Half of the largest public companies reported their external audit costs to comply with Sarbanes-Oxley rose again in 2017, driven largely by persistent audit regulatory pressure, increased merger and acquisition activity, and adoption of new accounting standards.
That’s the finding of the latest annual Protiviti survey exploring Sarbanes-Oxley compliance activity and costs. Based on a poll in early 2018 of more than 1,000 finance and internal audit executives at public companies, 50 percent of large accelerated filers saw their SOX-related external costs rise last year, while 44 percent said costs held steady; only 6 percent reported a decrease in costs.
Among accelerated filers, or those with a public float from $75 million to $700 million, 23 percent said their SOX-related audit costs rose in 2017, while 71 percent said they stayed the same. Nearly 40 percent of nonaccelerated filers reported cost increases, and half said their costs did not change.
The Public Company Accounting Oversight Board continues to deliver harsh inspection reports to major audit firms, which has contributed in recent years to increases in audit activity, especially around internal control over financial reporting. Protivit’s report also attributes increasing audit costs to new accounting standards, like revenue recognition, adopted at the beginning of 2018, and lease accounting, taking effect in 2019. Companies are making significant changes to their controls as a result of those adoption efforts.
External auditors are investing in new audit technology, and their fees may reflect that, Protiviti said, although over time such tools are expected to make audits more efficient. Audit costs might also rise as external auditors prepare to comply with a new auditing standard that requires them to disclose “critical audit matters” that arose on each engagement, the report says.
In the meantime, companies are moving slowly toward automated tools that would make their internal control processes more efficient, the report says. Only 28 percent of companies said they used tools like robotics process automation to test controls, while 63 percent said they did not use such tools. Other tools showed similar levels of utilization, like automated process workflow tools, access controls, data analytics, automated reconciliation tools, and process mining/analytics, and continuous controls monitoring.
Among survey respondents who said their organizations do not use automated tools, 23 percent said they plan to adopt new tools in fiscal 2018, and 20 percent said they were no such plans. Another 26 percent said their organizations will adopt more automation tools in 2019.