Skip to main content

Sarbanes-Oxley Act: Compliance Costs Are Higher for Larger Companies but More Burdensome for Smaller Ones

GAO-25-107500 Published: Jun 18, 2025. Publicly Released: Jul 18, 2025.
Jump To:

Fast Facts

The Sarbanes-Oxley Act was enacted in 2002 to improve the reliability of public company financial reporting and auditing. But complying with the law can be expensive. Later amendments sought to reduce such costs for smaller companies, including by exempting them from certain requirements.

Information on compliance costs can be hard to isolate from broader costs. But generally, compliance costs were higher for larger companies and more burdensome for smaller ones. Research suggests that the exemptions provide financial relief to smaller companies. It also suggests that companies with less reliable financial reports tend to be smaller.

Image showing several spreadsheets with numbers and bar charts on them sitting next to a calculator and reading glasses.

Highlights

What GAO Found

The Sarbanes-Oxley Act of 2002 was enacted to improve the reliability of public company financial reporting and auditing. Section 404 of the act has two key subsections that apply to public companies:

  • Section 404(a) requires management to assess the effectiveness of internal control over financial reporting in annual reports filed with the Securities and Exchange Commission (SEC).
  • Section 404(b), auditor attestation, requires auditors for public companies to attest to management's assessment of these internal controls.

Amendments to the act exempted certain smaller and emerging growth companies from Section 404(b) requirements.

Companies' costs to comply with these provisions include expenses related to personnel, technology, and auditor fees. Companies incur internal costs to develop, test, and document internal control over financial reporting. But these internal costs are difficult to isolate from broader expenses, such as costs for software also used for other purposes. Similarly, auditor fees are not itemized specifically for Section 404(b) compliance (they typically are included in total audit fees). Thus, available data and analysis on compliance costs are limited.

Larger (nonexempt) companies generally incurred higher overall Sarbanes-Oxley compliance costs, but these costs were proportionally more burdensome for smaller (exempt) companies. Nonexempt companies (generally those with $75 million or more in publicly held shares or companies not qualifying as emerging growth companies) had higher costs (19 percent) than their exempt counterparts, according to GAO's analysis of a nongeneralizable sample of 96 companies. Companies generally experienced increased audit costs when they transitioned from exempt to nonexempt status (became subject to auditor attestation because their public float or revenues grew above exemption thresholds). Audits of nonexempt companies involve more work because the incremental auditing standards that apply to them require more planning, control testing, and quality review. GAO's analysis found a median increase of $219,000 (13 percent) in audit fees in the year a company became nonexempt. Audit fees generally leveled off in the year after transition.

The Section 404(b) exemption has had some positive effects for companies. Research suggests that not having to obtain auditor attestations provides financial and nonfinancial relief for smaller (exempt) companies. Companies can redirect the time and money saved from compliance toward business growth and development. But research also suggests companies that announced they had to restate financial statements (due to material errors) tended to have weak internal control over financial reporting or be smaller. GAO's analysis of a nongeneralizable sample of 100 restatements in 2022 and 2023 also found that 41 of 56 exempt companies (73 percent) in its sample cited both ineffective internal control over financial reporting and material weaknesses compared to 26 of 44 nonexempt companies (59 percent).

Why GAO Did This Study

Amendments to the Sarbanes-Oxley Act since its 2002 passage sought to promote capital formation and reduce unnecessary cost burdens for smaller companies. These changes include exempting certain smaller and emerging growth companies from the auditor attestation requirement.

GAO was asked to review the compliance costs and other effects of the Sarbanes-Oxley Act. Among its objectives, this report examines the compliance costs associated with Section 404 of the act, and the effects of the Section 404(b) exemption, such as on companies and the reliability of their financial information.

GAO analyzed a nongeneralizable sample of SEC audit fee data for 2019–2023 (most recent available) as a proxy measure for Section 404(b) costs; a nongeneralizable sample of financial restatements; and SEC enforcement actions in 2022–2023. GAO also reviewed laws, annual cost surveys of public companies, relevant research studies, and prior GAO reports. GAO interviewed SEC and Public Company Accounting Oversight Board officials; 17 audit committee members from exempt and nonexempt companies; and representatives or members of seven trade associations (representing businesses, investors, accounting academics, auditing professionals, and financial executives).

For more information, contact Michael E. Clements at clementsm@gao.gov.

Full Report

View Full Report Online
Highlights Page (1 page)
Full Report (47 pages)
Accessible PDF (39 pages)

GAO Contacts

Michael Clements
Director
Financial Markets and Community Investment
clementsm@gao.gov

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs
media@gao.gov

Public Inquiries

Contact Us

Topics

Financial Markets and Institutions
Compliance costsCompliance oversightFinancial instrumentsFinancial reportingFinancial services regulationFinancial statementsInitial public offeringInternal controlsSecurities fraudAudit committees