BlackLine Blog

October 15, 2019

As Sarbanes-Oxley Turns 17, What Have We Learned About Controls?

Digital Transformation
2 Minute Read

BlackLine Magazine

Share Article

The importance of effective internal finance controls was highlighted when Sarbanes-Oxley became law in 2002 and the SEC created the Public Company Accounting Oversight Board. Since then, SOX and the PCOAB have helped guide business toward more open and even-handed operations, and restore the public’s trust in business.

But no business is perfect, and no business-auditor relationship is simple. So, there’s room for improvement, and several recent reports point out some of the areas where there are reasons—and room—for positive growth.

Material Weaknesses Still Persist

A study by the American Accounting Association found that companies with material weaknesses in their entity-level controls were 80% more likely to have future fraud disclosures compared to firms with strong controls.

This means that accounting and internal audit teams have to spend more time re-evaluating risks and mitigating controls to make sure they are properly designed and effective.

Audit Costs Continue to Rise

recent study by Protiviti of nearly 500 companies found that audit costs are larger than ever. Nearly 40% of the companies surveyed are seeing an increase between 16% and 19% in internal costs for their audits, in addition to outside audit fees.

Management Is Taking Controls More Seriously

A finding of the SOX & Internal Controls Professionals Group shows that management priorities have shifted from the previous year.

In the survey, management’s top priority was to streamline the SOX process to gain efficiency. In 2017, management was more focused on ensuring compliance with SOX.

Automation Technology Offers Room for Improvement

Thanks to today’s automation technology, improving internal controls for financial reporting is one of the lowest hanging fruits to reduce risk and improve efficiency.

It’s common knowledge that technology like Robotic Process Automation (RPA) can dramatically reduce human error during the month-end close and improve balance sheet integrity by strengthening reconciliations.

But integrated process automation technology does more. It gives you the ability to test greater sample sizes, even checking every transaction, if you want. It increases overall process efficiency to relieve human stress, and builds confidence in control-testing results.

Functions such as exception analysis and variance reporting can highlight transactions and balances that exceed control thresholds, and can make sure all reports can be reconciled back to the original data. Automated workflows support strong, auditable sign-offs for reconciliations and other close tasks.

Cloud-based automation like BlackLine’s can improve auditor efficiency, letting auditors access reports and underlying transactions through a web browser, so it minimizes the need to hunt for data.

Integrated process automation also creates financial reports that are consistent and trustworthy. This helps build confidence with upper management, since managers can drill down to check out report details whenever they want.

Read our CFO Playbook: Compliance & Controls to dive deeper into how your organization can manage controls around financial reporting.

About the Author


BlackLine Magazine