Ads by TechWords

See your link here
Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Building a Compliance Framework

As the flow of mandates continues, CIOs who can integrate corporate compliance efforts will be ahead of the pack.

July 5, 2004 12:00 PM ET

Computerworld - Do you break out in a cold sweat whenever you hear the phrase Section 404? When a co-worker mentions HIPAA, do you race back to your office to figure out the earliest possible date you can retire?


If so, we've got some bad news: The Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, the USA Patriot Act and other regulations of their ilk are just the beginning. For the foreseeable future, you can expect a steady flow of industry, state, federal and international mandates that codify the way businesses gather, store, manage and report information.


Naturally, IT will play a key role in compliance. But will that role be one of leadership or mere execution? Can IT create systems and processes that allow the corporation to easily comply with any new regulation it encounters, regardless of that regulation's specifics and origin? These are key questions, and millions of dollars ride on the answers.


Some doubt such preparedness is feasible. "Predicting the next big regulation is like trying to predict the weather," says Thomas Watson, information security project lead at West Haven, Conn.-based Bayer Pharmaceutical. "Who knows what's going to come down next?" Others, however, believe it's both possible and necessary to create a compliance management infrastructure and environment that can make future regulations less onerous to follow. Here's a look at the benefits of compliance management, the hurdles and the steps companies can take to get started.


Making Lemonade


The most persuasive reason to institute a compliance management culture is to reduce the cost of meeting individual regulations. A look at the price tag for Sarbanes-Oxley drives home the point. In a January 2004 survey of 321 companies, industry group Financial Executives International found that for large companies, the average cost of compliance with Section 404—Management Assessment of Internal Controls—was $4.6 million, including 35,000 hours of internal staff time, $1.3 million for consulting and software and $1.5 million in new audit fees.


Business Roundtable, an association of CEOs of U.S. companies, conducted another survey in July 2003 in which it polled 150 CEOs at large companies. Half said their compliance costs would range from $1 million to $5 million; some estimates topped $10 million.


The good news is that the cost of Sarbanes-Oxley compliance, along with that of HIPAA, can be used as a basis for meeting future regulations. According to Stamford, Conn.-based Gartner Inc., public companies that adopt a comprehensive compliance management architecture will spend 50% less per year than those that don't.


"In many organizations, the first reaction to a new regulation is to create a 'tiger team' " to address the issues, says Gartner analyst Lane Leskela. "But if you've got these teams for three or more regulations, the redundancy makes no sense."



Jump to comments

IT Management

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.