Compliance Costs How Bad Are Compliance Costs?

Compliance Costs How Bad Are Compliance Costs? The costs of Sarbanes-Oxley compliance have had huge impacts on organizations and continue to have huge impacts on the finances of organizations. In 2004, companies estimated spending $5.5 billion for SOX compliance costs, $1 million of that figure was for Information Technology, and was expecting to spend greater amounts in 2005 (Swartz, 2004). UK businesses spent $1 million for every $1 billion of revenue (Swartz, SOX compliance costs U.K. firms, 2006). Companies that only applied quick fixes are expected to spend greater amounts in the future.

According to (Freeman, 2009), Section 404 is still costing more than $2.3 million a year in direct compliance costs. Internal audit departments may have to be enlarged, or formed to meet compliance (Linda, 2006). Consultants may need to be engaged to analyze and design control systems to ensure that internal controls are proper for compliance. Organizations may need to purchase additional software and hardware. Audit fees will increase with the auditor being required to attest the effectiveness of the organization's internal controls.

There are also the extra costs of documentation, legal requirements, detailed policy development, self-assessment, attest requirements and certification, and staff training. There could be reporting issues if expenses provide future benefit and cannot be assessed in an appropriate manner. There would be higher administrative costs compared to previous years due to compliance costs that do not qualify to be capitalized and are required to be expensed in the current period. Immediate expensing of R&D costs could overstate future earnings.

There are also the complicated tax issues that could arise from the compliance costs. Are Compliance Costs All Bad? The costs of SOX and other regulation compliance have proven to be more beneficial than expected. Businesses have gained greater collaboration in and awareness of managing security risks of financial information (Spears, 2009). Stronger controls have been aligned with business objectives and users are more aware of operational risk and controls.

The process maturity in risk management processes have increased where the processes were defined, documented, performed according to documentation, monitored, and tracked. Monitoring of control processes and testing have proved to be better. Organizations have greater control efficiencies and a reduction in control deficiencies with more effective application of access control. Information security has been improved. By fixing the Y2K problem, firms in the UK found opportunities to weed out unnecessary programming in data centers, which save on data storage and processing costs (Krishnan, 2000).

Organizations found new ways to manage assets, cut costs, as well as, serve and retain customers through effective use of IT. There was increased efficiency through innovations and restructuring. Compliance enhanced creditability with suppliers, customers, banks, and others. There was a higher return on assets, and increased sales growth, as well as, higher strategic and economic performance. Reduced costs included reduced operating costs.