Last week in this space, I mentioned how I dislike the phrase "it's not going to happen overnight," which I often hear in regard to emerging technologies or innovative business processes. I'm sure one area where managers and executives would love to see something happen overnight is regulatory compliance. But, as we've heard through our research and at our recent event in New York, Compliance Challenges & Governance Strategies (informationweek.com/events/compliance), a lot of complexity, time, and spending are associated with Sarbanes-Oxley, HIPAA, USA Patriot Act, and the many other regulations that businesses face. So much complexity, in fact, that some research indicates a surprising number of public companies are considering going private--this at a time when it's exciting to hear about IPOs again.
But it has also been fascinating to hear how regulatory compliance has become a catalyst for positive change in business processes and governance, and how some companies are finding business value that goes beyond simply keeping the regulators happy and their CEOs out of jail. At Regions Financial, the CIO has created business information officers, who are assigned to specific business units to assist in collaborative business and IT planning. A BIO works directly with the company's compliance officer to ensure that deadlines are met and that the right systems are place.
Even though the CIO's sign-off isn't a requirement of Sarbox (yet), there's no denying the benefits of such a collaborative relationship and the power IT plays in these challenging regulatory times. Says Simon Lorne, vice chairman and chief legal officer at Millennium Partners and former general counsel of the Securities and Exchange Commission, "You are more empowered in your organization than you have ever been."