The numerous compliance regulations that have sprung up in the last few years have certainly complicated the lives of IT executives. Huge chunks of time, money and effort are having to be spent in order to ensure that companies’ standards are up to snuff with those expectations spelled out in acts such as the Personal Information Protection and Electronic Documents Act (PIPEDA) here in Canada and the Sarbanes-Oxley Act in the U.S.
There can be no doubt that, when the entire business scenario is considered, such compliance measures are beneficial things. Reform and increased accountability for a corporation’s actions were clearly required in the wake of such financial fiascos as the Enron and MCI cases. Recently, IT vendor CA was also knee-deep in a reporting nightmare that cost that firm’s leader, Sanjay Kumar, his job and brought weighty charges against him.
That’s the big picture. The micro view, however, reveals a situation where big money is being spent on all kinds of IT infrastructure that will allow companies to ensure they are falling in line with the regulations laid down by their governments.
While these resource-heavy chores represent a large enough headache, firms are now finding that residual sources of stress are growing out of the strive towards compliance. One such outgrowth problem centres around the move by some firms to prioritize their projects according to the projects’ relevance to compliance tasks.
In the world of tightly budgeted IT departments, projects that are going to help a company reach its compliance mandate are often getting top priorities. Other endeavours that do not contribute to that goal, no matter how valuable they might end up being to the outfit, are often shunted aside because compliance-related undertakings are eating up much of the IT dollar allotments.
Such shuffling of projects based on compliance imperatives does not always end up serving the company’s best interests. Projects that might result in a better product and ultimately an improved experience for the firm’s customers are at risk of being put on ice for other projects that do nothing but tell the outside world that things are A-OK behind closed boardroom doors.
Clearly, the need for such corporate safeguards is high. What mustn’t be lost, however, is the potential for stunted growth of important technologies and ideas, all because the most valuable projects had to be put on the shelf.