- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
July 30 marks the four-year anniversary of the signing of the Sarbanes-Oxley Act.
Since its passage, SOX has raised the ire of public companies forced to comply with its provisions. In particular, detractors have railed against Section 404 of the legislation, which requires companies to validate the effectiveness of internal controls put in place to protect financial reporting processes.
The biggest complaint has been the cost of compliance. Analysts estimate companies accumulate $1 million in SOX expenses for every $1 billion in revenue.
But lately things are looking up, industry watchers say.
Companies today are in a better position to comply with SOX, says John Hagerty, a vice president at AMR Research. The Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) have begun to issue more clear implementation guidance. As part of that effort, the SEC and PCAOB are advocating a risk-based approach to compliance that encourages companies to focus on areas that present the greatest risk to financial reporting accuracy.
"This has caused organizations to go back and rethink what they had done in previous years, especially the early compliers," Hagerty says. "2006 has been a year of streamlining for a lot of companies. The number of things that they look at is getting smaller and smaller; they're getting more focused; and they're putting more attention on the areas that are really at most risk."
Recent research from Ernst & Young (PDF) confirms that as public companies accumulate SOX experience, the time and resources companies devote to the compliance effort is dropping in many cases.
Among 255 companies surveyed, 81% said they spent less time on Section 404-related activities in their second year of compliance. Nearly half (46%) trimmed internal hours by 10% to 25%; another 30% decreased hours by 25% to 50%; and 5% slashed the time spent by more than 50%.
Many respondents also were able to refine their testing approach and narrow the scope of controls identified for testing in the second year of compliance. Roughly 47% decreased the number of controls tested by 10% to 25%; another 11% cut controls tested by 25% to 50%; and 4% cut more than 50% of controls tested in year two.
The Leader in Network Knowledge
Comment