Cost Of Compliance With Sarbanes-Oxley Can Be Cut By 50%

Gartner says that expanding and standardizing existing systems holds the key to savings.
Public companies that adopt a comprehensive compliance management architecture to comply with the Sarbanes-Oxley Act will save 50 percent annually compared to companies that do not adopt such an architecture, the analyst firm Gartner Inc. said at the Gartner Symposium/ITxpo 2004 this week.

Gartner analysts said that enterprises that have security and business continuity planning (BCP), a document management system, and a business process management (BPM) system in place already have the foundations for a compliance architecture.

"Vendor hype suggests that a wide variety of technologies is the answer to compliance with the Sarbanes-Oxley Act, but governance and compliance are no different than most other business issues," said Brian Wood, research director for Gartner, in a prepared statement. "A compliance architecture doesn't necessarily require new software investments and does not need to be implemented across the enterprise in a single step. Most organizations will find that they already have many of the software tools they need."

By establishing a compliance architecture, enterprises will be able to reduce the cost of regulatory compliance because such an architecture "eliminate(s) requirements to hire external auditors or consultants every time a new law appears," said Rich Mogull, research director for Gartner.

Mogull said that to build the most effective compliance architecture, enterprises should expand and standardize the use of BCP, document management systems, and BPM, and should add "some business intelligence and perhaps a compliance tool for reporting," as well.