I n July 2002, Con- gress passed the Sarbanes-Oxley Act (SOX) that imposes unprecedented require- ments on audit com- mittees, the auditing profession, and corpo- rate management to reduce the risk of future financial report- ing and asset theft (hereafter referred to as fraud) scandals. One provision of SOX, Section 404, requires management to report on the effectiveness of their company’s internal controls over financial reporting. Section 404 also requires the annual assessment be included in the company’s annual 10-K filing, and that the company’s independent auditor attest to the accuracy of manage- ment’s report. The Foreign Corrupt Prac- tices Act, passed in 1977, requires companies to establish a system of internal controls to help reduce the risk of fraud. However, another provision of SOX (Section 302) requires top management of public compa- nies to “certify” quarterly and annual financial statements, and puts them at risk of potential criminal penalties if fraud is subsequently discovered within these statements. As a result, top management is now extremely interested in the effectiveness of its internal controls over finan- cial reporting. Concurrently, independent auditors feel pres- sure to retest many of manage- ment’s internal controls since their legal liability risks may increase significantly if they mistakenly concur with manage- ment that the company’s internal controls over financial reporting are reasonably effective. Thus, Section 404 has imposed a sig- nificant amount of additional work and expense upon public companies and their independent auditors. Through the first half of 2005, 14 per- cent of the largest pub- lic companies reported ineffective controls over financial report- ing as evidenced by reporting at least one “material weakness” (Ernst & Young, 2005). The sheer volume of recently disclosed internal control weak- nesses suggests that more effective internal control structures are necessary to achieve more transparent finan- cial disclosures. More transpar- ent financial disclosures that more clearly reflect the econom- ic realities should allow investors to make more informed investment decisions. In con- trast, fraudulent financial data diminishes investor confidence and increases the cost of capital. Thus, SOX 404 compliance costs could be considered a posi- tive investment in the capital markets. However, an effective sys- tem of internal controls should benefit not only investors, but also public companies. Unfortu- The Sarbanes-Oxley Act (SOX) was passed to fight fraud. But SOX has imposed a lot of additional work and expense on public companies and their independent auditors. Large public companies have been shocked at the multibillion-dollar costs of first-year SOX compliance. And year two’s costs do not look much better. Is there a way to get SOX costs under control? The authors say the answer is yes, and it can be done by using a powerful quality improvement tool: Six Sigma. They show how to use it and how to avoid common pitfalls. © 2006 Wiley Periodicals, Inc. Dale R. Martin, Paul E. Juras, and George R. Aldhizer III Taming SOX Costs with Six Sigma f e a t u r e a r t i c l e 13 © 2006 Wiley Periodicals, Inc. Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/jcaf.20193