Compliance Efforts Still Somewhat Haphazard - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture

Compliance Efforts Still Somewhat Haphazard

And few CEOs see compliance-related spending as an opportunity to improve business processes.

Under pressure to comply with Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and other regulations, companies are having difficulty forming and executing compliance game plans. CIOs, as well as chief counsel, regulatory, and compliance execs, are still unclear on how to go about building the organizational machinery for achieving compliance, and what roles they should play in it.

While Sarbanes-Oxley is a front-burner issue--the deadline for compliance with section 404, dealing with financial-reporting controls, is a little more than three months away--more than a third of companies surveyed by Meta Group in a study released Monday don't have an overall budget dedicated to regulatory compliance.

Those that do plan to spend $7.2 million on average next year. Companies are tying compliance spending to specific regulations. Fifty-six percent of companies surveyed by Meta Group have allocated resources for Sarbanes-Oxley and HIPAA; 48% for the Patriot Act; 35% for Gramm-Leach-Bliley (financial modernization); 33% for Basel II (risk management for financial-services companies); and 28% for the Securities and Exchange Commission's rule 17a-4 (E-mail and IM retention).

But CIOs are having to spread their limited resources even thinner to achieve compliance, especially with Sarbanes-Oxley's section 404. The recently adopted auditing standard defines four major categories of IT control--program development, program changes, computer operations, and access to programs and data.

CIOs can't operate in a vacuum; they need to work collaboratively with CFOs, legal counsel, and other executives. Yet instead of creating a compliance playbook, many companies are taking a fly-by-the-seat-of-your-pants approach, with its attendant organizational ills. Less than a third (27%) of Meta Group survey respondents identify their company's CFO as the chief leader for compliance. But only 16% say the chief compliance officer reports to the CFO, and even fewer (14%), say the chief compliance officer reports to the CIO.

CIOs need to sell CEOs on the idea that compliance-related IT spending can boost revenue or lower costs, such as by improving business intelligence. They're looking at an uphill climb; only 12% of Meta Group respondents express an interest in leveraging compliance solutions for business-process improvement.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Commentary
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll