SOX Compliance Costs Mostly Untracked

July 19, 2004 ( - While many employers continue to complain about the cost and "bother" of complying with the Sarbanes-Oxley Act, most are not currently keeping up with the costs of that compliance, according to a recent survey.

According to the  PwC Management Barometer , which polled senior executives of US-based multinational companies, 56% of those surveyed said their company does not track and report internally on the costs of Sarbanes-Oxley and other compliance programs (41% do).  

Additionally, 79% of those surveyed acknowledged that their companies need to make improvements in order to comply with Section 404 of Sarbanes-Oxley, which requires companies to file a management assertion and auditor attestation on the effectiveness of internal controls over financial reporting.   Among areas needing remediation, according to PwC are:

  • 55% – Financial processes,
  • 48% – Computer controls,
  • 37% – Internal audit effectiveness,
  • 35% – Security controls,
  • 26% – Audit committee oversight,
  • 24% – Fraud programs.

In fact, by a margin of nearly two to one, large US companies have made compliance with the Sarbanes-Oxley Act part of their regular corporate governance approach and have integrated it with other regulatory activities, according to PricewaterhouseCoopers’ Management Barometer.

Nearly two-thirds (64%) say their company’s senior management and board of directors see Sarbanes-Oxley as one of many steps in a larger corporate governance initiative.   While 62% report Sarbanes-Oxley is integrated with their other corporate regulatory compliance processes, 34% say it is not, and 4% aren’t sure.

Nearly all (93%) of executives responding to the survey expect their companies to launch process improvement initiatives to streamline future Sarbanes-Oxley compliance, including:

  • financial reporting,
  • risk identification and assessment,
  • IT security strategy and implementation,
  • internal audit,
  • compliance management.