The Sarbanes-Oxley Act has been in place for more than 20 years, and during that time, compliance costs have continued to increase. While there have been years where gains have been made to curb compliance costs, on the whole, they have steadily increased, and the last two years are no exception. 

Protiviti's 2022 Sarbanes-Oxley Compliance Survey assessing SOX internal costs, hours, and controls polled 536 company representatives and found that 53% reported an increase in SOX compliance hours. The same percentage reported a rise in 2021. 

The survey also found that an increasing number of companies spend $2 million or more on compliance while fewer spend $500,000 or less. The study cited that "a combination of internal and external factors such as technology, transformation and innovation, talent shortages, strategic pivots, and more" has led to this increase in compliance spending.

Additionally, most organizations reported an increase in the hours recorded for SOX compliance, driven by the same factors contributing to rising compliance costs. And compliance teams are also spending more time "responding to requests from external auditors for higher volumes of detailed information, whose scrutiny is intensifying in response to actions of and guidance from the Public Company Accounting Oversight Board (PCAOB)."

More than 50% of companies participating in the 2022 survey are spending more time and money on compliance, with an average SOX budget of $1,725,500 and an average of 5,000 to 10,000 hours devoted to SOX programs annually. But most of those hours are spent on administrative tasks, like reconciling and managing spreadsheets.

The problem with spreadsheets

Today, most companies still manage SOX audit data manually on spreadsheets. The primary reason is that tracking data on spreadsheets is low-cost and readily available. However, using spreadsheets to track SOX audit data is problematic. 

• The excessive number of documents and spreadsheets - for each documented control, there are typically 5 to 6 spreadsheets, and as many as 3,000 documents and spreadsheets total.

• The number of users handling your data - each spreadsheet can have hundreds of users manipulating and handling your audit data, making it unreliable.

Other common problems that occur when managing SOX audit data on spreadsheets include the following:

• Shortage of staff and resources

• Don't promote efficient collaboration, and

• High error rate and low reliability of data

What can we do about the increasing costs and complexity of SOX audits?

The key to maximizing SOX audit efficiency is leveraging technology to automate manual enterprise-wide processes. The survey indicates a growing number of companies are leveraging technology and automation to support SOX compliance efforts using platforms and applications to bring greater efficiency to SOX compliance activities. 

Incorporating platforms that offer process mining, advanced analytics, and continuous control monitoring solutions can significantly reduce the volume of manual compliance tasks. These technologies can also address retention risks associated with the hours of repetitive, task-driven work staff are subjected to during an audit cycle. 

Automating SOX controls with SafePaaS

SOX audit reporting is a stressful and arduous process. SafePaaS delivers continuous compliance by monitoring your SOX and SOX IT controls in real-time with on-demand compliance reporting. 

With SafePaaS, you'll pass your audit without surprises, with all potential risks secured before they materialize. And SafePaaS has integrations to all your critical financial applications that affect your SOX IT controls audit - Oracle, SAP, JD Edwards, PeopleSoft, NetSuite, Workday, and more. 

With SafePaaS' seamless API integrations to your ERP application, you can choose from our comprehensive repository of predefined, industry-best-practice rules. SafePaaS locks down all your SOX and SOX IT controls so you can concentrate on your business, not your audit.

Continuous Controls Monitoring

SafePaaS monitors and identifies risks in financial transactions from applications like Oracle ERP Cloud and E-Business Suite and remediates them with built-in remediation capabilities. 

Risk-impact on finances

With the use of automation, you can prioritize your most important policy violations by measuring access risk-to-cost 

Best-practice industry-focused rule catalog

SafePaaS has thousands of rules that provide immediate coverage of your compliance requirements, including SOX, GDPR, and HIPAA. 

Real-time access risk mitigation

SafePaaS enables quick analysis and response to potential risk by reviewing identity access in real-time with fine-grained capabilities.

Out-of-the-Box Integrations

SafePaaS API integrations enable provisioning workflows with ServiceNow, SailPoint, Okta, Azure AD, or any other IDM and ITSM.

Cross-application SOD analysis

All entitlements and roles are analyzed across all applications in one single platform.

Want to learn more about how SafePaaS can help you decrease your SOX audit costs?