Many Companies See SOX as Part of a Broader Initiative

By a margin of nearly two to one, large U.S. companies have made compliance with the Sarbanes-Oxley Act part of their regular corporate governance approach and have integrated it with other regulatory activities, according to PricewaterhouseCoopers' Management Barometer.

The survey of senior executives at U.S.-based multinational companies found that:

  • 64 percent say their company's senior management and board of directors see Sarbanes-Oxley as one of many steps in a larger corporate governance initiative, while 30 percent say it is simply a goal to be achieved. Six percent are uncertain.
  • 62 percent report Sarbanes-Oxley is integrated with their other corporate regulatory compliance processes, but 34 percent say it is not. Four percent are uncertain.

"Integrating the requirements of Sarbanes-Oxley compliance into ongoing corporate governance and regulatory activities, rather than managing compliance with the law as a separate task, offers the potential for improved business performance in both the short and long term," said Dan DiFilippo, Partner and U.S. Practice Leader, Governance, Risk and Compliance, at PricewaterhouseCoopers.

Tracking Costs of Compliance

Despite complaints by some companies about the increased costs and regulatory burden imposed by Sarbanes-Oxley, most respondent-s, 56 percent, said their company does not track and report internally on the costs of Sarbanes-Oxley and other compliance programs. Forty-one percent do track such costs.

"Given the early outcry about Sarbanes-Oxley's added costs, it's surprising that most companies do not document and track this expense," said DiFilippo. "However, many companies have only recently begun to understand the types of costs and value associated with compliance efforts. We expect more aggressive monitoring as companies examine the effectiveness of their compliance approach."

Remediation Efforts Expected

According to the survey, 79 percent of surveyed executives say their company must make improvements in order to comply with Section 404 of Sarbanes-Oxley, which requires companies to file a management assertion and auditor attestation on the effectiveness of internal controls over financial reporting. Among areas needing remediation:

  • Financial processes.........55%
  • Computer controls...............48%
  • Internal audit effectiveness....37%
  • Security controls...............35%
  • Audit committee oversight.......26%
  • Fraud programs................. 24%

Process Improvements for Future Compliance

Looking ahead, 93 percent of executives expect their company to launch process improvement initiatives to streamline future Sarbanes-Oxley compliance. Among areas cited:

  • Financial reporting....................63%
  • Risk identification and assessment.........61%
  • Risk mitigation............................55%
  • IT security strategy and implementation....55%
  • Internal audit.............................55%
  • Compliance management......................54%
  • IT oversight and operations................45%

"Companies recognize the need to make improvements in order to comply with the requirements of Sarbanes-Oxley," said DiFilippo. "When executives are confident that they are in compliance, many will want to find ways to streamline business processes and make future compliance less difficult."


Already a member? log in here.

Editor's Choice

Upcoming CPE Webinars

Nov 24This webcast presents basic principles of revenue recognition, including new ASU 2014-09 for the contract method. Also, CPAs in industries who want a refresher on revenue accounting standards will benefit.
Dec 3The materials discuss the concepts and principles in the AICPA’s new special purpose framework.
Dec 9A key component to improving your firm’s workflow efficiency while enhancing your profitability at the same time is how you leverage emerging technologies.
Dec 9Kristen Rampe will cover how to diffuse the tension in challenging situations in this one-hour webinar.