SOX Compliance Costs Mostly Untracked
According to the PwC Management Barometer , which polled senior executives of US-based multinational companies, 56% of those surveyed said their company does not track and report internally on the costs of Sarbanes-Oxley and other compliance programs (41% do).
Additionally, 79% of those surveyed acknowledged that their companies need to make improvements in order to comply with Section 404 of Sarbanes-Oxley, which requires companies to file a management assertion and auditor attestation on the effectiveness of internal controls over financial reporting. Among areas needing remediation, according to PwC are:
- 55% – Financial processes,
- 48% – Computer controls,
- 37% – Internal audit effectiveness,
- 35% – Security controls,
- 26% – Audit committee oversight,
- 24% – Fraud programs.
In fact, by a margin of nearly two to one, large US companies have made compliance with the Sarbanes-Oxley Act part of their regular corporate governance approach and have integrated it with other regulatory activities, according to PricewaterhouseCoopers’ Management Barometer.
Nearly two-thirds (64%) say their company’s senior management and board of directors see Sarbanes-Oxley as one of many steps in a larger corporate governance initiative. While 62% report Sarbanes-Oxley is integrated with their other corporate regulatory compliance processes, 34% say it is not, and 4% aren’t sure.
Nearly all (93%) of executives responding to the survey expect their companies to launch process improvement initiatives to streamline future Sarbanes-Oxley compliance, including:
- financial reporting,
- risk identification and assessment,
- IT security strategy and implementation,
- internal audit,
- compliance management.