Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I go into the weeds on issues raised around SOX compliance by internal audit functions in corporations and the use of tech solutions to improve things by a recent report of the SOX Professional Group.

Some of the highlights include:

  • Why is SOX compliance still ‘a big hassle’?
  • A recent report by the SOX Professional Group found that internal audit is taking over more SOX reporting.
  • Why has internal audit been asked to take over more of this role?
  • Why would the SEC want to reduce award levels at the high end? What is the constituency for this position?
  • The SOX Professional Group report noted that SOX compliance costs are increasing; why did an earlier Protiviti report show costs were ‘drifting downward’?
  • Where are companies on the use of new tech solutions to facilitate SOX Compliance?
  • Why are 73% of all companies still using Excel spreadsheet to report on SOX compliance?
  • What role, if any, does internal audit have in cyber security?
  • Why is cybersecurity not seen as a high risk from SOX reporting perspective?

For additional reading see the following:

Matt’s blog post, Report: SOX Compliance Still a Pain, on Radical Compliance.