IT's $6 Billion Spending Spree

Companies will spend $6 billion in their efforts to comply with Sarbanes-Oxley Act (SOX or Sarbox) requirements in 2006, nearly mirroring the $6.1 billion that will be spent in 2005, according to AMR Research. These findings are based on the firm's survey of more than 300 business and IT leaders on their SOX and compliance-spending initiatives. In January 2006 AMR will unveil a compliance report that will include the findings of the survey. Despite the parallel total expenditures, dissimilarities appear in how spending will be segmented. Funds designated for internal labor/headcount are forecasted to plunge by 8 percent, accounting for $2.3 billion, or 39 percent, of 2006's expected $6 billion expenditure for SOX compliance. Compared to 2005 figures, however, technology budgets are expected to see a marked increase of more than 13 percent in real dollars, representing 32 percent, or $1.9 billion. These spending forecasts are indicative of the shift from manual and detective activities to automated and preventive ones, according to John Hagerty, vice president of research at AMR Research. "This work started in 2004 with close attention to security concerns, especially for segregation of duties--preventing a worker from having too broad a span of control over different aspects of a business transaction. This technology is really coming into its own now as firms establish a monitoring environment to automatically detect suspect transactions. We expect this and other technologies to take an increasingly more prominent role in SOX compliance going forward, reducing the human cost of compliance over time." Funds allotted for external consulting activities, which exclude audit fees, are projected to hold steady in the upcoming year and will account for $1.8 billion, or 29 percent, of SOX-compliance expenditures. The research also examines current and upcoming compliance-based blueprints. Thirty-nine percent of companies surveyed have an operational SOX solution, but more than 80 percent plan to add to or enhance current compliance initiatives in 2006, according to AMR. Companies expect compliance management software and continuous controls-monitoring software will represent the largest areas of investment, two categories of software that explicitly solve SOX issues today, according to Hagerty. "Other technologies, such as reporting products, document management, or process management software, all have a role, but need to be applied by each company in their own way. Given the option, companies want to buy a purpose-built application to address the specific needs of the legislation." Additional results reveal that 40 percent have a budget specifically for SOX compliance and that regarding spending, none of the companies surveyed spent less than what was expected. Although SOX compliance remains a hot-button issue, about half of all small companies reported that SOX regulation has made it harder for them to successfully conduct business, according to a study announced earlier this month and commissioned by SAP America, a subsidiary of SAP AG. Fifty-four percent of companies did, however, respond that they are investing more time and money into planning, while 53 percent of all noncompliant companies reported that they have turned to outside consultants for assistance with SOX compliance. To ensure SOX compliance, Hagerty suggests, "Streamline controls, organize internally for effective compliance, and make sure you monitor the heck out of the process to make sure you stay on track." Related articles: CRM in an Age of Legislation CRM Gains Attention as Sarbanes-Oxley Compliance Medium Managing Risk and Data: Two Key Drivers in the Global Financial Industry