SOX compliance strategies still changing

Even though Sarbanes-Oxley regulations have been in place for years, many firms are still adjusting how they comply with the act. While some might assume that once compliance practices are in place, they'll remain static, this certainly isn't the case when it comes to SOX, especially the SOX 404 requirements concerning internal controls. In fact, the decade-old initiative still poses new challenges for public companies across the country, and they are still altering compliance processes accordingly.

While SOX 404 itself has been a top issue for companies for years, there continue to be challenges that companies must address to ensure they are fully compliant. According to Protiviti's 2013 Sarbanes-Oxley compliance survey, Public Company Accounting Oversight Board (PCAOB) inspections of external auditors heavily impact, in turn, how external auditors approach their review of the effectiveness of each issuer's internal controls. In addition, the updated Internal Control - Integrated Framework from the Committee of Sponsoring Organizations (COSO) of the Treadway Commission are causing some companies to alter current compliance processes. However, these aren't the only reasons some organizations are changing up these initiatives: according to the Protiviti report a slow economic recovery with numerous ups and downs is also impacting these businesses and their SOX abidance strategies.

Report: compliance strategies changing, costs rising 
The data show the costs and high-risk processes associated with SOX continue to grow. Per the Protiviti report, 38 percent of the firms surveyed noticed a year-over-year overall increase in SOX-related compliance costs. Turning specifically to year-over-year external audit fees, 47 percent of firms experienced increases while only 9 percent saw a dip in these expenses.

The natural result is that businesses continue to look for ever more cost-effective and streamlined compliance measures. However, the Protiviti report indicated the most significant alterations companies have made to their strategies are increasing process and control documentation for high-risk processes and upping the time dedicated to walkthroughs to better document processes.

Despite higher costs, compliance has value
Compliance has its costs, as can be seen by the number of organizations that reported growing expenses related to SOX. However, it is heartening to note that many firms reported their internal control over financial reporting structure had improved since SOX 404 was implemented. Twenty-six percent claimed they saw significant improvement, and an additional 38 percent saw moderate improvement. Only 1 percent claimed internal control was moderately weakened since this became a requirement.

The views expressed in this blog are solely those of the author. This blog should not be taken as insurance or legal advice for your particular situation. Questions? Comments? Concerns? Email: phuskins@woodruffsawyer.com.