The financial burden ofSOX compliance is slowly (but surely)
starting to ease. The cost of compliance with Section 404 of the
Sarbanes-Oxley Act (SOX) declined by 23% in fiscal 2006, according
to a survey byFinancial Executives
International. The organisation found the
average company spent $2.9 million on SOX compliance in 2006,
versus $3.8 million in 2005 and $4.5 million in 2004. | | | | | As you gain more visibility into
processes you can actually streamline them, compress them, make
them more efficient.
Sanjay Anand
chairpersonSarbanes-Oxley
Institute |
| | | | | |
| |
|
"Technology has a lot to do with the cost reduction," said Sanjay
Anand, chairperson of the
Sarbanes-Oxley Institute. Public companies "are
actually automating their controls. A good 20 to 30%, even as much
40%, of the cost reduction is actually coming from automated
controls rather than manual controls."
These cost reductions have come despite the fact that auditors'
fees have remained relatively steady, the research revealed.
External auditor fees dropped by just 11% in 2006, from $1.35
million to $1.2 million.
"There has been a slight decrease in auditor's fees," said
William Sinnett, director of research at FEI. "It did go down a
little bit, but not as much as companies have found efficiencies in
costs internally. Those internal costs have gone down at a greater
rate than auditor attestation fees."
Congress passed the Sarbanes-Oxley Act of 2002 in the wake of
the financial wrongdoing at Enron Corp. and other corporate crimes,
as a way to protect investors and fix the accounting practices that
allowed for such abuses. Many companies have complained that the
cost of complying with the law is too expensive and hurts
businesses.
Last week, the
Securities and Exchange Commission unanimously approved new
guidelines for
Section 404 of the Sarbanes-Oxley Act that
could help ease the costs of complying with the law, especially
for smaller companies.
Time to streamline process
According to Sinnett, the number of hours companies have spent
on implementing IT-based controls has dropped significantly.
"We asked them to quantify the number of hours they spent on IT
controls, putting controls in place, documenting internal controls
and testing those controls," Sinnett said.
The average company devoted 4,700 work hours to IT controls in
2006, versus 6,000 in 2005.
He said the investments CIOs have made in compliance technology
will also begin to drive new business benefits.
"That's the next trend we're going to see over the coming three
to five years," Anand said.
Anand said SOX compliance forced many companies to really
understand and document their business processes.
"As you gain more visibility into processes you can actually
streamline them, compress them, make them more efficient," he said.
"Once you start to make business processes more efficient from a
controls standpoint, you eliminate errors and fraud. You're
automatically making businesses run better."
Sinnett said companies that consolidated their IT systems tended
to have lower compliance costs.
"We have anecdotal evidence on this," he said. "In talking to
people, most people realised that the goal is to consolidate your
systems. For every system you have in place there are a number of
processes involved or attached to that system, and each process has
to be documented and tested every year. So companies are looking to
consolidate systems."
Sinnett said FEI's survey alluded to this trend. He said
companies with centralised operations, presumably with consolidated
IT systems, reported costs of $1.67 million in 2006. Decentralised
companies with multiple systems reported compliance costs of $4.86
million.
"The point we would make, all other things being equal and if it
works for the business, you might be better off with standardised
systems that have been consolidated rather than multiple systems,"
Sinnett said. "Because every system has to be tested and
documented, and the external auditor has to test and audit each
one."
Anand said SOX compliance has demonstrated the value of IT to
businesses.
"IT has always been treated as separate from the business, which
is really unfortunate," Anand said. "With SOX, IT has found a place
where it is integral to the business. It is respected for that and
regarded for that. IT is in the board room now."
Let us know what you think about the story; email:
Shamus McGillicuddy,
News Writer