Internal controls are apparently no worse for the wear following economic crisis, and for nearly half of companies they may even be stronger, according to a new poll from consulting firm Protiviti.

Nearly 90 percent of finance and audit executives who participated in the survey said their Sarbanes-Oxley compliance efforts suffered no ill effects from the global recession; 45 percent said their internal controls are better today than they were a year earlier. The 2011 Sarbanes-Oxley compliance survey is meant to gather feedback from SOX leaders and auditors across a variety of industries to assess the current state of compliance, costs, benefits, and value.

Executives report the upbeat results even though one in three also report slight to moderate declines in personnel responsible for executing key controls, in the finance function, and in the total company headcount, said Jim DeLoach, managing director at Protiviti, in a podcast. “Even nine years after the passage of Sarbanes-Oxley, companies are still learning and working to improve both the quality of internal controls as well as the effectiveness and efficiency of the compliance process,” he said. “While overall these results are promising, it still may be too early to determine definitively how these economic events will affect internal control reporting requirements.”

The survey also revealed that most companies pare down their compliance spending to anywhere from $100,000 to $1 million by their fourth year of compliance. Bob Hirth, executive vice president at Protiviti, said the four-year mark seems a common break point for companies in maximizing the efficiency of their compliance processes. Regardless of the size of the company or how many years they've spent working on SOX compliance, companies plan to reduce their compliance costs in the coming year, although reductions are expected to be nominal.

Among companies that became exempt from the audit of internal control under the Dodd-Frank Act, 56 percent say they were “very prepared” to comply and 29 percent said they were somewhat prepared. Those same companies said areas related to IT and automation, including IT general controls, spreadsheet controls, and segregation of duties, would have required the most attention if they had not be exempted from compliance. Companies also report they are looking to IT solutions to improve the effectiveness and efficiency of their compliance efforts, especially by increasing the number of automated controls, using continuous monitoring techniques, and decreasing the number of manual controls.

DeLoach said companies that are exempt should keep an eye on their market cap for growth that would take them into non-accelerated status and expose them to the audit requirement. He also cautions Congress could revisit the exemption if restatements among the smallest companies were to trend upward.

Topics