Enacted in 2002, Sarbanes-Oxley has continued to evolve for the publicly held companies it governs. Costs of compliance appear to depend on a number of factors, including the number of controls an organization has in place and the locations in which it operates, according to Protiviti and AuditBoard’s 2018 Sarbanes-Oxley Compliance Survey: Benchmarking SOX Costs, Hours and Controls. The study found that compliance costs continue to rise for many companies, dependent on their size, SOX year and filer status, and that the number of hours required for SOX compliance has increased 10% or more on average since the law was enacted.
Only 28% of those surveyed said they use tools like automated controls testing and robotic process automation, but the survey noted that implementing these technologies would help organizations streamline the SOX compliance process and reduce costs in the long run.
In 2018, the highest internal costs for SOX compliance were paid by healthcare providers ($1.3 million), financial services companies ($1.17 million), technology ($1.15 million) and manufacturing ($1.12 million).