Add It Up: Compliance Doesn't Come Cheap

Of all the regulations companies face--from the USA Patriot Act to the Health Insurance Portability and Accountability Act--Sarbanes-Oxley is consuming the most effort. This year, spending to comply with Sarbanes-Oxley will reach $6.1 billion, according to AMR Research. And 60% of 223 business and IT executives surveyed by the research company have Sarbanes-Oxley compliance efforts under way.

Personnel tops the list of Sarbanes-Oxley-related costs at $2.6 billion. Much of that is being spent on consultants and external auditing firms. Technology and services account for $1.7 billion each. Companies will spend about $1 million on compliance-related efforts for every $1 billion in revenue.

The compliance situation is complicated by the fact that regulators have little to say about how companies should go about implementing the security controls required by Sarbanes-Oxley. "Most organizations are baffled," says Paul Proctor, a Meta Group analyst.

Companies will spend close to $15.5 billion on compliance-related activities this year, according to AMR Research. Besides Sarbanes-Oxley, these include HIPAA ($3.7 billion) and regulations from the Securities and Exchange Commission ($1.3 billion), the Food and Drug Administration ($1.1 billion), and others ($3.3 billion). AMR estimates that the total tab for compliance-related spending over the next five years will be $80 billion.

Return to main story: Gaining Strength From Sarbox