Compliance Efforts Still Somewhat Haphazard - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Enterprise Architecture

Compliance Efforts Still Somewhat Haphazard

And few CEOs see compliance-related spending as an opportunity to improve business processes.

Under pressure to comply with Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and other regulations, companies are having difficulty forming and executing compliance game plans. CIOs, as well as chief counsel, regulatory, and compliance execs, are still unclear on how to go about building the organizational machinery for achieving compliance, and what roles they should play in it.

While Sarbanes-Oxley is a front-burner issue--the deadline for compliance with section 404, dealing with financial-reporting controls, is a little more than three months away--more than a third of companies surveyed by Meta Group in a study released Monday don't have an overall budget dedicated to regulatory compliance.

Those that do plan to spend $7.2 million on average next year. Companies are tying compliance spending to specific regulations. Fifty-six percent of companies surveyed by Meta Group have allocated resources for Sarbanes-Oxley and HIPAA; 48% for the Patriot Act; 35% for Gramm-Leach-Bliley (financial modernization); 33% for Basel II (risk management for financial-services companies); and 28% for the Securities and Exchange Commission's rule 17a-4 (E-mail and IM retention).

But CIOs are having to spread their limited resources even thinner to achieve compliance, especially with Sarbanes-Oxley's section 404. The recently adopted auditing standard defines four major categories of IT control--program development, program changes, computer operations, and access to programs and data.

CIOs can't operate in a vacuum; they need to work collaboratively with CFOs, legal counsel, and other executives. Yet instead of creating a compliance playbook, many companies are taking a fly-by-the-seat-of-your-pants approach, with its attendant organizational ills. Less than a third (27%) of Meta Group survey respondents identify their company's CFO as the chief leader for compliance. But only 16% say the chief compliance officer reports to the CFO, and even fewer (14%), say the chief compliance officer reports to the CIO.

CIOs need to sell CEOs on the idea that compliance-related IT spending can boost revenue or lower costs, such as by improving business intelligence. They're looking at an uphill climb; only 12% of Meta Group respondents express an interest in leveraging compliance solutions for business-process improvement.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll