Compliance Efforts Still Somewhat Haphazard - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Enterprise Architecture

Compliance Efforts Still Somewhat Haphazard

And few CEOs see compliance-related spending as an opportunity to improve business processes.

Under pressure to comply with Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and other regulations, companies are having difficulty forming and executing compliance game plans. CIOs, as well as chief counsel, regulatory, and compliance execs, are still unclear on how to go about building the organizational machinery for achieving compliance, and what roles they should play in it.

While Sarbanes-Oxley is a front-burner issue--the deadline for compliance with section 404, dealing with financial-reporting controls, is a little more than three months away--more than a third of companies surveyed by Meta Group in a study released Monday don't have an overall budget dedicated to regulatory compliance.

Those that do plan to spend $7.2 million on average next year. Companies are tying compliance spending to specific regulations. Fifty-six percent of companies surveyed by Meta Group have allocated resources for Sarbanes-Oxley and HIPAA; 48% for the Patriot Act; 35% for Gramm-Leach-Bliley (financial modernization); 33% for Basel II (risk management for financial-services companies); and 28% for the Securities and Exchange Commission's rule 17a-4 (E-mail and IM retention).

But CIOs are having to spread their limited resources even thinner to achieve compliance, especially with Sarbanes-Oxley's section 404. The recently adopted auditing standard defines four major categories of IT control--program development, program changes, computer operations, and access to programs and data.

CIOs can't operate in a vacuum; they need to work collaboratively with CFOs, legal counsel, and other executives. Yet instead of creating a compliance playbook, many companies are taking a fly-by-the-seat-of-your-pants approach, with its attendant organizational ills. Less than a third (27%) of Meta Group survey respondents identify their company's CFO as the chief leader for compliance. But only 16% say the chief compliance officer reports to the CFO, and even fewer (14%), say the chief compliance officer reports to the CIO.

CIOs need to sell CEOs on the idea that compliance-related IT spending can boost revenue or lower costs, such as by improving business intelligence. They're looking at an uphill climb; only 12% of Meta Group respondents express an interest in leveraging compliance solutions for business-process improvement.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll