Poor communication between IT departments and finance
departments is hampering compliance projects, according to Laurie
Stephens, vice-president and head of compliance services at
Capgemini.
Stephens said IT and finance directors had different views about
the benefits of compliance projects for regulations such as
Sarbanes-Oxley.
This has made it more difficult for IT directors to plan projects
for compliance with corporate regulations, while IT projects that
are not related to compliance have had to be postponed, he
added.
"Sometimes the chief financial officer does not see compliance as
an opportunity to streamline the business and will expect the IT
department to cobble together systems and do much of the donkey
work," he said.
Stephens' comments highlight a long-running turf war between IT and
finance departments over the control of IT spending and the impact
of regulations such as the Freedom of Information Act and
Sarbanes-Oxley.
To make compliance projects easier, Stephens suggested
organisations should use technology to automate business and, where
possible, reduce the number of IT systems to make it easier to find
important information.
He said the biggest challenges facing IT directors in compliance
projects are dealing with disparate IT systems, often in different
regions; demonstrating to regulators that there are controls on
access to sensitive information; and documenting various business
processes - for instance, invoicing a supplier - in an electronic
format.
Business benefits of compliance
Much of the publicity surrounding corporate governance
regulations has focused on the penalties companies face for failing
to achieve compliance. But according to Laurie Stephens,
vice-president and head of compliance services at Capgemini,
compliance with regulations can yield a range of benefits for IT
departments.
If IT departments take a long- term approach to compliance, the
benefits will include a 15% to 30% reduction in operating costs and
better quality data, he said.
"For the IT department, the compliance challenge is about
bridging the gap with the rest of the business and ensuring
regulatory compliance is embedded in the business processes and
supporting systems."
Stephens said the benefits to IT departments of a systemic
approach to IT can include:
- Improved efficiency for the IT department via the elimination
of data silos to provide a "single version of the truth" for key
information. This provides more accurate data and better knowledge
of the customer and suppliers.
- Improved efficiency for the IT department through standardised,
consistent business processes. Ways of working also become more
consistent.
- Better value for money from IT suppliers as a result of
standardised requirements and procedures.
- Better alignment between the IT department and the rest of the
organisation.
- Reduced operational risk as a result of improved risk
management processes and procedures.