Skip to main content

Tracking Trends in SOX Compliance

Manufacturing leaders shared their views on SOX compliance and deficiencies in a poll conducted on February 23 –  March 15. While the majority reported their external auditor relied on SOX testing performed by Internal Audit, for most, the reliance on testing is below 50%. 

Key Findings include:

  • Internal Audit does testing of key controls and operation effectiveness of 404 key controls for most companies.
  • Less than half integrate SOX compliance with other applications, with one-third currently using an in-house customized application for testing. 
  • Most companies experienced repeat SOX control deficiencies in FY20, but larger manufacturers seem to be better than their counterparts at avoiding repeat deficiencies.
  • Two-thirds of deficiencies are a result of control execution and not control design.
  • Compliance deficiencies most often take the form of a lack of evidence of review or approval rather than compliance or access violations.
  • Control deficiencies occur far more often in the IT function as compared to other functional areas.

Are You a Member?

There is additional content for members only. If you are a member, login to access. Not a member? Learn more.