SOX compliance costs rise for many companies, report finds

BY KEN TYSIAC

New developments associated with the Sarbanes-Oxley Act of 2002 (SOX) have companies changing their compliance processes more than a decade after the law was enacted, according to a new survey report.

Organizations reporting rises in SOX compliance costs and external audit fees in 2012 vastly outnumbered those reporting decreases, according to global consulting firm Protiviti’s 2013 Sarbanes-Oxley Compliance Survey report.

In one emerging development, PCAOB inspections of audit firms are placing increased pressure on external auditors to audit internal control over financial reporting (ICFR) more thoroughly, according to the report. In December, the PCAOB issued a 31-page report on deficiencies found in audits of ICFR to help auditors avoid common problems.

Another development that may require companies to refine how they assure the effectiveness of their internal control systems is the update of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The AICPA is a participating organization in COSO, whose updated framework was issued Tuesday.

The U.S. economy’s slow recovery from the recent financial crisis, and usual business changes such as mergers, acquisitions, and restructuring, also have contributed to the need for improvements in SOX compliance, according to the Protiviti report.

As a result, costs are rising for many of the nearly 300 public companies surveyed for the report. More than one-third (38%) of companies reported that SOX compliance costs rose year-over-year in 2012, while just one in 10 said these costs decreased. But companies said on average that the costs for SOX compliance are not extraordinarily high relative to the objective of quality financial reporting through improved internal controls.

Nearly half (47%) of respondents said external audit fees increased in 2012 over 2011, while just 9% said these fees decreased.

While bearing these costs, companies also are refining their compliance processes and trying to use them to build value in addition to increasing effectiveness, according to the report. Two in three companies reported at least moderate changes or increases in process and control documentation for high-risk processes in the past year.

Six in 10 said they devoted more time in the past year to audit “walkthroughs” to gain and document understanding of key business processes.

The report also says:

  • Increasing scrutiny of high-risk processes can increase compliance effectiveness and efficiency.
  • Internal audit functions are gaining more SOX compliance oversight duties as more companies shift these responsibilities away from project management offices.
  • There are significant opportunities for organizations to automate more of their key controls to create efficiencies.


The good news for companies is that this focus on compliance appears to be generating positive results. Four out of five organizations surveyed said their ICFR structure has improved since SOX Section 404(b) was required for their organization. Almost two in three (64%) said their ICFR structure has improved moderately or significantly in that time.

Ken Tysiac ( ktysiac@aicpa.org ) is a JofA senior editor.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

COLUMN

Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.