Technology is just the tip of the cost iceberg

Technology represents at most 10% or 20% of the overall costs of a compliance programme, according to Christof Menzies, partner...

Technology represents at most 10% or 20% of the overall costs of a compliance programme, according to Christof Menzies, partner at professional services firm PricewaterhouseCoopers. Most of the cost and effort lies in putting processes and systems in place.

"Just because it is now possible to automate some of your controls, does not mean you can do it right across all systems and all projects," said Menzies.

"You have to be careful which set of controls you select for automation. Sarbanes-Oxley is still a general business project. You have to have humans involved. Anything you automate, you have to make sure it does not take off and have a life of its own."

However, software tools can help the IT department demonstrate that compliance is not simply an IT issue, said Butler Group research director Tim Jennings.

"Too much of the onus is still put on the IT director to take responsibility for compliance. It is a nigh on impossible job. If it does not work, the IT director will be blamed. If it is successful, no one is going to give you any praise."

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close