SOX Compliance

Smart SOX Compliance: Cut Costs, Not Efficiency

In the wake of the Enron and WorldCom financial scandals that shook the corporate world in the early 2000s, Congress enacted the Sarbanes-Oxley Act (SOX) to protect investors. The act established the Public Company Accounting Oversight Board (PCAOB) and implemented other requirements to improve the accuracy and reliability of financial statements and corporate disclosures.

While compliance is non-negotiable for public companies, SOX compliance costs can be substantial. However, cutting costs in Sarbanes-Oxley Act compliance doesn’t have to mean cutting corners. By smartly leveraging technology and automation, companies can reduce expenses while maintaining—or even enhancing—the efficiency and effectiveness of their compliance programs.

In this comprehensive guide, we’ll delve into the importance of smart SOX compliance and recommend actions your organization can take to lower costs while improving your control environment.

Factors Influencing SOX Compliance Costs

Several factors influence SOX compliance costs, which can vary widely among organizations. In a recent report, Protiviti identified several factors that drive SOX compliance efforts spending, including:

• Company size
• Complexity of financial operations
• SOX compliance stage (first year, second year, etc.)
• Number of locations worldwide
• External factors (inflation, cost of labor, currency fluctuation, etc.)
• Regulatory changes to legislation, auditing standards, and financial reporting requirements

According to KMPG’s 2023 SOX Report, respondents spend an average of $1.6 million on their SOX compliance programs and spend 11,800 SOX compliance hours, including both internal team members and external auditors.

SOX requirements impose several direct and indirect costs, including:

• Fees for SOX Section 404 Internal Control audits
• Internal control expenditures
• Higher board costs
• Opportunity costs associated with diverted management and increased managerial risk aversion

The current talent shortage in accounting contributes to rising Sarbanes-Oxley compliance costs across all company sizes and industries. The shortages drive up internal labor costs and external audit costs each fiscal year. However, there is a silver lining. The escalating cost of SOX compliance processes is driving more investments in automation and technology solutions that generate greater efficiencies and potential savings in compliance costs.

Use of Technology and Automation in a SOX Compliance Program

Incorporating technology and automation into your SOX control environment allows your company to take small but impactful steps to reduce costs and improve the quality of your financial reporting.

For example, SOX compliance software can perform routine compliance more accurately and consistently than manual processes, freeing up valuable human resources for more strategic, high-value activities.

Instead of having your people spend a week (or more) of every month reconciling data from multiple sources, robotic process automation (RPA) can complete the same tasks in a fraction of the time, only requiring human intervention for anomalies that require additional attention.

Technology can also automatically collect and analyze data, making internal and external audit control testing more cost and time-efficient. A human can only manually review so many transactions. Auditors can analyze larger data sets with automation and data analytics tools, identifying and focusing on outliers and irregular data patterns. These technology tools allow auditors to achieve the same goals faster and with a leaner staff.

In fact, a PwC Sarbanes-Oxley compliance survey found that for most companies, a 15% increase in automation can yield a 10% decrease in SOX compliance spending.

Leveraging Outsourced SOX Compliance Services

Outsourcing SOX program compliance activities to specialized service providers is another strategy that can offer cost savings and efficiency gains. These providers support the CFO, CPA, or audit firms with deep expertise, experience and access to the latest technologies and methodologies. Working with outsourcing providers who are well-versed in instituting controls and creating a detailed auditing trail for clients allows your organization to benefit from best practices and innovative approaches without the need for significant upfront investments in training or technology.

Outsourcing can be particularly beneficial for smaller companies and medium-sized enterprises (i.e., non-large accelerated filers) that may not have the resources to maintain a full-scale, in-house SOX compliance team.

Some of the benefits of outsourcing include:

• Lower SOX internal costs
• Increased flexibility and agility in a rapidly changing business environment
• Improvements to automated processes in your internal controls system
• Access to proprietary technologies that can improve SOX controls testing and financial reporting
• Conversion of fixed costs (salaries for internal auditors benefits, etc.) to variable costs that can scale up and down based on your needs
• Increased focus on risk assessment and improved identification of key controls
• On-demand access to subject-matter experts who can consult on specific areas, such as cybersecurity, risk management, enterprise risk planning (ERP) or remediation of internal control deficiencies, which is more cost-effective than hiring specialists in multiple areas
• Fewer workflow disruptions due to employee turnover

By selecting the right outsourcing partner, companies can ensure a high level of compliance while also focusing on their core business activities. However, it’s crucial to maintain oversight and ensure that the outsourced services align with the company’s strategic objectives and compliance standards.

Master SOX Compliance with FloQast

Smart SOX compliance—focused on cutting costs without cutting efficiency—isn’t just a goal but a necessity for companies that want to maintain investor confidence in today’s business environment. By understanding the factors that drive compliance costs and strategically leveraging technology, automation, and outsourced services, your organization can achieve a more cost-effective and efficient compliance program that ensures compliance with regulatory requirements and supports broader business objectives.

The need for sound corporate governance is not going away, nor is the shortage of accounting talent. Adopting an intelligent approach to SOX compliance has never been more critical or cost-effective! 

Stefan van Duyvendijk

Stefan van Duyvendijk is the Accounting Operations Evangelist at FloQast. Previously, Stefan served as the Corporate Controller for Kodiak Cakes, a private equity owned, leading consumer packaged food company, and as a Controller for Skullcandy, a multinational headphone CPG. These positions followed his five years at KPMG. His experience includes ASC 606 implementation, reduction of financial close timelines, accounting operational improvements, business combinations, financial statement audits, SOX audits and implementation, management reporting, debt, treasury, and systems integrations/implementation.