- 27 July 2004 15:04
64% of Companies Have Dedicated Regulatory Compliance Budgets, According to META Group Study
SOX and HIPAA Initiatives Lead Compliance Spending; CIOs Must Take a More Proactive Role in Organizational Compliance Strategy
SYDNEY, Australia - July 27, 2004 - Sixty-four percent of USA companies currently have budgets dedicated to financial regulatory compliance, with the average budget projected to be $7.2 million in 2005. Among those companies without a current budget, more than half (54%) plan to allocate money for compliance initiatives within the next 12 months.
These findings are part of an extensive study of enterprise compliance strategies released today by META Group, Inc. (Nasdaq:METG), a leading provider of information technology (IT) research, advisory services, and strategic consulting.
Entitled Organisational trends in Sarbanes-Oxley and Regulatory Compliance issues, the study found that companies are dispersing compliance-related spending across a wide range of financial and accounting regulations. Over half of the companies surveyed (56%) have allocated resources for compliance with Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) regulations, with slightly fewer (48%) reserving a portion of compliance spending for USA PATRIOT Act-related initiatives. More than one-third of companies have earmarked money for compliance with Financial Modernization Act (35%) and Basel II (33%) requirements. Finally, a substantial portion of companies have allocated budget for SEC Rule 17a-4 (28%) and International Accounting Standards (27%) initiatives.
Despite the broad range of funding, the study found one dominant compliance driver: "SOX has had a significant impact on how regulatory compliance has been viewed and managed," said Jon Van Decker, vice president with META Group's Enterprise Application Strategies. "What makes SOX different is the heightened level of security around non-compliance. CIOs as well as other officers of a company can be liable for inaccurate information or insufficient controls, with the possibility of fines or prison sentences."
Although the severity of non-compliance has elevated SOX management to the highest executive levels within organizations, the study found that most compliance stakeholders are unclear as to where they fit in the compliance plan, relative to their peers. Moreover, those executives presumed to be in charge of compliance may be taking a much more limited role than previously thought.
Less than one-third (27%) of study respondents indicated reliance on the CFO as the primary role within compliance. In addition, only 16% of companies have tasked the CFO with supervision of the chief compliance officer (CCO) position. Similarly, while many compliance solutions are initially perceived as services solutions, the CIO is often not involved in the final decision-making stages. As a result, only 14% of CCOs report into the CIO position.
Impact on the CIO
META Group believes that the CIO must understand the impact of various regulations on their organization and take steps to collaborate with CCOs, risk managers, and general counsel to fully understand the laws and regulations as they apply to IT controls. Proactive CIO involvement in the decision-making process is particularly important, given the complexity that results from funding various compliance initiatives. CIOs must take responsibility for creating a compliance blueprint that can support multiple initiatives to ensure that SOX solutions can, at least, minimally coexist with HIPAA processes, tools, and solutions.
The importance of including the CIO in the decision process will only increase as budgets for external compliance-product purchases grow from the second half of 2004 through 2006, as META Group projects. As part of the external product evaluation, CIOs should investigate and consider using computer-assisted audit techniques (CAATs) for more effective and efficient risk assessment, quality certification, and compliance audits.
More importantly, study findings indicate executives generally fail to comprehend the multitude of peripheral benefits that could be gained from a comprehensive approach to compliance. With only 12% of respondents interested in leveraging compliance solutions for business process improvement, CIOs must understand the broader business intelligence and process efficiency impact and promote an enterprise architecture approach to compliance. META Group predicts that, by 2006, 40% of Global 2000 enterprises will focus on enterprise portfolio optimization to strategically and tactically deliver business value, to optimize all enterprise investments, and to lay the groundwork for a technologically sophisticated business strategy.
"Significant CIO involvement in organizational compliance strategy is critical. Organizations must not limit the CIO's role to evaluating solutions and vendor offerings," said Van Decker. "Instead, the smart company will understand that the CIO can be a driver for implementing systems that support compliance requirements and bring other, broader benefits to the organization."
About the Study
META Group executed a market research study of those with knowledge of decisions about the selection and implementation of compliance solutions and services for their organizations. The study is based on a random sample of nearly 300 executive, finance, and IT decision makers and influencers.
About META Group
META Group is a leading provider of information technology research, advisory services, and strategic consulting. Delivering objective and actionable guidance, META Group's experienced analysts and consultants are trusted advisors to IT and business executives around the world. Our unique collaborative models and dedicated customer service help clients be more efficient, effective, and timely in their use of IT to achieve their business goals. Visit www.metagroup.com for more details on our high-value approach.
Jessie Shepherd Markom Marketing +61-2-9977-8922 email@example.com
Peter Carr, Vice President, Director Operations META Group +61-2-9290-8624 firstname.lastname@example.org