1. Cost/Benefits of Sarbanes Oxley Act of
2002 (SOX)
By
Alok Singh
Abstract
Purpose
The purpose of this paper to explore the Sarbanes - Oxley Act of 2002 (SOX) and cost/benefits
of the act for organizations, society and investors. It will describe the cost incurred by the firms
due to compliance with the act and how this act is benefiting to the investor, society and also the
organizations itself.
2. Background
Public companies serve as an important role in American capitalist system. Executives and
board members of these public companies serve a key role to secure investors and
stockholders. Prior to the introduction of SOX, investors suffered significantly and incurred big
losses due to corporate failures and financial wrongdoings. Conflict of interest has been a
sensitive point in business. In many cases, for several decades, external audit firms have been
performing variety of consultancy roles for the same companies they audit which led audit
companies to become too close to the client and loose the objectivity of the audit in the push for
profitability. Economist and financiers have continuously argued that sole purpose of business
to make money. Financial scandals like Enron, Arthur Anderson and WorldCom are major
references to this argument which devastated the public interest and confidence of public on
nation’s financial markets and regulatory bodies in 2001-2002. These corporate failures raised a
big questions on the ethics of the businesses and their responsibility to the stockholders and
social welfare
The ripple effect of auditing scams, Accounting scandals and fake financial reporting shook the
business community and pushed the law makers for the tougher legislation. Congress reacted
strongly and responded to these financial crisis by passing the Sarbanes – Oxley act in July
2002.1
The sole of this act was to protect investors by attempting to improve the accuracy and
reliability of corporate disclosures. SOX was intended to address issues of accounting fraud. It
also increased the accountability of company executives and members of the board of directors.
1
Journal of Business and Economic Research – The Impact of Sarbanes- Oxley Act (October 2008)
3. President Bush who signed into the law in 2002, characterized it as “The most far reaching
reforms of American business practices since the time of Franklin Delano Roosevelt.”2
It has been nearly 12 years since passage of the Sarbanes – Oxley act but companies are still
discovering how to achieve greater efficiencies in the compliance process while adding value to
their organizations. Few companies still did not learn lessons from their past inefficient
implementation and still investing heavily to comply with the act but others gradually improving
their process and lowering down their investments on the compliance process every year.
Introduction
The Sarbanes – Oxley act of 2002 is a US federal law which sets the new and enhanced
standards for all US public companies, boards, managements and accounting firms. This act
provides the personal accountability for CEOs and CFOs, additional accountability for corporate
boards, increased criminal and civil penalties for securities violations, increased disclosures of
financial statements and certification of internal audit work done by external auditors.
The act has two core goals:
(a) Create a public institution, PCAOB (Public Company Accounting Oversight Board) to
oversee and regulate the auditing.
(b) Engage auditors more extensively in the enforcement of the existing laws against theft
and fraud by corporate officers.
2
The Law That Govern the Securities Industry; Sarbanes – Oxley Act of 2002
< http://www.sec.gov/about/laws.shtml>
4. This act has eleven sections but as far as compliance is concerned, following sections
are considered the most important:
(a) Section 302: Corporate responsibility for financial reports3
(b) Section 401: Disclosures in periodic reports4
(c) Section 404: Management assessment of internal controls5
(d) Section 409: Real time issuer disclosures6
(e) Section 802: Criminal penalties for altering documents7
Section 404 requires management to:
• Evaluate and conclude on the effectiveness of internal control over Financial
Reporting annually.
• Report on the effectiveness of internal control over financial reporting in the
annual Form 10 – K.
Section 404 also requires the independent auditor to:
• Report on the effectiveness of the company’s internal control over financial
reporting as of year –end in the annual form 10 – K.
Following are the companies approach to comply with section 404 of SOX:
3
Public Law 107-204 (July 30,2002): Title III – Corporate Responsibility
<http://www.sec.gov/about/laws/soa2002.pdf>
4
Public Law 107-204 (July 30,2002): Title IV – Enhanced Financial Disclosures
<http://www.sec.gov/about/laws/soa2002.pdf>
5
Id
6
Id
7
Public Law 107-204 (July 30,2002): Title VIII – Corporate and Criminal Fraud Accountability
<http://www.sec.gov/about/laws/soa2002.pdf>
5. • Determine planning materiality threshold and complete financial statement
line item scoping.
• Identify in – scope processes and applications.
• Perform design walkthrough in coordination with external auditors.
• Identify and assess likelihood and magnitude of risks.
• Identify key controls.
• Leverage end-to-end documentation and quarterly management self-
assessment updates.
