SOX Compliance Amid Rising Costs, Labor Shortages and Other Post-Pandemic Challenges

Assessing SOX internal costs, hours, controls and other trends in the results of Protiviti’s 2022 Sarbanes-Oxley Compliance Survey

Two-plus years into contending with a global pandemic, business leaders recognise that Sarbanes-Oxley compliance activities are not immune to a broad range of market disruptions. Inflation, a rising interest rate environment, ongoing supply chain volatility, a bruising talent shortage, and other economic and external factors compromise internal control environments while contributing to rising SOX compliance costs and hours. Internal changes, trends and challenges – including the adoption of flexible work models, recruiting and retention difficulties, digital transformation and innovation, and strategic repositioning in response to external volatility – exert similar pressures on compliance programmes. 

Protiviti’s annual SOX Compliance Survey benchmarks compliance costs, hours, processes and improvements, including how these areas are affected by current business conditions. This year’s results show that costs, along with the hours that internal audit teams devote to SOX compliance, continue to increase across most, if not all, company sizes, industries and reporting types. 

Escalating compliance costs, time and efforts have a silver lining: They are driving more investments in automation and technology tools that generate greater efficiencies – and potentially cost savings as well as effectiveness and coverage benefits – into the SOX compliance process. There also are opportunities to pursue procedural and structural changes in SOX compliance programmes. Shared services or “centers of excellence” approaches – managed internally or by an external outsourcing partner – offer substantial opportunities for efficiency improvements.


Key Findings

  1. Costs continue to climb due to a range of factors: A combination of internal and external factors creating volatility – technology-driven transformation and innovation, talent shortages, strategic pivots and more – is contributing to rising SOX compliance costs. More companies spend $2 million or more on compliance while fewer spend $500,000 or less. A surge in the number of smaller companies spending $2 million or more in SOX compliance costs likely reflects last year’s significant increase in initial public offerings (IPOs), driven by special purpose acquisition companies (SPACs).
  2. Hours on the rise as well:  A majority of organisations increased the number of hours logged for SOX compliance during their most recent fiscal year. This growth is driven by the same factors contributing to rising compliance costs. SOX compliance teams are also spending more time responding to higher volumes of more detailed information requests from external auditors, whose scrutiny is intensifying in response to actions of and guidance from the Public Company Accounting Oversight Board (PCAOB).
  3. A growing number of companies are deploying automation to support SOX work; more should follow suit: Automation platforms and applications bring greater efficiency to SOX compliance activities. The deployment of process mining, advanced analytics, robotic process automation (RPA) and continuous monitoring, along with other advanced technological tools, can significantly reduce the volume of manual compliance tasks as well as retention risks associated with subjecting internal full-time staff to heavy loads of repetitive, task-driven work.
  4. A widespread desire for efficiency is kindling interest in centers of excellence and alternate sourcing strategies: The ongoing goal to moderate SOX compliance cost increases makes alternative delivery models for SOX compliance services more appealing. In addition to investing in supporting automation, efficiency-minded compliance and internal audit leaders are evaluating and adopting internal shared services models as well as partnerships with third parties that operate external centers of excellence for controls testing.