Ambiguity reigns in the world of compliance: report 27 September, 2006 By Patricia Pickett

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

The Business Performance Management (BPM) Forum of Palo Alto, Calif., along with Rutherford, N.J.-based records and compliance management solutions provider AXS-One Inc. this week released a report, developed in partnership with Chief Executive Magazine and the Seattle-based IT Compliance Institute. Titled CEE the Future: Building the Compliance-Enabled Enterprise, the study looked at compliance issues on a corporate level.

The findings suggested that while compliance issues around regulations such as Sarbanes-Oxley and related legal complexities have become a top management priority, many companies are still a long way from developing the IT infrastructure, policies and processes needed to align with compliance objectives. As a result, these companies remain seriously unprepared for a lawsuit, audit or request from a regulator, the report said.

Most CEOs interviewed for the study said their attention to compliance issues increased in the past six years, but fewer than half of IT executives consider compliance to be a critical initiative with full management support, the report stated. Meanwhile, nearly 40 per cent of respondents said their companys IT execs dont understand current regulations well enough to effectively implement compliance technologies and policies.

According to Marie-Charlotte Patterson, vice-president of marketing for AXS-One, this disconnect exists between IT and other departments because the perspectives and mandates of either side are so different.

"The job of IT is historically to maintain the technologies and processes required to support the core business," she explained. In contrast, "for most organizations, they are far more about sales and revenues and far less about how to protect the organization and introducing ideas of risk management and litigation."

CEOs believe their organizations' readiness levels are high because meeting compliance requirements, for them, takes on a totally different meaning than what it does for IT, she said. "For them, compliance is a very broad topic that includes issues regarding good governance and what financial reporting looks like. But by contrast, when we talk to IT executives, and when we start to talk to the legal community about what compliance in the future will mean, the response will become far less black and white."

The ambiguity increases when it comes to finances allocated toward compliance. Thirty-five per cent of respondents said they are in the dark as to how much of their IT budget is tied to compliance-related technologies, and IT executives in particular were expressing concern that they have inadequate resources to properly plan and execute compliance-related policies. This may stem from a lack of alignment between the rest of the business and IT, but it may also have to do with lack of creativity, Patterson said.

"Organizations may not be looking at more innovative ways of implementing policies. They may be knowingly or unknowingly continuing to try and manage electronic records along more traditional lines," Patterson said. While companies now know that they can no longer delete anything and are "becoming paranoid about it," she said, they are not realizing what kinds of other expenses are associated with keeping those records. "The costs in storage and backup costs and associated management costs are growing. There is also evidence that the way in which records are being kept is just through traditional backup, which makes costs unnecessarily high, in contrast to smarter ways - like archiving and properly managing the archives."

Patterson emphasized that it is essential for IT to be much more closely aligned with the legal and compliance department if the company wants to avoid legal problems.

"Organizations should be planning for how to manage changing needs. It's not just the responsibility of IT to do that....You can't just expect IT to know automatically or with little instruction what kinds of changes they need to be making in the infrastructure. It's a complex issue."