Published: September 30th, 2004

In today’s regulatory climate, compliance spending has become another cost of doing business. And it’s a cost that’s on the rise. According to AMR Research Inc., companies will spend US$5.5 billion in 2004 to meet Sarbanes-Oxley requirements. Of that total, nearly $1 billion will be spent on IT, giving CIOs the opportunity to take a leading role in compliance discussions. Here are a few compliance best practices:

Take a holistic approach: companies that unite diverse requirements — including financial, operational and IT needs — to meet the goals of compliance will benefit the most.

Know who, what and how: Identify which internal and external constituents play key roles in any directive (who). Determine the major functional capabilities required to address compliance regulations (what). Prepare the IT infrastructure and supporting services required to sustain these roles and capabilities (how).

Plan in order to mitigate costs: Lax enforcement of regulations could lead to financial penalties as well as market repercussions, such as reduced stock price or increased cost of capital. By putting time and effort into planning, companies may save money and effort down the line.

Put governance and risk management first: Compliance won’t work well without clear governance (oversight) and strong risk management practices.