RiskTech Forum

ClusterSeven: Chain Reaction of PCAOB and SOX on Enterprises

Posted: 1 May 2017  |  Author: Henry Umney

Auditors are under fire and some are facing penalties in the millions of dollars from the Public Company Accounting Oversight Board (PCAOB) for audit failures and violation of the Board’s quality standards to enforce Sarbanes-Oxley (SOX) compliance by companies. This is creating a chain reaction with finance departments possibly bearing the brunt of it. Anecdotal evidence suggests that many CFOs – who are already under pressure to reduce costs and make efficiency improvements in their departments – are further stretched with demands from auditors for more intricate reporting and transparency, without additional resources from their organizations.

According to the PCAOB Division of Registration and Inspections, the most frequent audit deficiencies are in the areas relating to auditing internal control over financial reporting, assessing and responding to risks of material misstatement, and measurements. This isn’t a surprise – despite spreadsheets and end user computing (EUC) applications being ubiquitously used in organizations for business-critical processes, their usage is uncontrolled and unmonitored. The latest GRC 20/20 survey reveals that nearly half of the surveyed organisations do not have a thorough understanding of the risks posed by spreadsheets to their financial reports.

Most organizations deploy enterprise-grade financial and accounting systems with strict governance controls surrounding the data that resides in them, but spreadsheets fall outside the scope of these solutions. In fact, this is possibly one of the major reasons why the use of spreadsheets for financial processes is so prevalent – they are simple to use and create, flexible for all manner of financial modelling and easily shared between individuals and teams.

The above-mentioned survey shows that 78% of organizations state that their external auditors are applying tougher standards in the application of PCAOB pressure on spreadsheet and EUC controls. Frustrating as it might be, organisations have no choice, but to take concerted measures to adopt best practice mechanisms to control, monitor and govern their spreadsheet and EUC application landscape.

Technology is the only way to achieve this credibly and reliably with some added benefits. Given the complexity of data lineages between multiple spreadsheets and EUC applications that are spread across various individuals, teams and departments; technology can deliver transparency. Right from the creation of a spreadsheet through to its decommissioning across its lifecycle can be automated, supported by documented audit trails. Additionally, this approach delivers efficiency and aids productivity, greatly reducing the operational and governance burden of finance departments.

As the pressure on auditors grows from the regulators, so will the challenge for finance departments to meet increasing levels of scrutiny during audits. Embracing best practice-led processes via technology is a commercially astute and pain-free approach.