We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.


Retooling IT for Compliance

Originally published January 18, 2005

In the constitution, the founding fathers of our nation implanted a living, breathing set of laws that adapt to our changing world. The third President of the United States of America, Thomas Jefferson, also a signatory to the constitution expounded…

"I am certainly not an advocate for frequent and untried changes in laws and constitutions. I think moderate imperfections had better be borne with; … But I know also that laws and institutions must go hand in hand with the progress of the human mind. As that becomes more developed, more enlightened, as new discoveries are made, new truths disclosed and manners and opinions change with the change of circumstances, institutions must advance also and keep pace with the times." --Thomas Jefferson

Com·pli·ance: conformity in fulfilling official requirements, Merriam-Webster Dictionary.

In this article, the first in the series, Retooling IT for Compliance, we explore how the IT community must participate in not just achieving compliance, but in leading the effort to sharpen a competitive edge and evolve a more dynamic enterprise. To lead is the only option for IT managers or else the viability of the enterprise is at risk.

In future columns, we will build pillars of an execution plan, which will provide objectives to test and diagnose your current system relative to elements adapted from COBIT (Control Objectives for Information and related Technology) guidelines, which are regarded as a comprehensive set of references for operational and systems controls.

In discussing a new dimension of efficiency, first in the context of compliance and then relative to competitive advantage, we will address systems architectural considerations and software evaluation criteria for metadata management, data quality, data integration, data models, connectivity, storage area networks, retention policies, analytical tools, backup software, and structured and unstructured data.

Indeed, retooling IT to deliver compliance is a daunting task not fully appreciated yet. If IT does well, it earns the right to participate in influencing enterprise strategy. Anything short of this is to relegate IT to mediocrity or worse, a non-descript “tech-centric” entity.

IT managers of local or Global enterprises must start by taking inventory of why compliance dominates their near-term focus. How must you prepare to lead? What must you deliver? How do compliance dates translate into an IT work plan? What measurements of progress or tests validate success?

Why Compliance Dominates Our Near-Term Focus

Virtually all aspects of a publicly traded enterprise are under the microscope today. Every facet of the enterprise operation seems legally scripted. The gradual creep of other regulations (privacy, confidentiality, health, safety, etc.) was dwarfed by the thundering lightening bolt struck by the Sarbanes-Oxley Act of 2002, changing the landscape so profoundly that private companies re-thought going public and executives have curbed their wild and exuberant projections of revenue and earnings. Why? Consequences, of course! Jail sentences, 20 years … monetary penalties? $20 million … more. Oh, yes, for whom? CEO, CFO, board of directors, attorneys, accountants or even a delegate—virtually no one is exempt. 

In most enterprises, the CFOs and auditors have been preoccupied, sorting out strategic reporting elements. As these come to closure in the executive suites, the next step is the creation of reports. Unfortunately, a variety of surveys show that less than 30 percent of enterprises are ready to report ’04 earnings in compliance with new regulations. Further analysis reveals that nearly 50 percent of these enterprises will employ manual validation processes to execute on time.

The task of delivering compliance is staggering. It is pervasive and expensive. Estimated teams and taskforces, and IT expenses will exceed $2 billion in ’05. If you are not already deeply engaged with departments across the enterprise, if the CFO and COO have not already put you in the hot seat, you soon will be. But this is no ordinary wave of demands, it is a tsunami—strong enough to wipe out some companies under the strain of compliance. It requires retooling IT while simultaneously streamlining business functions.

Prepare to Lead the Compliance Effort

The first step in preparation is to put yourself in the right frame of mind, knowledge and enthusiasm. Knowledge will give you a road map and enthusiasm will fire-up the teams supporting your shared mission. Build yourself a personal success agenda. Know why you feel passionate and resolute to lead the compliance task. Construct your own rationale and perspective to charter and facilitate collaboration. This is your survival gear to lead the tough climb.

Outrage!

As a technology leader, professional and a citizen of the richest economy on the Planet, should we be outraged? Must we be threatened to be honest with employees, investors, and the consuming public? Are we closer to the adaptive government of Thomas Jefferson or does our world look more like George Orwell’s big brother? 

