Government // Enterprise Architecture
News
7/26/2004
02:07 PM
Connect Directly
RSS
E-Mail
50%
50%

Compliance Efforts Still Somewhat Haphazard

And few CEOs see compliance-related spending as an opportunity to improve business processes.

Under pressure to comply with Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and other regulations, companies are having difficulty forming and executing compliance game plans. CIOs, as well as chief counsel, regulatory, and compliance execs, are still unclear on how to go about building the organizational machinery for achieving compliance, and what roles they should play in it.

While Sarbanes-Oxley is a front-burner issue--the deadline for compliance with section 404, dealing with financial-reporting controls, is a little more than three months away--more than a third of companies surveyed by Meta Group in a study released Monday don't have an overall budget dedicated to regulatory compliance.

Those that do plan to spend $7.2 million on average next year. Companies are tying compliance spending to specific regulations. Fifty-six percent of companies surveyed by Meta Group have allocated resources for Sarbanes-Oxley and HIPAA; 48% for the Patriot Act; 35% for Gramm-Leach-Bliley (financial modernization); 33% for Basel II (risk management for financial-services companies); and 28% for the Securities and Exchange Commission's rule 17a-4 (E-mail and IM retention).

But CIOs are having to spread their limited resources even thinner to achieve compliance, especially with Sarbanes-Oxley's section 404. The recently adopted auditing standard defines four major categories of IT control--program development, program changes, computer operations, and access to programs and data.

CIOs can't operate in a vacuum; they need to work collaboratively with CFOs, legal counsel, and other executives. Yet instead of creating a compliance playbook, many companies are taking a fly-by-the-seat-of-your-pants approach, with its attendant organizational ills. Less than a third (27%) of Meta Group survey respondents identify their company's CFO as the chief leader for compliance. But only 16% say the chief compliance officer reports to the CFO, and even fewer (14%), say the chief compliance officer reports to the CIO.

CIOs need to sell CEOs on the idea that compliance-related IT spending can boost revenue or lower costs, such as by improving business intelligence. They're looking at an uphill climb; only 12% of Meta Group respondents express an interest in leveraging compliance solutions for business-process improvement.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.