INFORMATION TECHNOLOGY

Home > IT > IT Gears Up for Compliance

---

IT Gears Up for Compliance

Mar. 1, 2006

The Sarbanes-Oxley spotlight shines most brightly on the CFO. But as the owner of corporate systems and data, there’s no doubt that IT has a key role to play in any compliance strategy.

IT is indeed responding to the realities of SOX. For example: 53 percent of participants in a recent Economist Intelligence Unit survey say their compliance-related IT spending is rising by more than 10 percent each year.¹ And of the more than $20 billion that AMR Research expects companies to spend on SOX by the end of this year, $4.8 billion will be on technology.²

These are big investments. So where should the money go?

We suggest IT focus on three areas. First, delivering clean, consistent, and accurate data—the “single version of the truth” that SOX and other compliance statutes demand; second, reducing the complexity of their compliance and reporting systems and processes; third, building greater agility into these same systems and processes. IT can use business intelligence in all three areas to support both initial and ongoing compliance.

Accurate data

Amid the complexity of most IT infrastructures, SOX makes one thing clear: provide accurate data to the SEC or your CEO and CFO go to jail. Perhaps it’s for this reason that no other business issue (say, increasing efficiency) has been as effective as SOX in forcing companies to address their disparate data head-on

Among the ever-shifting mix of platforms, systems, and data, most companies are also using multiple BI deployments whose proprietary metadata models and query engines can create more confusion than clarity.

Left unaddressed, this situation can expose potential SOX weaknesses. For example: a simple question such as “How many employees do you have?” could potentially return as many different answers as the company has BI products. And given that a consolidated balance sheet requires considerably more complex calculations and aggregations, the chance that companies can provide clean and accurate data using multiple BI products is low, indeed.

The way for IT to provide a single, SOX-ready version of the truth is to follow the same approach that has worked so well at the departmental level – by deploying a single BI product, with a single metadata model and query engine, atop all relevant data From there, IT can extend its BI deployment to connect additional departments to a growing source of accurate and consistent data.

Minimized complexity

Compliance initiatives have become a catalyst for companies deploying BI enterprise-wide. A cost-effective way for them to achieve this is by adopting a BI standard – a single product that can provide the complete range of capabilities to the company’s entire user base. Many companies treat compliance and BI standardization as joint projects, often managed through a BI Competency Center, or BICC.

Placing BI at the core of a compliance strategy almost necessitates adopting a BI standard. As Rebecca Graves writes in the January 2006 issue of DM Review: “Companies presently rely on implementing controls within standalone transaction systems…but there are risks associated with this. It is difficult to predict all potential control breaches and detect all problematic transactions when the transactions are spread across different systems.”³

In choosing a BI standard, IT can reduce complexity on several levels. Older, siloed BI deployments become redundant and can be retired. This reduces maintenance and upgrade costs. With regard to SOX, a single BI product with a single metadata model and query engine provides everyone in the organization the ability to work with the same data, definitions, and results. People across functions and divisions can collaborate, monitor, analyze, and report on consistent and trusted business data. Consolidations also become simpler to perform, since IT no longer needs to correlate or integrate data from different BI systems.

IT agility

Many companies view compliance and performance as two sides of a coin. Both demand that a CFO identify, analyze, understand, and report on events – whether to comply with Section 404 of SOX or to seize a new growth opportunity. For example: U.S. companies have a mere four days to report on a material event such as an acquisition or divestiture, whether it occurs at the company’s headquarters or at an operating subsidiary on the other side of the globe.

At this point, the need for IT to deliver an agile reporting system should be clear. A CFO can only make decisions as quickly as her compliance system can serve up pertinent information. A system built with overlapping G/Ls, disparate ERPs and disconnected spreadsheets, or one that relies on manual entries, re-keying, and emails simply cannot communicate the needed information quickly enough. CFOs need instant visibility into the drivers of their business and the ability to change plans or reallocate resources at a moment’s notice. The self-service attributes of BI applications make them ideally suited to this purpose.

A standardized BI system can eliminate the bottlenecks caused by manual processes, disconnected spreadsheets, and data integration issues. IT can also provide compliance dashboards that show operational metrics in real time and automatic alerts to changing conditions

“A well-defined dashboard allows the organization to [determine] the metrics that are important, and manage and report on adherence to them,” says Michael Rasmussen, vice president of enterprise risk and compliance management at Forrester Research. “It alerts decision-makers who can take action so that compliance can be managed to business expectations.”⁴

Summary

As the regulatory climate expands and evolves, more CFOs and CEOs will look for technologies that provide consistent and sustainable compliance outcomes. To support compliance efforts, IT must deliver accurate data, reduce complexity, and increase agility. With a standardized BI environment, they can deliver a three-in-one solution.

Find Out More Online Compliance Resource Center IT Compliance Institute Online Demo: IBM Cognos 8 Controller Cognos Forum – Register Now!

---

Sources

¹ Economist Intelligence Unit. The Role of IT in Compliance. The Economist, April, 2005.

² John Hagerty, Fenella Scott. Reflections on Enron: Through 2006, a $20B Expense for Companies Complying with SOX, AMR Research Alert Highlight, Tuesday, Jan. 31, 2006. http://www.amrresearch.com/Content/View.asp?pmillid=19138

³ Rebecca Graves. Business Intelligence: Technology that Assures SOX Compliancy. DM Review, January, 2006.

⁴ Susan Jendrey. The Rise of Compliance Dashboards. IT Compliance Institute. August 2, 2005. http://www.itcinstitute.com/display.aspx?id=532