In order to achieve a positive ROI, the SOX compliance must have net benefits that exceed the investment to achieve compliance. These benefits cannot be the compliance itself – ie. Avoiding fines and litigation, but they must be the rewards of compliance itself.
While implementing SOX some companies seek not merely to comply, but use the regulations as a catalyst to overhaul their controls programs. These companies examine key financial and management processes, and improve these processes in order to:
1. Streamline the process steps by automating key data collection and entry or transaction recording processes
2. Avoid costly process errors, such as reducing accounting or billing errors
3. Reduce cycle times on key process steps such as financial reporting
4. Eliminate theft or fraud via tighter controls
Also, as a result of SOX compliance many companies have improved their decision-making processes by implementing:
1. Portfolio management and project management tools to help track project costs (assuring they remain under control) and manage risks
2. Dashboards to track key performance indicators (KPIs) to provide greater awareness on business operations, key processes, revenue recognition, spending and risk management.
The benefits of improved management and decision making include faster cycle times on decisions and projects, reduced investment costs, reduced budget overruns, higher yield project returns and reduced failures rates.
However, many argue – and rightfully so -- that these projects were forced by compliance and could have been implemented outside of the compliance program. The reality is that compliance regulations are in place, and rather than just getting by with a compliance program, companies should view this opportunity as the seed to improve visibility, control and process improvement in order to yield these important process streamlining and improved decision-making benefits.
Companies that execute a SOX program that seeks to improve processes and KPI visibility while also meeting compliance rules are the companies that will achieve a positive ROI. Companies which seek just to meet compliance will not move beyond the extra systems and labor "tax" which SOX requires, and will achieve negative ROI on their SOX compliance investment.