Compliance

New legislative and regulatory requirements are driving a heavy workload of compliance for many organisations.  And for many, the sources of compliance pressure are no longer just local.  In particular, we keep hearing that the US Sarbanes-Oxley Act creates requirements for organisations that trade in the US, even if they are not domiciled in that country.

So it's not surprising that there is a good deal of discussion of compliance issues in today's press.  There are numerous areas where top level executives and boards need to pay attention, even if it's only to be sure that all of the compliance requirements have been identified, and dealt with.

Computerworld raises an issue for many firms with older systems, in "Mainframe users struggle with new compliance measures".  The focus of the article is a technical challenge in meeting new rules for keeping credit card transaction data secret using encryption tools.  It serves to remind us that changing business conditions eventually mean that software does "wear out" and needs to be replaced with new, better structured and more flexible solutions.  Organisations need to consider whether their compliance load is a driver for replacement of systems rather than continued maintenance.

In "Compliance spend a missed opportunity" on October 19th, The Age refers to a KPMG survey that shows organisations are not capitalising on opportunities driven by new compliance requirements.  Instead of addressing compliance from a business perspective, and taking the opportunity to overhaul practices, organisations are focusing on adjusting just the IT systems.  This approach is at odds with the reports in last month's IT Governance Letter, which reported a US survey that shows business benefits accruing to organisations  that take a business improvement view of compliance.

The Age also noted that compliance work tends to be fragmented, meaning that the higher levels of management and the board have difficulty forming a view of how much compliance work is happening, how much is yet to be done, and whether there might be business opportunity inherent in the compliance process.