Annual Sarbanes-Oxley Controls Testing >$15K for 80 Controls?

Posted by Teresa Bockwoldt on April 12, 2010

I hear stories daily about people who are paying incredible amounts of money to have a third-party implement their internal control infrastructure and then test their internal controls on an annual basis.

Just today we had the opportunity to bid on a pre-revenue non-accelerated filer with less than 30 employees.  Competitors had already submitted their bids - both upwards of $50,000 based on our familiarity with their approach - in our book, this would be a SOX Basic® project that would be fixed price at $5,590 that includes the software, all of the best practice controls, consulting time to complete the implementation, and all of the supplemental documents (i.e., policies, forms, checklists, etc.) to help the company execute each control.  Don't get me wrong, I understand the value CPA's bring but are they honestly worth upwards of $350 + an hour for non-specialized work?  And when I am speaking of non-specialized work, I am including Sarbanes-Oxley Compliance work – even if - you have material weaknesses.  I have put forth nearly 10 years worth of work to streamline the implementation and testing process required to become and stay compliant with Sarbanes-Oxley.  Additionally, we’ve put into place measurement tools that allow you to see a four-year plan on reducing your own internal control count down to the minimum amount of controls required to stay compliant; thus reducing your overall compliance costs going forward.  This tool also shows you exactly what you need to do to take all testing in-house thereby removing your reliance on a third-party service provider and allowing your company to be completely self sufficient.   

You may have heard about or personally experienced companies who are trying hard to reduce their controls.  This doesn't mean they are no longer performing all of their controls; it just means that those controls that are subjected to internal and external testing each year are reduced.  My experience has taught me that each internal control will cost a company roughly $50K in its lifetime. It is in your company’s best interest to get this number down.

To that extent and back to the title of my blog post, if you are paying tnes of thousands of dollars for annual testing by a third-party for around 80 controls, we believe you are paying too much.  Testing 80 controls on an annual basis - if well managed by professionals who understand external audit requirements and who are looking out for your best interest - can easily be handled by one to two people annually.  Well qualified Sarbanes-Oxley testers with CPAs shouldn’t cost you as much as higher-level audit and legal services. 

Additionally, I would highly recommend that every company consider testing quarterly rather than annually to ease the year-end workload but more importantly, to allow you to find errors early and give yourself time to remediate in the current year.

If you are paying more than you think you should for controls testing or if you would like to see how your internal control count could be reduced over a four-year period, give me a call at Office: 415.240.4867 x 2300 or Mobile: 707.477.0008 or email me at  We would be happy to provide you with a free analysis so you may explore your options.  This is especially important for those non-accelerated filers facing SOX 404(b) compliance this year... 

Look what our clients have to say:

"We didn't have a dedicated budget to complete our SOX compliance but as a small public company that was going to be an accelerated filer by our next year-end, we knew we had to figure something out quickly that would allow us to comply with the full SOX 404 requirements.  Vibato had a solution for us that cost less than $6,000, which was significantly less expensive than anything else we had seen in the market.  I would recommend them to anyone looking for a cost-effective and scalable solution."  Bob Ogden, CFO, Omni Bio Pharmaceutical, Inc.

"Working with Vibato has allowed us to focus on reducing the costs associated with the ever-challenging Sarbanes-Oxley compliance regulations," said Margaret Randazzo, CFO, Akeena Solar, Inc.  "As a public company, it is important that we use a tool like SOX Compliance Made Simple, as it allows us to efficiently manage the internal controls processes and external audits.  Thus far, we've reduced our costs by over 75% on our SOX preparations and ongoing maintenance.  In addition, we are already seeing a positive peek into the expected ROI - we expect to save more than this next year, which is huge for a company of our size and a great example of improving shareholder value!"

ZAGG completes a full Sarbanes-Oxley implementation in less than one week and for less than $45K.

"Our company was growing rapidly and we learned late in our fiscal year that we would be subjected to a full SOX 404 audit by our external auditors.  Vibato helped us get everything done quickly and worked with our team to put everything in place to ensure we were ready to go.  Their approach is the most cost-effective and efficient that I have seen and they did the entire project at a fraction of the cost of competing alternatives.  We were thrilled with the results and I am very impressed with their unique approach." Brandon O'Brien, CFO, ZAGG Inc.

Solar Power Inc. (OTCBB: SOPW) a leading designer, manufacturer and installer of photovoltaic solar power systems, implemented SOX Compliance Made Simple® (SCMS) to handle internal controls for five of their business divisions in their California and Shenzhen, China locations. 

"When we used SCMS I was very impressed by how painless and effective the process was," said Jeff Winzeler, chief financial officer, Solar Power Inc.  "We were up and running in a few days, and expect to save more than $100K per year on our ongoing compliance costs through reductions in audit fees.  Our internal control infrastructure was documented cost-effectively and efficiently, allowing for greater transparency while streamlining internal activities.  Vibato has really delivered a strong ROI for us by making a complex, time-consuming process a simple and effective one." 

"Vibato came into an extraordinarily difficult SOX situation at VaxGen and literally worked miracles. Vibato is extraordinarily productive, tenacious and dedicated. We called them "the bulldog" for a while, due to their determination and perseverance in overcoming all obstacles. I would and have recommended them to anyone with SOX issues to overcome and would not hesitate to use them again given the chance." Matt Pfeffer, CFO, VaxGen, Inc.

"Vibato's work can be characterized most by the terms effectiveness and efficiency. They were a valuable addition to our team and aided, in a large measure, the advancement of our process discovery and reengineering efforts. Their productivity set a new standard for our team and their efforts made a lasting contribution." John Pearl, IT Manager, IPIX

"It was my pleasure to work with Vibato. Our company hired them as a consultant to help us to streamline our business processes and build our internal control procedures. Within a very short period of time, Vibato had interviewed a lot of people in the company and provided a detailed flow chart for each department/ business process. The recommendations were presented to each department and the process improvement plans have been developed. Vibato is very professional and experienced. Vibato also demonstrated excellent communication skills and interpersonal skills." Shelley Chen, Accounting Manager, OVISO Manufacturing

Tags: audit costs, Non-accelerated filer 404(b) information, Controls Testing, Sarbanes-Oxley