Increased SOX Compliance Hours and Costs


Two decades after Sarbanes-Oxley was passed, public companies are spending more time and money trying to comply with SOX requirements, despite the increasing use of technology to automate the process.

A investigation published Thursday by consultancy Protiviti found that the number of hours spent on SOX compliance increased for 53% of companies across most industries, company sizes and reporting types last year. The survey surveyed more than 560 audit, compliance and finance leaders in March and April 2022, and found that while companies are increasing their use of automation and external resources, there are still many opportunities to moderate cost increases for SOX compliance.

On average, 41% of surveyed organizations’ SOX compliance costs relate to outsourced resources, onshore or offshore, up from 37% in 2021. Companies use technology tools for an average of 25% of all business SOX compliance program, which leaves significant room for improvement.

Paul Sarbanes

News by Jay Mallin/Bloomberg

SOX was passed by Congress in 2002 following a series of high-profile accounting scandals at companies such as Enron, WorldCom and Tyco. The law required public companies to establish internal controls over financial reporting that would be approved by senior management and auditing firms, and created the Public Company Accounting Oversight Board to set standards for audit and inspect the work of audit firms.

Despite improvements in SOX and audit technology over the past few decades, costs continue to rise. The survey found that for companies that have passed their second year of SOX compliance, average annual SOX compliance costs have increased by 18% from 2021 to 2022. Thirty percent of companies surveyed beyond their second year SOX compliance departments spent more than $2 million in their most recent fiscal year, up from 24% the year before.

“Today, internal audit and finance leaders have a menu of options to innovate and streamline their SOX compliance programs and reduce internal burdens, technology tools that support automation, deliver workflow capabilities and document management support, to alternative delivery models, such as centers of excellence managed internally or by an external outsourcing partner,” said Andrew Struthers-Kennedy, Director Chief Executive Officer of Protiviti and global leader of the company’s internal audit and financial advisory practice, in a statement, “The ongoing war for talent underscores the urgency for CAEs to explore the benefits of staffing and retention that alternative service delivery models can provide Organizational structures of delivery centers provide internal audit teams with the Opportunity to focus on strategic contributions and avoid burnout and turnover associated with some repetitive and routine SOX program activities.

For an organization with 200 controls, a reduction of, say, one hour of operational control effectiveness testing can save 200 man-hours and result in significant efficiency and population coverage benefits, according to Protivity.

Companies are turning to technology to try to make the process more efficient, with 54% of companies surveyed leveraging audit and governance, risk and compliance (GRC) management technology, while two in five organizations use data analysis and visualization platforms. One in three uses segregation of duties analysis tools and ongoing monitoring. But the technology is only used in about a quarter of their overall SOX compliance efforts on average.


Comments are closed.