Shifting Responsibility to the Internal Audit Function
Year-over-year findings about which area within an organization is responsible for overseeing SOX compliance showed a sizeable shift toward the internal audit function and away from project management. In 2012, the survey found that 30 percent of organizations housed this responsibility with the internal audit function, while 25 percent handled SOX compliance through their project management office. However, in this year's survey, 45 percent of respondents said internal auditing managed SOX compliance (up 15 percent), while only 10 percent said it was handled by project management (down 15 percent).
One reason for this shift is the willingness of external auditors to rely on the work of internal audit departments rather than other functions. In 2013, only 25 percent of respondents said there was an increase in external auditors' reliance on documentation, walkthroughs and testing performed outside of the internal audit function, while 39 percent said there was an increase from external auditors in having the same work done by internal audit departments.
Additional Survey Findings
Other key findings from Protiviti's
2013 Sarbanes Oxley Compliance Survey
About the Survey
- Eighty percent of respondents indicating they have seen improvements in internal control over financial reporting structure since Sarbanes-Oxley Section 404(b) was first required for large accelerated and accelerated filers in 2004. This is especially true for large accelerated filers, with 87 percent saying there have been improvements.
- More than one-third of companies (38 percent) reporting a year-over-year increase (from 2011 to 2012) in SOX costs. Nearly half of the companies surveyed (47 percent) also reported a year-over-year increase in external audit fees during the same period. That said, on average the costs for SOX compliance are not extraordinarily high relative to the objective of quality financial reporting to investors through improved internal controls. For most organizations, the cost of SOX compliance remains at a manageable level.
- Automation of controls continues to be an area of increased focus, with 90 percent of companies surveyed this year indicating that they have plans to automate IT processes and controls for SOX compliance, up from 83 percent in 2012.
In its fourth edition, Protiviti's 2013
Sarbanes-Oxley Compliance Survey
gathered insights from 297 executives and professionals at companies with gross annual revenues ranging from less than
to more than
. The survey was conducted in late 2012 and early 2013, and respondents included chief audit executives, chief financial officers, corporate Sarbanes-Oxley and Project Management Office leaders, chief compliance officers and others involved with SOX. The survey is available for complimentary download at:
A 90-minute webinar discussing the results of the survey will be held on
Tuesday, May 14, 2013
9:00 a.m. PDT
. To register for the complimentary webinar, please visit
Additionally, a video featuring Protiviti's
discussing key trends in SOX compliance based on the survey results is available at
) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, Protiviti has served more than 35 percent of FORTUNE 1000
and FORTUNE Global 500
companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half International (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.