Fifteen years after passage of the Sarbanes-Oxley Act, companies are still finding the costs of compliance heavy in terms of both dollars and man hours, according to a new report.
The report, from the consulting firm Protiviti, found the average costs depend in some respects on the number of locations at an organization. While companies with between one and three locations pay an average of $657,383 per year on compliance, those with more than 12 locations are paying $1,561,000 annually. The report is based on a survey of 468 chief audit executives, and internal audit and finance leaders and professionals in U.S.-based public companies in a variety of industries.
The number of hours spent on compliance continues to rise, regardless of company size, according to the survey respondents, and more of them are outsourcing their SOX compliance work.
“SOX requirements and practices have changed with the times, and we’re pleased to see that many companies are reaping the benefits of their compliance efforts, which is also good news for investors,” said Brian Christensen, executive vice president of global internal audit and financial advisory at Protiviti, in a statement. “By creating streamlined and lean processes, companies can respond to new and emerging business or regulatory challenges with agility. Conversely, those who aren’t following this model and are instead always playing catch-up may struggle to remain competitive over time.”
The annual survey also asked about related matters, including the Public Company Accounting Oversight Board, cybersecurity and the revenue recognition accounting standard. Three out of four companies that needed to make significant changes in their SOX compliance activities attributed the increase to PCAOB changes. After a significant increase last year in cybersecurity disclosures in the wake of high-profile data breaches and ransomware attacks, 15 percent of those respondents issuing such disclosures said they have increased the number of hours they spent on overall SOX compliance by more than 20 percent.
Although the revenue recognition standard is taking effect next year, only 56 percent of the companies polled said they have begun preparations for it. “Looking forward, the new FASB lease accounting standard goes into effect in two years, and there’s no doubt we’ll see another round of significant accounting and SOX control program changes in preparation for compliance,” said Christensen.