From managing computations to preserving the dignity of an employee, from product standards to protecting investors, the government tells businesses what we must do. Rules or guidelines specify how to report earnings, run the business process, what is private and confidential, how it should be secured and for how long. We have many rules governing who can be hired, how they need to be treated, and steps that must be followed before firing them. How to take care of the injured? What’s a safe environment, what precautions must be taken, what certifications must be filed and renewed. Even about how to discipline a manager for looking at the employee wrong

We have the right to be outraged, but not necessarily for over regulation. We should be outraged because we are forced to invest in policing irresponsible and deliberate human transgressions, greed and illegal collusion. The same scarce capital could be channeled to break through new R&D discoveries, or open new stores, or build new factories, or train associates, or preserve employment—making the entire enterprise a stronger competitor.

Embrace Reality

Regardless of new regulations, rogue elements will seek out new techniques to circumvent laws and perpetrate crime. New legislation will surely follow. We neither control the volume of new rules nor the egregious behaviors of bad executives.

Granted, U.S. Corporations carry a heavier competitive disadvantage in the Global race. A government that should be our partner is weighing us down. Our compliance costs of doing business exceed our global competitors.’ In the spirit of winning, we need to parlay these compliance requirements into competitive advantage. We must leverage our investments to retool the IT infrastructure to accommodate future compliance changes with minimal incremental costs.

Make This Your Unique Opportunity to Shine

Every department’s output is tied to IT excellence in its push to deliver operational excellence and profits. IT, on the other hand, is being summoned by each to achieve compliance. This is IT’s time to shine.   Have your own perspective and conviction to lead compliance as you take charge with full force.

What Must We Deliver?

Compliance regulation identifies irregularities and specifies standardized procedures and guidelines. Previously, adhering to generally accepted practices earned a passing grade. Now, some tolerances are very tight and others are completely inflexible. For example, no variation of reported earnings is acceptable. Accuracy is paramount. 

In our approach, we will define an IT (HW and SW) infrastructure, integrate project management and Six Sigma quality processes to deliver not just compliance, but also competitive advantage.

In particular, we will examine four stages to deploy compliance: Phase I-Plan and Organize, Phase-II-Acquire and Implement, Phase-III Deliver and Support, Phase IV-Monitor and Evaluate. For each of these phases, we will calibrate progress of 5 categories of control activities: Control Environment, Risk Assessment, Control Activity, Information and Communications, and Monitoring.

Dates and Measurements?

Implementation dates are engraved in the laws, but compliance processes require teamwork, collaboration, and automation where schedules and test schedules can often move around. In our compliance plans, we will build expectations to match scope and size of the task parceling the requirements in phased automation stages.

Measurement for success will be built using subject matter areas and project management milestones.

From an IT Perspective, What’s the New Vision for Meeting Compliance?

We have embarked on a new mission: Retool IT for not just recent regulation, but for future changes as well. Not just to deliver one-time compliance but ongoing flexibility and continuous improvement to deliver competitive advantage. It includes addressing the systems infrastructure, data and information lifecycles, and working with internal teams and partnering with vendors.

We must transition from super-size inflexible mega-systems architecture, to interleaved tiered hierarchical architectures, from dependence on fixed data models to dynamic data analysis, from limits of connectivity to processing grids and access on-demand.

What remains sacred and unchanged is the need for error-free high-quality data. What continues to provide options is change in all aspects of the technology paradigm and hyper-competitive IT vendors capable of meeting needs.

Given the executive focus, compliance is IT’s launch pad to elevate the enterprise into a higher orbit: better data, timely availability, precise analysis, efficient execution, and accurate and timely reporting. With a disciplined approach, IT can rise to prominence not easily afforded in the boardroom. It is IT’s time to shine. The next article will discuss Phase I: Planning and Organizing for compliance and competitive advantage.

  • Claudia ImhoffClaudia Imhoff
    A thought leader, visionary, and practitioner, Claudia Imhoff, Ph.D., is an internationally recognized expert on analytics, business intelligence, and the architectures to support these initiatives. Dr. Imhoff has co-authored five books on these subjects and writes articles (totaling more than 150) for technical and business magazines.

    She is also the Founder of the Boulder BI Brain Trust, a consortium of independent analysts and consultants (www.BBBT.us). You can follow them on Twitter at #BBBT

    Editor's Note:
    More articles and resources are available in Claudia's BeyeNETWORK Expert Channel. Be sure to visit today!

     

  • Rajeev Rawat

    Rajeev founded BI Results, LLC in 2003 and serves as the CEO. BI Results is focused on leveraging compliance investments into operational efficiency. Until 2003, Rajeev led IBM’s emerging business opportunity team which laid the foundation for IBM’s configured solutions.

Recent articles by Claudia Imhoff, Rajeev Rawat

 

Comments

Want to post a comment? Login or become a member today!

Be the first to comment!