SOX compliance costs rise for many companies, report finds


New developments associated with the Sarbanes-Oxley Act of 2002 (SOX) have companies changing their compliance processes more than a decade after the law was enacted, according to a new survey report.

Organizations reporting rises in SOX compliance costs and external audit fees in 2012 vastly outnumbered those reporting decreases, according to global consulting firm Protiviti’s 2013 Sarbanes-Oxley Compliance Survey report.

In one emerging development, PCAOB inspections of audit firms are placing increased pressure on external auditors to audit internal control over financial reporting (ICFR) more thoroughly, according to the report. In December, the PCAOB issued a 31-page report on deficiencies found in audits of ICFR to help auditors avoid common problems.

Another development that may require companies to refine how they assure the effectiveness of their internal control systems is the update of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The AICPA is a participating organization in COSO, whose updated framework was issued Tuesday.

The U.S. economy’s slow recovery from the recent financial crisis, and usual business changes such as mergers, acquisitions, and restructuring, also have contributed to the need for improvements in SOX compliance, according to the Protiviti report.

As a result, costs are rising for many of the nearly 300 public companies surveyed for the report. More than one-third (38%) of companies reported that SOX compliance costs rose year-over-year in 2012, while just one in 10 said these costs decreased. But companies said on average that the costs for SOX compliance are not extraordinarily high relative to the objective of quality financial reporting through improved internal controls.

Nearly half (47%) of respondents said external audit fees increased in 2012 over 2011, while just 9% said these fees decreased.

While bearing these costs, companies also are refining their compliance processes and trying to use them to build value in addition to increasing effectiveness, according to the report. Two in three companies reported at least moderate changes or increases in process and control documentation for high-risk processes in the past year.

Six in 10 said they devoted more time in the past year to audit “walkthroughs” to gain and document understanding of key business processes.

The report also says:

  • Increasing scrutiny of high-risk processes can increase compliance effectiveness and efficiency.
  • Internal audit functions are gaining more SOX compliance oversight duties as more companies shift these responsibilities away from project management offices.
  • There are significant opportunities for organizations to automate more of their key controls to create efficiencies.

The good news for companies is that this focus on compliance appears to be generating positive results. Four out of five organizations surveyed said their ICFR structure has improved since SOX Section 404(b) was required for their organization. Almost two in three (64%) said their ICFR structure has improved moderately or significantly in that time.

Ken Tysiac ( ) is a JofA senior editor.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.