Faced with a tidal wave of complaints about high costs and implementation difficulties, federal regulators say they will consider modifying rules and auditing standards related to the Sarbanes-Oxley Act.

Executives from companies including General Electric, Lockheed Martin and Emerson Electric spoke about the challenges of complying with the legislation during an all-day roundtable held Wednesday in Washington, D.C. Most participants agreed, two years of SOX compliance have shored up corporate accounting practices — but at a cost that’s lopsided compared with the benefits gained.

The U.S. Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) arranged the roundtable to solicit feedback about SOX Section 404, which requires companies to attest to the effectiveness of internal controls put in place to protect financial reporting systems and processes. Representatives from these bodies said they’re open to suggestions about how to relax the burden of Section 404 compliance.

“The Sarbanes-Oxley Act was a critical step in addressing an unprecedented string of corporate scandals that were rooted in very serious governance, accounting and audit failures,” said SEC Chairman Christopher Cox in his opening remarks. Section 404 has the potential to improve the accuracy and reliability of financial reporting, but only if it’s implemented properly, Cox said. “In practice, it hasn’t always worked out that way,” he acknowledged.

Bill Gradison, acting chairman of the PCAOB, added that guidance the SEC issued last year and PCAOB’s latest auditing standard may not be enough to clarify the rules that govern the reporting and auditing of internal controls. “Based on the information we already have, it would seem that some further changes may be in order,” Gradison said.

Among the changes panelists advocate is greater latitude for auditors to use their judgment in determining which controls are most significant.

Mary Bush, president of consulting firm Bush International, said there’s a need for guidance from the SEC and PCAOB around the areas that pose the greatest risk to accurate financial reporting: “There still seems to be as much emphasis placed on low-level process controls as there is on controls that really have a risk for incorrect financial reporting. That’s an issue that I think needs additional attention.”