Why Sarbanes-Oxley and IPO Success Are Linked

Why Sarbanes-Oxley and IPO Success Are Linked

SOX and the Road to IPO

In 2015, $195.5B in capital was raised for 1,218 IPO deals globally. In May 2016, more companies went public than any other month this year thus far, and VCs predict more tech IPOs on the horizon. As a result, many companies going public will need to become SOX-compliant. However, most companies who do file or plan to file for IPO tend to underestimate the effort when it comes to SOX compliance initiatives. This can be detrimental to a company’s growth, as SOX compliance has many immediate benefits, and can help newly public companies improve favor with investors and analysts – who reward good corporate citizens – and avoid material weaknesses.

The 3 Benefits of Becoming SOX Compliant Prior to going Public

Below, we take a look at the benefits of becoming SOX compliant prior to going public.


In the rush to go public, most companies do not make it a priority to plan for SOX compliance. However, studies have shown the most successful IPO companies operated under public company rules for 12 months before going public. Furthermore, there is a powerful linkage between good corporate citizenry and economic growth. Corporate Responsibility magazine reports that companies who have been ranked in their Top 100 of corporate citizens outperformed their Russell 1000 index cohorts with three-year average returns that were 26% higher. In short, becoming SOX compliant is not only a requirement for public companies, but can also positively impact the company’s growth.


In terms of overall internal SOX compliance costs (excluding external audit fees), 58% of large companies spent over $1 million in their most recent fiscal year, while 95% of small companies spent less than $500,000. Thus, the larger the company, the more it will need to invest in SOX compliance. Additionally, SOX compliance costs, combined with external audit fees and scrutiny, are on the rise. For companies going public, it is important to implement the right SOX program the first time. The reasons being:

  1. It is extremely costly to clean up your controls environment once you’ve built an inefficient program
  2. Switching systems can significantly impact the workload of personnel due to training

Depending on the size of the company, it should start the SOX process 18-24 months prior to going public. This gives the company at least a 12 month runway to prepare for and streamline its SOX compliance.

Plan Ahead

What should companies looking to file for IPO in the near future pay attention to?

SOX is a time commitment, and the hours continue to rise

Companies looking to go public should understand the time commitment of SOX compliance. Protiviti’s latest annual survey on SOX Compliance found the amount of hours many organizations devote to SOX testing continue to rise. For private companies planning an initial public offering, time spent on compliance requirements rose 22 percent, while for public companies it increased 55 percent. This is due to factors such as ongoing scrutiny of the PCAOB, implementation of the new COSO framework, and preparing to comply with Section 404(b).

SOX is highly administrative

Many of the activities inherent to the SOX process – such as controls testing and the subsequent reviews, managing document (PBC) requests, performing certification activities, and ongoing project management – are highly administrative. For every 6 hours an internal auditor spends on testing, 4 of those hours can be spent on tasks such as tracking management evidence requests, searching for files, preparing status reports, creating test templates, and reconciling their Risk and Controls Matrix (RCM) and controls documentation.

Benefits of internal controls optimization

Internal controls optimization (ICO) is focused on optimizing and improving those internal controls set in place to reduce the risk of mistakes or errors. The lack of proper internal controls can lead to a higher risk of errors that can result in material misstatements or significant financial loss, extreme examples being JP Morgan’s $6 billion trading loss in 2012 or AIG’s accounting fraud in 2005. In addition to preventing loss, there are many advantages of focusing on ICO early on, including the view that well-controlled businesses are more profitable. Optimized controls support better finance functions and business operations and help achieve effective governance, regulation and compliance.

Focus on the automation of SOX tasks

The existence of automated controls in a company’s control environment is highly beneficial to its SOX compliance program. Automated controls can dramatically improve the efficiency of compliance and testing. Some of these benefits include increased external auditor reliance, increased operational efficiency, and reduced SOX compliance costs.

How can this be achieved through software?

People have been outsourcing payroll, expense reporting, and HR functions to software. Turning to software to automate SOX is merely an extension of this. Software such as AuditBoard can be used to automate SOX compliance tasks and save countless resource hours. Software can reduce the total cost of ownership for systems and processes, and can help implement a more robust SOX program as well. Implementing SOX through software can drive additional efficiencies for an organization, as seen in this customer case study featuring Cornerstone OnDemand. Request a demo of AuditBoard today to see what the market’s leading SOX software can do for your company as it approaches IPO.

Click here to download your free guide of the 4 Ways to Automate Your IPE Controls.


John Kim, CPA was a SOX Subject Matter Expert and Technical Sales Director at AuditBoard. He has over 10 years of experience in Internal Audit, first as a Risk Assurance Manager at PricewaterhouseCoopers and then as the Senior Manager of Internal Audit for Zynga.