No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Internal Audit

SOX Compliance Is as Old as ‘American Idol.’ How Much Younger Is Your Tech?

Companies that fall behind when it comes to AI and robotics risk drawing the wrath of regulators

by Jack Kristan
May 25, 2022
in Internal Audit, Opinion
old tvs sox compliance

Sarbanes-Oxley turns 20 years old this summer. Jack Kristan of auditing firm Plante Moran wonders why many companies still haven’t modernized SOX compliance — and offers an object lesson in the power of technology-aided auditing.

When I first entered the workforce two decades ago, it wasn’t uncommon for financial analysts to be asked to cut large checks needing to be mailed immediately, without much explanation about what they were for and why they were so urgent.

That kind of money movement is pretty much unthinkable in a modern Sarbanes-Oxley (SOX) compliance regime. One of the most enduring changes of the law, which turns 20 this year, was to systematize business processes and authorizations, so you can’t have a 22-year-old write a check for $50,000 simply because a manager told him it was urgent.

Businesses now rely on software to track and manage internal spending. Some companies — particularly in healthcare and Silicon Valley — have been adopters of this technology, and their approach to internal controls has benefited as a result.

But others are still living in the compliance Stone Age. And that needs to change soon, because if they don’t catch up, they could miss accounting fraud and in doing so, run afoul of external auditors — or even the SEC.

The most transformative changes in compliance have been in automation. Companies and auditors can now use robotic process automation (RPA) to preprogram instructions for their compliance software, looking for certain suspect expenses and patterns. These can be tailored to the business’s specific circumstances or industry.

Robotic scripts can scan money movement with an efficiency humans could only dream of matching, especially in large organizations. Instead of pawing through the hay and looking for the needle, RPA is the equivalent of bringing a metal detector to the barn. Not all companies are using RPA for compliance, but the ones that are have seen positive outcomes, including improved risk mitigation, enhanced financial reporting accuracy, and maybe most crucially, a reduced burden on overworked staff.

For example, we began working with a client a few years ago and received a tip that a certain sales manager was reporting suspicious expenses. A closer look into business receipts revealed that instead of taking clients out to dinner, he had used company funds to buy personal items.

We then suspected that such brazen theft of company money might be happening elsewhere. We set up an RPA script with strict spending rules, ran three years of expense data through it, and subsequently identified another employee who was making personal purchases that did not align with the receipts submitted.

This system worked well in catching unauthorized expenses after the fact. But now we’re building an even more powerful artificial intelligence tool for this client that can flag irregular spending in real time.

While RPA has worked wonders for those who have employed it, AI promises to spearhead a true revolution in compliance tech. AI will be able to look at current spending and other key processes and see if they’re in line with what was forecast. If not, the system will be able to quickly spot a potential issue. And with each piece of spending data these systems take in, they get smarter, making them more capable of noticing irregularities with each passing day.

Also important: AI will reduce human error and misjudgment. When something is amiss, the system will automatically identify the transaction for further investigation, making controls and audits more targeted. That’s important, because in a lot of cases, personal relationships can cloud our judgment of whether something needs to be reported. And in other cases, simple human error can lead to issues being overlooked.

Making SOX compliance more intelligent will have positive benefits beyond efficiency and lower costs; companies automating audits are giving their accounting teams welcome relief.  This doesn’t need to be a story of technology eliminating jobs but instead of limiting human error in menial tasks while freeing up overworked personnel to focus on analyzing the outputs of AI compliance systems, as well as other high-value work.

Among many current executives, there’s undeniable hesitancy over trusting AI to take over the entire job of spotting compliance issues. But with increasing regulatory scrutiny over ESG and cybersecurity issues — and growing complexity of businesses’ financial operations — CEOs can’t reasonably expect manual reviews to find needles in haystacks.

To overcome their apprehension, leaders should do two things. First, they would be wise to conduct a thorough cleanse of their existing data, so that they can be confident that the information they’re feeding into their AI systems is relevant and useful.

Second, executives should commission pilot programs to determine where they’re hemorrhaging cash. Good areas to start would be inventory, procurement and purchasing, and travel and entertainment. This will help convince them of the considerable return on investment they’ll get from deploying AI.

Leaders need to keep an eye on emerging technology in the SOX compliance space. They don’t just risk looking like technological dinosaurs; they might miss issues that could have devastating consequences for their companies’ reputations and valuations.

And software developers, for their part, should pay close attention to what businesses and auditors need. Companies planning to make major investments in new IT systems are going to expect their tech to do more than simply monitor expense reports. The AI systems that succeed in the SOX compliance world will need to show they can catch the multimillion-dollar errors and frauds.


Tags: SOX Compliance
Previous Post

Compliance Book Club Brings Mentoring, Camaraderie and Inspirational Reads to Compliance Pros Everywhere

Next Post

OneTrust Launches New Trust Intelligence Platform

Jack Kristan

Jack Kristan

Jack Kristan is a partner in the risk and accounting advisory services practice at Plante Moran in Detroit.

Related Posts

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

cci top 10 stories collage

Top 10 Compliance Stories of 2022

by Jennifer L. Gaskin
December 7, 2022

The more things change, the more they stay the same. This time last year, we summarized the top 10 ESG...

guardrail

A Modest SOX Proposal: Require Compliance Certification Before Something Goes Wrong, Not After

by Maria D'Avanzo
September 21, 2022

Despite 20 years of SOX, many companies still fail to prioritize compliance programs until it’s too late. Maria D’Avanzo of...

sox legislation

Does Your Company Have a Comprehensive Compliance Program? You Can Probably Thank SOX for That.

by Michael W. Peregrine
August 3, 2022

Though it was created as a counterbalance to a series of early-aughts corporate accounting scandals, many of today’s most important...

Next Post
onetrust platform launch_n

OneTrust Launches New Trust Intelligence Platform

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT