SOX audit software
ComplianceFinanceTax & AccountingAugust 28, 2020

Happy birthday SOX, time to grow up

The Sarbanes-Oxley Act turned 18 this year! Its birthday was July 30th for anyone who wants to get a cake. In a time-honored tradition, we sat down with the SOX Act and asked some hard questions.

The transcript of the conversation is below.

Interviewer: Thanks for agreeing to the interview SOX, and happy birthday! Making it to eighteen is quite an accomplishment.

SOX: Oh, believe me, I know! These past eighteen years were tough! When I was young, I just felt like no one really got me, you know. Everyone wanted me to be more complex than I was, but I was just trying to get through the day most of the time.

Interviewer: I do remember those early days as well. You came on the scene with so much hype. People were both excited to meet you and pretty scared of what you might turn into as you grew up. What about now? How do you think you’ve changed over the years?

SOX: I think it depends on who you ask. Some people still treat me like I’m a really big deal. I see some companies with huge teams dedicated to testing my controls. Others think I’m just a necessary evil, like a compliance function they must get through that doesn’t add any value.

Interviewer: What advice do you have for these groups?

SOX: Well, to all the SOX teams out there, I’d recommend automating as much as possible. If you haven’t done so already, you should have a solid data analytics program in place for both controls scoping and testing. Seriously, find the most reasonable approach to testing and move on. Plus using analytics to test full populations is

Interviewer: Wait…did you really tell us to “test and move on”?

SOX: That’s right I did. I find it a bit problematic when audit departments spend all of their time on SOX control testing and skip over any operational auditing. SOX controls are not that special. Testing these controls is just like testing anything else. All too often, many of the controls tagged as SOX, and just regular management controls.

Interviewer: Wow! Great advice, straight from the source. Thanks so much for the time SOX! Happy Birthday, and welcome to adulthood!
Toby DeRoche - Senior Market Development Consultant
Manager, Solutions Consulting
Toby is a Certified Internal Auditor (CIA) who holds an MBA with an Internal Audit specialization from Louisiana State University. He is also certified in Control Self-Assessment (CCSA), Risk Management Assurance (CRMA), Internal Control (CICA), and Fraud Examination (CFE).