Corporate governance and compliance requirements the world over are driving IT spend, but compliance is not a once-off and is not achievable via a point solution. Research firm Gartner* has several recommendations for CIOs engaging in such initiatives.
1. While there is a small but emerging operational risk management software market, there is no single Sarbanes-Oxley (SOX) or corporate governance software market. The answer to SOX and other compliance regulations cannot be found solely in software packages. It exists in business processes and IT controls, and how to leverage technology to support and enhance those processes.
2. Although many software technologies are required in governance projects, the key horizontal technologies are business process management (BPM), application integration and middleware, and enterprise content and records management.
The answer to compliance regulations cannot be found solely in software packages.
Gartner
3. Companies should look for solutions to support multiple regulations, not just SOX, and to support multiple business units. Sustainable compliance (that is, a level of effort that is sufficient but not excessive) will be achieved only by consolidating compliance efforts through a programmatic, rather than a project-oriented, approach. A programmatic approach means compliance is not treated as one project after another, but rather as a sustained ongoing effort across multiple regulations and business units.
4. Manage compliance responsibilities as an ongoing business and technology risk management programme, not as a series of once-off projects. Implement a strategic, phased approach because more investments are required to deploy new solutions and retrofit established systems.
5. Work with auditors to identify and address compliance issues instead of buying a software tool to do the auditor's job. Regard any standalone or law-specific solution with scepticism, and seek application extensibility to other regulations and to operational risk management.
6. Use a phased approach to deployments so that, when new laws and regulations arise, a strong foundation is already in place. Having already implemented good corporate governance to support SOX, the ability to comply with new regulations will be improved as long as core processes have been retained, and can leverage the new processes and technologies for disclosure.
7. Address regulations systematically to enable business units to build on their collective experience, processes and technologies. Corporations that adopt these practices at a high level and instil them in their corporate culture will have an easier time complying with requirements from SOX and other forms of compliance regulations.
* Report courtesy of Gartner Africa, information sourced from: Audits and Events Drive Governance, Risk and Compliance Spending, Tom Eid, French Caldwell, 2 March 2007
* Article first published on brainstorm.itweb.co.za
Share