Gartner says companies not leveraging what they have learned from other regulations to achieve best practices for Sarbanes-Oxley compliance
Lake Buena Vista, FL — October 21, 2003 — As companies struggle to adhere to the requirements of the Sarbanes-Oxley Act of 2002 to make corporate governance more transparent, a recent survey by Gartner Inc. showed many companies have not budgeted the proper resources to achieve this compliance.
Approximately 85 percent of respondents said they do not have an official budget for Sarbanes-Oxley compliance. Estimates of expected Sarbanes-Oxley spending in 2004 vary widely, from $15,000 to $4 million, including outside consulting, internal and external auditing, personnel, insurance, and software.
In September 2003, Gartner surveyed 75 respondents from companies publicly traded on U.S. stock exchanges and responsible for or directly involved in managing Sarbanes-Oxley compliance for their respective organizations. Of the 75 participants, 29 were from firms with revenue greater than $1 billion, 20 were from companies with revenue from $500 million to $1 billion, and 26 represented companies having revenue of less than $500 million.
"This survey shows that most companies are not leveraging what they have learned from other regulations to achieve best practices for Sarbanes-Oxley compliance," said Rich Mogull, research director for Gartner. "Companies are not addressing the financial requirements for compliance, so they're spending in an ad hoc fashion to piece together a compliance management process. To comply with the Sarbanes-Oxley act and subsequent financial reporting legislation, companies must develop road maps and budgets for formal compliance management processes across their organizations."
Lacking a dedicated budget, the survey showed that respondents are sacrificing other projects to meet this compliance. Respondents listed the following projects that are being cut to meet this compliance: external consulting (53 percent), enterprise resource planning (ERP; 36 percent), and merger and acquisition activities (M&A; 32 percent).
Sixty-five percent of respondents now have a Sarbanes-Oxley steering committee. Twenty-eight percent have no plans to form one. The leading functions of Sarbanes-Oxley steering committees in 2003 include: legal compliance communication and progress (87 percent), internal compliance audit management (78 percent), and corporate governance policies and guidelines (78 percent).
"Forty percent of the survey respondents have a Chief Governance Officer who is responsible for overseeing the processes and reporting to the Board of Directors on all compliance activity. Three-quarters of these positions have been added only since 2002," said Lane Leskela, research director for GartnerG2. "The appointment of a CGO is a strategic organizational response to multiple compliance requirements."
Gartner said analysts are discussing the strategies to reach compliance during Gartner Symposium/ITxpo 2003, which is taking place October 19 through 24 in Lake Buena Vista, Fla.
Additional information is available in the Gartner special report ""Get Involved in Sarbanes-Oxley Compliance Projects Now," which outlines why, how and when CIOs and IS organizations need to pay attention to Sarbanes-Oxley.