Deadline Rush Delays Internal Improvements

U.S. companies are expected to invest billions of dollars this year in technologies and consulting services to help them comply with Sarbanes-Oxley, HIPAA and other regulations. But few will be able to quickly leverage those investments to improve their internal business processes, IT executives and analysts said this week.

That’s because most companies are focused on meeting rapidly approaching regulatory deadlines, according to speakers at a compliance-related conference held by IBM Corp.

For instance, the race to meet the Sarbanes-Oxley deadline for documenting internal controls is preventing companies from making far-reaching changes to their operations as part of their projects, said Susanne Ruschka-Taylor, who works at IBM’s Business Consulting Services unit.

“If you’re going to spend (billions of dollars) on these initiatives, you might as well get something out of it,” said Adrian Bowles, an analyst at the IT Compliance Institute, a Seattle-based research organization that focuses on government regulations and their effect on technology.

But that’s easier said than done for companies that are wrestling with compliance deadlines for a slew of federal regulations, including Sarbanes-Oxley, the Health Insurance Portability and Accountability Act and the USA Patriot Act. Some regulatory analysts have said it makes more sense for companies to install compliance frameworks than it does to buy stand-alone systems to support each regulation. Such frameworks would provide users with a set of monitoring tools that they could apply to all regulatory requirements.

“We’re not that sophisticated yet, but it’s something we’re trying to work toward,” said John Benninger, senior vice-president of risk management and corporate governance at Huntington Bancshares Inc. The Columbus, Ohio-based bank has set aside about US$500,000 for compliance with Section 404 of Sarbanes-Oxley, Benninger said. The project includes the use of IBM’s Lotus Workplace for Business Controls and Reporting software.

Huntington began entering data about its financial controls into the system in October. By the end of this month, it plans to go live with Version 2 of the software, which was announced this week.

“I have to admit, we have a lot of work ahead of us,” said David Lindstrom, chief privacy officer at Pennsylvania State University.

Students at the university’s School of Information Sciences and Technology are developing a wireless system based on IBM’s DB2 Everyplace mobile database to create, update and delete patient records securely from any location at Penn State’s Milton S. Hershey Medical Center. The wireless system will help Penn State meet HIPAA’s data requirements for patient privacy. But Stan Aungst, assistant professor of information sciences and technology, said school officials haven’t decided when the technology will be put into use.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows...

Unlocking Transformation: IoT and Generative AI Powered by Cloud

Amidst economic fluctuations and disruptive forces, Canadian businesses are steering through uncharted waters. To...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now