Get a strategy for compliance to avoid having a jigsaw approach

Knee-jerk reactions to new rules will cause problems later.

Knee-jerk reactions to new rules will cause problems later.

It is not just the Enron scandal that has pushed compliance to the fore in business. In light of increasing industry and government regulations and tight budgets, all businesses are under pressure to develop a clear, comprehensive and flexible strategy for managing content and reducing risk.

New challenges have emerged in recent years. Businesses have to consider regulations such as the International Accounting Standards and the US Sarbanes-Oxley Act, as well as domestic legislation on areas such as money laundering.

Compliance is not new to the IT industry - talk of Basel 2, for example, has been circulating for years - but many companies have yet to implement the necessary technology and now find themselves in a position where they need to be compliant, fast.

As is often the case, IT directors are getting caught in the crossfire between the boardroom and business units. IT systems will play a key role in the struggle for compliance. IT directors bombarded by boardroom demands must seek out technology that will enable them to be compliant with all of the wide-ranging regulations, rather than just parts of one and bits of another.

Many companies have implemented a knee-jerk reaction to the problem of meeting regulations, which can be costly and time-consuming. One new requirement is for organisations to document business processes and policies, securely record corporate information and provide a mechanism that allows easy and efficient access to search and retrieve stored information.

The first step is to document processes and policies: gathering information can facilitate a deeper understanding of the compliance problem so better decisions can be made about how to use IT. This will reduce the risk of buying an IT product that only satisfies one area of the business, leaving compliance problems elsewhere unresolved.

For example, some organisations have realised the need to have clear and accessible audit trails for all documents and have bought audit trail products to address this.

Some software, such as content management, can fill in a bigger part of the compliance jigsaw by recording audit trails and allowing information capture and retrieval. But compliance with regulations could be achieved by modifying existing systems without buying a raft of new ones. Ensuring that existing systems can talk to one another may be more important than simply creating yet another layer of IT.

Purchasing separate ad-hoc products is not cost-effective and can present integration, overlap and redundancy problems. It is also a missed opportunity to future-proof the business against unforeseen new regulations.

IT directors should carefully consider how regulations affect the business and evaluate products that fit a wide range of criteria and compliance requirements. In the long run, a considered strategy rather than a reactive approach to investing in technology will ensure that organisations have all the pieces of the compliance puzzle in place.

Joseph Wykes is managing director of European operations at Percussion Software

Read more on IT governance