A comprehensive survey of issues related to Sarbanes-Oxley (SOX) compliance reveals companies are spending more time and money to comply while improving their internal controls, and several issues they’re confronting at least indirectly impact corporate treasury.
On the plus side, 70% of the 468 chief audit executives from companies ranging widely in size—72% have more than $1 billion in revenues—reported that their internal control over financial reporting structure has improved, according to consultancy Protiviti’s annual survey titled “Understanding the Costs and Benefits of SOX Compliance.” In addition, 50% said their companies realized improved business processes.
However, SOX-related costs are rising for many companies, especially large ones. The recently released report notes that just under half of organizations spend less than $1 million on SOX compliance, but a significant number of large companies spend $2 million of more annually, as do companies from industries such as insurance and telecommunications. In addition, external audit fees continue to rise for most large companies filing on an accelerated basis, although they fell for most of emerging growth, non-accelerated filers.
The survey found that well over half of organizations have at least moderate plans to automate currently manual processes related to SOX.
On the treasury front, the survey found that just 56% of companies have begun preparation to comply with the Financial Accounting Standards Board’s new revenue recognition standard, which calendar-year companies must begin complying with at the start of 2018. Jim DeLoach, a managing director at Protiviti, said that the new standard’s effect on the financial reporting process can impact the contractual provisions underlying financial instruments and debt covenants, a component of treasury’s mandate.
Mr. DeLoach said feedback from Protiviti’s corporate customers as well as discussions with partners from the Big Four accounting firms suggest many companies still have significant work to do.
“Most of that work applies to the financial reporting function, but there are ancillary impacts on treasury. Besides loan covenants, it could affect elements such as tax planning, sales incentive plans and contracting processes where treasury is involved on the periphery,” Mr. DeLoach said.
He added that most very large companies are likely well on their way to adapting to the new accounting guidance and have at least begun the process of engaging their lenders and adapting loan covenants when appropriate. “But if they haven’t, the train is about the leave the station,” he said.
The survey also revealed that companies are spending more and more time on cyber security-related disclosures, with 24% of those reporting cyber security incidents saying it increased the time their companies spent on SOX compliance by more than 15%. DeLoach noted that cyber security and other types of fraud as well as the controls to reduce such fraud are key concerns for treasury.
“Treasury needs to be concerned about internal controls to safeguard assets and monitor those assets and systems, and they need real-time visibility into cash flow and centralized payment processes,” Mr. DeLoach said. “Treasury thinks about issues such as employee education around cyber threats that could potentially affect liquid assets.”
He added that to the extent treasury maintains a strong focus on preserving the company’s liquid assets from cyber threats, it contributes to the overall strength and the effective internal control over financial reporting.