A decade later: Fraud controls improved under SOX


After more than a decade of Sarbanes-Oxley governance, the increased oversight of corporate financial management is paying off when it comes to fraud controls.

magnifying glass on financial statements

And, while organizations pay a bit more every year to comply, the costs are manageable, according to the 2013 Sarbanes-Oxley Compliance Survey by the Protiviti consulting firm. Nearly 300 chief audit and financial officers at companies ranging from less than $100 million to more than $20 billion were surveyed.

A full 80 percent of respondents said they have seen improvement in internal controls over financial reporting, with 26 percent reporting that internal controls had significantly improved. Of financial executives at larger corporations, 87 said percent they had seen an improvement.

Enacted in July 2002, the Sarbanes-Oxley Act was drafted in response to a number of high profile corporate scandals, including Enron. The legislation increased the independence of external auditors, increased the oversight role of boards of directors and required top management to individually certify the accuracy of financial information. In addition, penalties for fraudulent financial activity were made much more severe.

More than one-third of financial executives surveyed reported that SOX compliance costs had increased during the previous year, but overall most executives said the costs “remain at a manageable level.” Ten percent had a decrease in costs and 52 percent stayed the same.

Automating controls is an area of increased focus, with 90 percent of executives saying they have plans to automate IT processes and controls for SOX compliance, up from 83 percent the previous year.

The study found that more companies are adjusting their compliance efforts to focus on high-risk processes and walkthroughs.

“To continue to improve their SOX compliance efforts, companies need to intensify their scrutiny of high-risk processes such as financial reporting, accrual processes, stock options and equity, and taxes,” said Brian Christensen, Protiviti’s executive vice president for global internal audit. “The study shows that companies are beginning to adjust in that direction and the shift aligns with guidance from the SEC and PCAOB.”

The survey also asked about which area within an organization should oversee SOX compliance. The internal auditing department led at 45 percent of companies (up 15 percent from the previous year), with only 10 percent now placing the function in the project management office (down 15 percent from the previous year).

The reason given for the shift toward the internal audit department is the willingness of external auditors to rely on the work of internal audit departments rather than other functions.