Five years after the controversial Sarbanes-Oxley Act was enacted to prevent Enron-like scandals, the law’s financial control requirements are having myriad impacts: large companies have cleaned up their accounting, but at great cost; foreign businesses are dropping out of U.S. stock exchanges to avoid SOX requirements; and many small public companies are scrambling to meet a crucial compliance deadline in December.

Signed into law by President Bush on July 30, 2002, SOX forces public companies to prepare reliable financial statements and bring material weaknesses into public view, with mandated testing for integrity and ethical behavior, IT controls related to financial reporting, whistleblower programs, antifraud provisions and other requirements.

Compliance has become “pretty much routine” for large companies, who have faced SOX requirements since 2004, says Bob Benoit of Lord & Benoit, which performs SOX research and helps companies comply.

It hasn’t been cheap: spending on SOX compliance was $5.5 billion in 2004 and is now more than $6 billion annually, according to AMR Research.

1,035 large public companies have at some point failed to comply with SOX, out of a total of 4,862 that have reported under the law’s Section 404, Benoit says, citing figures from Audit Analytics.

Yet many individual enterprises spent far more on SOX compliance than they had to because the federal government initially failed to issue clear instructions.

“It was millions of dollars extra that was spent. This was due to people overcomplying, doing far more testing than was necessary,” says Michael Kamens, who was global network and security manager at Thermo Electron when the $2 billion company in Waltham, Mass., had to comply with SOX.