Bob Gilson pointed me today to a recent survey on the costs of Sarbanes-Oxley compliance, and the results don't back up software vendor hopes that Sarbanes-Oxley is "the next Y2K" for IT spending. The survey by PricewaterhouseCoopers (PwC) survey of US-based multi-national corporations found that only 41% cited new tools and technology as being at least "somewhat costly" in their compliance efforts.
Rather, the main costs of compliance appear to be for internal resources. According to the survey, 76% of the cost of Sarbanes-Oxley compliance is for added internal resources, and 24% for external assistance. A majority of executives listed several aspects of compliance as being at least "somewhat costly," including documentation (mentioned by 74%); legal requirements (72%); detailed policy development (65%); self-assessment (62%); attest requirements and certifications (59%); and staff training (56%).
According to Frank Brown of PwC, "Much of the cost of complying with Sarbanes-Oxley lies in gathering and certifying information. Although some companies may need to upgrade their corporate systems to provide information required by the new law, many executives see these new capabilities as adding value beyond mere compliance."
A summary of the report is on PwC's Barometer Surveys web site.