While SOX compliance is not likely to become a rote activity requiring diminishing effort anytime soon, Protiviti’s report does optimistically envision what it dubs “SOX Compliance 2.0,” fueled by the use of advanced technologies such as robotic process automation and machine learning in connection with SOX compliance activities.