As Congress inches ever closer to permanently lifting the internal control audit requirement for smaller public companies, Protiviti has published its annual survey showing companies with compliance experience are starting to see the benefits.

In its 2010 Sarbanes-Oxley compliance survey, Protiviti says 70 percent of executives in at least their fourth year of working to comply with Sarbanes-Oxley say they believe the benefits outweigh the costs. That’s a big swing from the first year the firm asked the same question and heard only 39 percent of executives saw benefits greater than the costs.

Protiviti said it polled more than 400 U.S. executives and professionals across numerous industry sectors and heard companies reduced their total cost of compliance by about 50 percent in their fourth year of the exercise. A significant majority, 87 percent, said they saw benefits in complying with Sarbanes-Oxley beyond fulfilling a filing requirement.

Bob Hirth, executive vice president at Protiviti, said the survey findings weren’t meant to coincide with the ongoing debate in Congress, where the latest measures to reconcile Senate and House bills on reforming financial regulation are pointing toward a full-scale retreat from Sarbanes-Oxley Section 404(b) for the smallest public companies. The congressional conference committee has included in its draft legislation a permanent exemption from the Sarbanes-Oxley internal control audit requirement for companies with a market capitalization of less than $75 million.

Instead, the findings are published as “SOX busy season” gets under way, said Hirth, when companies that have been reporting on internal controls and securing the audit are in the midst of planning their compliance activities for the coming audit. Smaller companies – those that would go through their first audit cycle this year unless Congress grants the exemption – might find the information useful, he said.

Hirth says the compliance process has become more efficient and more effective from its earliest days as a result of interpretive guidance from the Securities and Exchange Commission, a rewritten standard for auditors on how to better focus on risk, and guidance on using monitoring controls to achieve effective control.

The most important evolution, however, has been in simply learning to pare down and scope the number of controls that are key to the compliance process, Hirth said. “Early on companies were proud of the many hundreds, even thousands, of controls that were important for SOX,” he said. “Now, many of those controls are good … but they’re not key controls.”

Hirth said because of the experience of larger companies and the skills that are available in the marketplace, smaller companies facing the audit requirement are in a better position to comply than companies that faced the requirement from the beginning. “There’s a logical, reasonable way for smaller companies to go through this compliance requirement and get a positive result at the end of the day,” he said.

Topics