The effect of the Sarbanes-Oxley Act (Sox) on IT budgets is already receding, as compliance becomes just another cost of doing business, according to recent reports from AMR Research.
According to AMR’s June Tech Trends study, compliance has dropped sharply on the list of IT spending drivers. That’s a big change from the January edition of the study, when compliance with government regulations was the number-one initiative affecting IT investment. (The IT consultancy conducts the study three times a year.) In January, 26 percent of 252 IT and business execs surveyed said compliance was the most important business driver of IT spending, taking precedence over initiatives devoted to business-IT alignment, customer relationships, IT ROI and other concerns. But in last month’s report, just 14 percent of 203 respondents said compliance was the top initiative. Improving business-IT alignment, selected by 24 percent, took back its traditional top spot.
Government regulations have long been part of the corporate agenda, but Sox, with its threat of jail time for executives who aren’t paying proper attention to company filings, was behind the sudden interest in compliance, says Fenella Scott, a senior research analyst at AMR. But it’s not the case that compliance is no longer a concern, she says. Rather, the shock of Sox has worn off, and companies now view spending for compliance as part of the cost of doing business.
Another AMR study underscores this conclusion. “Spending in an Age of Compliance, 2005,” released in March, found that companies are moving to a more structured approach to compliance. More than 80 percent of the 225 business and IT leaders in this survey said their companies would have an executive-level compliance officer in place during 2005.
Companies have to think about other regulations, including document retention requirements, the Health Insurance Portability and Accountability Act, and U.S. Food and Drug Administration rules. But Sox is the most expensive regulation, accounting for 39 percent of spending on compliance, according to AMR. With more regulations inevitable, a structured approach to compliance is a smart move.