The high cost of compliance

This week's highlighted research:



Gartner Inc. "Sarbanes-Oxley spending continues to disrupt software purchases."

Forrester Research. "Business complexity challenges compliance."

AMR Research. "Spending in an age of compliance, 2005."

IDC. "Worldwide information management for compliance 2005-2009 forecast."

Regulations like Sarbanes-Oxley (SOX), HIPAA and Gramm-Leach-Bliley serve their purposes, whether it be protecting the privacy of consumer information, or preventing the books from being cooked. And for the most part, they're necessary. But neither legislator nor businessperson can deny that there is a cost, and it is substantial. While it may not break the budget, it's certainly going to put a dent in it for most companies. What is the ongoing impact of compliance on corporate spending and the economy in general?



Gartner's report says the increased level of spending on compliance and corporate governance issues is indeed going to have a big impact on the IT budget. According to their survey, financial compliance management spending is going to increase to 10 to 15 percent of the IT budget in 2006. In 2004, compliance spending took up less than five percent of the IT pie. The survey showed that SOX and other regulatory mandates are diverting new IT project discretionary resources to support compliance and governance issues. Many of the corporations surveyed had to cancel or delay non-compliance related projects. Efforts to comply with SOX meant purchases of software for new technologies and new projects have been inhibited.



But there is a flipside to the inhibited spending. While some IT projects are being delayed, new IT spending that is related to compliance is starting, as more corporations seek IT solutions to ease the compliance burden. Initially, IT spending on compliance was focused on one-off projects, due to the time pressures imposed by compliance deadlines. Now, corporations are more able to settle into a "big picture" view, and implement IT solutions and changes in business processes that are more long-term and programmatic--which will ultimately make that 10 to 15 percent figure go back down.



The complexity of compliance as well as business itself is the focus of Forrester's report. The complex and dynamic nature of business, as well as global competition and competitive pressures, are all challenges to compliance, says Forrester. Forrester also notes that initial compliance initiatives were handled in fragmented silos throughout the organization, but now we are starting to see compliance oversight becoming more centralized, often under the purview of a single compliance officer, and taking shape as an enterprise risk management discipline.



AMR Research also looks into the cost of compliance, predicting that it will hit $80 billion over the next five years. Their research estimates that corporations will have spent about $15.5 billion on compliance in 2005, with the average corporation spending about half a million. AMR says SOX is by far the most expensive initiative, and accounts for 39 percent of compliance spending. The largest budget item related to compliance is investment on internal staff.

IDC takes a five-year look at compliance issues as a worldwide market opportunity for software, hardware and services, also noting that corporations are more driven to invest in technology to create a more sustainable compliance environment.