SOX compliance costs rising thanks to rev rec standard

Compliance hours and costs for the Sarbanes-Oxley Act have risen in the past year for many companies, in part due to the new revenue recognition standard, according to a new survey.

The survey, by the consulting firm Protiviti, found that SOX compliance costs and hours have climbed 10 percent or more for a majority of companies. For large accelerated filers, for example, average SOX compliance costs rose from $1.1 million to over $1.3 million this year. For accelerated filers, the average costs increased from $802,000 last year to $997,000 this year, while for emerging growth companies they went from $1.2 million to nearly $1.4 million this year. On the other hand, they declined for nonaccelerated filers from $700,000 to $560,000. External audit fees decreased for 50 percent of large accelerated filers, 23 percent of accelerated filers, 39 percent of nonaccelerated filers and 25 percent of emerging growth companies.

The total amount of hours devoted to SOX compliance increased for 49 percent of large accelerated filers, 20 percent of accelerated filers, 43 percent of nonaccelerated filers, and 34 percent of emerging growth companies.

Some of the increased costs and hours could be attributed to the new revenue recognition standard, which took effect for public companies this year. The new standard requires companies to document their transition controls. Protiviti asked respondents if they have started updating their controls to reflect the implementation of the revenue recognition standard. It found that 73 percent said yes this year, compared to 56 percent last year.

Updating controls documentation for revenue recognition standard

To help with their compliance efforts, 31 percent of organizations reported using automated process approval workflow tools, such as an expense report approval process, in their compliance efforts. However, only 11 percent are using more advanced technology such as robotic process automation, and just 2 percent are using machine learning or deep learning tools. A 63 percent majority of the organizations surveyed still aren’t using technology tools at all in testing their controls.

But nearly half the survey respondents (49 percent) said they plan to embed technology in their SOX activities by 2019, while 83 percent of the companies polled who are in their first year of SOX compliance are already using process mining and analytics.

“In the age of digital transformation, it has never been more important for companies to take responsibility and automate their compliance processes, as well as explore the use of artificial intelligence and predictive analytics in their control structure,” said Brian Christensen, an executive vice president at Protiviti and leader of the firm’s global Internal Audit and Financial Advisory practice, in a statement. “Change may be uncomfortable, but compliance leaders need to get on board because the train is leaving the station.”

For a copy of the report, visit Protiviti.com/SOXsurvey.

For reprint and licensing requests for this article, click here.