Sarbanes-Oxley Compliance Costs on the Rise

By Michael Cohn, the AccountancyToday

Compliance costs for Sarbanes-Oxley and external audit fees both increased last year, according to a new survey, but for most organizations the cost of SOX compliance remains at a manageable level.

The survey, by the consulting firm Protiviti, examined the impact of the Sarbanes-Oxley Act of 2002 as the law enters its second decade. More than one-third of the companies surveyed (38 percent) reported a year-over-year increase from 2011 to 2012 in SOX costs. Nearly half of the companies surveyed (47 percent) also reported a year-over-year increase in external audit fees during the same period.

However, on average the costs for SOX compliance are not extraordinarily high relative to the objective of quality financial reporting to investors through improved internal controls, according to the survey respondents. For most organizations, the cost of SOX compliance remains at a manageable level.

Protiviti polled 297 executives and professionals at companies with gross annual revenues ranging from less than $100 million to more than $20 billion in late 2012 and early 2013. Survey respondents included chief audit executives, chief financial officers, corporate Sarbanes-Oxley and project management office leaders, chief compliance officers and others involved with SOX.

The survey also found that more companies are shifting SOX compliance oversight responsibilities away from their project management offices to their internal audit functions. In addition, more companies are adjusting their compliance efforts to focus on high-risk processes and walkthroughs.

External auditor reliance on such efforts—and on the work of others in general—is continuing to evolve, due in part to guidance from the Public Company Accounting Oversight Board. Organizations continue to report significant improvements in their internal control structures since SOX Section 404(b) became a requirement. The automation of controls remains an enticing option and perhaps the “final frontier” for achieving significant improvements and efficiencies, according to the survey.

When executives and professionals involved in SOX compliance were asked what was driving the most change in their SOX compliance processes, 66 percent said there was at least moderate change due to demand for increasing process and control documentation for high-risk processes.

In addition, 60 percent of the respondents indicated that the increased amount of time required for walkthroughs and documentation around processes was also driving moderate change.

“To continue to improve their SOX compliance efforts, companies need to intensify their scrutiny of high-risk processes such as financial reporting, accrual processes, stock options and equity, and taxes,” said Protiviti executive vice president for global internal audit Brian Christensen in a statement. “The study shows that companies are beginning to adjust in that direction and the shift aligns with guidance from the SEC and PCAOB.”

With regard to the new COSO internal control framework, 66 percent of the survey respondents were aware of the revision process. The vast majority (85 percent) were against early implementation of the framework in 2013. If given an adoption option, respondents were fairly evenly split across several potential implementation schedules, including fiscal year 2014 and adoption after 2014.