Did anyone actually believe that SoX compliance would get cheaper over time?
The pain was supposed to subside for companies after the first year of the Sarbanes-Oxley Act, as business pundits predicted that investments in pricey technologies and accounting infrastructure would peter out after taking a big, one-time bite out of Corporate America’s bottom line.
The pundits were wrong. A Boston Business Journal analysis of 27 public companies in Massachusetts shows their auditing costs spiked 26 percent last year, bringing their total increase to 103 percent since SOX became effective in 2004. In total, the group spent $56.6 million on SOX and related auditing costs last year, or around 2 percent of their 2005 operating income.
Two years ago when IT people would ask me, “What is SoX?” I described it as a law which made CFO’s and controllers or public companies criminally liable for inaccurate financial reports due to controls breakdowns. What that meant to the IT teams, I told them, was that the IT staff would have to actually start following the policies they had been claiming to follow for years.
Why anyone thought that this would get significantly cheaper over time is beyond me.
I think my personal low point of that first year of SoX efforts was the conversation that went like this:
Me: “How often do you conduct account reviews, and what’s the process?”
IT Manager: “What’s an account review?”
Me: “That thing you supposedly do every year.”
IT Manager: “Oh.”
Posted in Security and Risk Management
Leave a Reply