Cost of the Sarbanes- Oxley Act
The intent of the act was to improve corporate governance and restore the faith of
investors in capitalist system but business world publicly spoke out against the act and
believed that the act of politically motivated. Various surveys and studies have
estimated that overall cost public companies have bared to comply with the SOX act,
ranged from $14 to $20 billion.8 Companies have reengineered their financial
applications which definitely have slowed down their operations as well as have cost
them big investment to comply with the act. For companies, the largest cost component
is the internal labor costs which can be made up of more than 50 percent of the total
8
Benjamin Lenhart, Sarbanes – Oxley: Smaller Companies bear the Brunt of Compliance Costs, 1(2006)
6. compliance cost – followed by the estimated portion of total audit fees, outside vendor
fees and non – labor costs.
It is clearly understood that large amount of executives’ time and company resources
are being diverted to comply with Sarbanes-Oxley Act and specifically section 404
reporting requirement. As per the Financial Executives International survey, the average
first year expenditure to comply with section 404, was $4.36 million, including $1.34
million in internal costs; $1.30 million in audit fees and $1.72 million in external costs
(consulting and software). The Sarbanes – Oxley compliance budget for small
organizations are nearly $100,000 annually, which goes up to $1million for mid-size
organizations.9
9
Sarbanes – Oxley Compliance Survey (Protiviti – 2012)
7. 10
How to Reduce the Cost
If a company can demonstrate a strong process and control environment, it can reduce
the overall scope of its internal – control evaluation. Reduced scope can mean the
company need not carry out as many internal tests and auditor may require to do less
validation which can result in lower compliance costs.
Most of the compliance work requires countless employee hours to document activities,
operational manual, revised policies and recorded control processes. This effort can be
10
Ernst & Young Survey with 225 global executives (2011) <
http://www.ey.com/Publication/vwLUAssets/Think_outside_the_SOX_box:_Transform_your_compliance_function
_for_competitive_advantage/$FILE/Thinking%20outside%20the%20box.pdf>
8. reduced by standardizing the documents with minimal changes required in the testing
activities for the same controls every year.
It is also suggested that company can reduce the number of controls to be audited by
moving from manual to automated controls. Company can reduce the cost also by
offshoring the SOX- compliance work and control testing to the lower cost vendor or
resources.
Benefits of the SOX Act
Many survey indicates that over the last decade, internal control structures have
improved. Financial reporting qualities have gone up after SOX. While compliance cost
is up front, many believes that benefits of stronger controls and regular review of
controls is appearing over time to the companies. The most notable benefits of
Sarbanes – Oxley compliance for the organizations are an enhanced understanding of
control design and operative effectiveness, internal auditor’s ability to perform more
traditional audits, and more effective and efficient operations.
As SOX went into effect, more and more executives began to see the need for internal
reforms and many were frightened by the weaknesses and gaps that compliance
reviews and assessment had exposed. Organizations constantly leveraged SOX
compliance to drive continuous improvement efforts for their internal controls.
Companies began to standardize and consolidate key financial processes, eliminate
redundant information, broaden responsibility for controls and eliminate unnecessary
controls.11 Some organizations which never focused on the documentation of the
11
Stephen Wagner, The Unexpected Benefits of Sarbanes – Oxley, Harvard Business Review, April, 2006,
9. internal controls, invested time to prepare operations and control manual, recorded
control processes and testing documents which helped new employees to understand
internal process and control quickly and efficiently.
From the perspective of auditors, stronger controls and greater understanding of the
controls benefiting auditors as well in terms of their audit efficiency.
Many of the costs and burdens related to the SOX compliance looked big only at its first
time implementation and all these cost are falling strongly over the years as processes
are getting more established and companies have improved strategies to handle their
annual SOX audits.
Approximately half of the companies believe the cost outweigh the benefits to some
extent. The internal control over financial reporting structure has improved since
compliance with Sarbanes – Oxley section 404 became a requirement.
Conclusion
After wrongdoing of business and several large scale frauds in early 2000s, SOX
introduced to empower regulators, auditors and corporate boards to reduce frauds and
improve the corporate governance. Significant modifications to the SOX’s core provision
related to internal controls – section 404, have made it less costly to implement and
hence more acceptable. Though, the compliance costs are big for the organization,
investors and public losses in corporate fraud are expected way bigger than the
compliance costs. Thus, it is hard to assess costs and benefits of the regulation
10. designed to combat fraud. Overall, SOX implementation has prevented and detected
more of the problems which gave rise to the act.
References
http://www.sec.gov/about/laws/soa2002.pdf
http://www.forbes.com/sites/hbsworkingknowledge/2014/03/10/the-costs-and-benefits-
of-sarbanes-oxley/
“SOX after ten years: A Multidisciplinary Review” (Harvard Business School)
www.pcaobus.org
http://www.protiviti.com/en-US/Documents/Surveys/2012-SOX-Compliance-Survey-
Protiviti.pdf
https://hbr.org/2006/04/the-unexpected-benefits-of-sarbanes-oxley