Originally published May 17, 2005
Regulatory compliance is a mandatory and expensive requirement for doing business in the 21st century. U.S. businesses will invest an estimated $8 billion in 2005 to fix compliance issues. This is an onerous financial burden, where return on investment (ROI) has become an irrelevant measure. Compliance is both tactical and strategic. In addition, the enterprise must leverage its compliance investment to build an agile organization to forge a sustained competitive advantage. The good news is that stiff penalties and tough enforcement have made the CEO’s decision to support compliance initiatives that much easier.
This series will set forth a methodical approach: an enterprise compliance architecture built on COBIT guidelines and integrating six sigma and project management processes. This article addresses: (1) Why compliance and IT are a new factor in the executive suite, (2) How compliance and competitive advantage share the same infrastructure, (3) How the CIO can earn cross-functional collaboration essential for success by building shared performance objectives, and (4) Benefits of the shared objectives to integrate cross-functional business and IT teams. This practical, pragmatic insight is what you need to ensure that your compliance efforts deliver more than just compliance: namely, enterprise competitiveness.
Compliance and IT, New Factors in the Executive Suite
Non-compliance has serious consequences for top executives. C-level executives, the board of directors audit committee, accountants, auditors, and lawyers and even their agents may be liable for errors made by the enterprise. The recent high-profile convictions demonstrate the “bite” of enforcement, which has captured the attention of top executives. Although only the CEO and CFO are called out specifically in the Sarbanes Oxley Act for accuracy in financial reporting, virtually all executive team members face serious consequences of any lapse in their performance. Lapses include: retention of relevant records, securing privacy of the data, reporting accurate information in a timely manner and demonstrating a system of controls that delivers compliance. Companies with longstanding ethics policies have tightened enforcement and have even terminated executives for minor infringements. Others have had executives sign new ethics guidelines that include responsibility for errors of omission, inaccuracy, misrepresentation and fraud. Executives even are exiting corporations for even the perception of impropriety. Compliance has the attention of top executives.
Compliance regulation has also made IT’s role as an insurance policy for compliance prominent, as well as a predictive source of information for the top executives. Many realize that IT can not only implement business decisions to bridge current compliance gaps, but also can spur business process excellence beyond compliance. They are sponsoring such initiatives. See Figure 1.
Compliance and Competitive Advantage Share the Same Infrastructure
Executives are investing in Compliance to ensure data, procedures and policies, whether recorded for reference, secured for confidentiality purposes or reported for market valuation meets compliance guidelines. This implies that key performance indicators (KPIs) are consistent and credible. Accurate data is discovered in a timely and organized fashion to provide contextual analysis, that potential outcomes have pre-defined decision paths to activate alerts when variances exceed thresholds, and that results can be measured for continuous improvement. See Figure 2.
As an example, consider what is required to create a simple report for compliance: accurately computed value of in-bound goods that are in transit worldwide. Business challenges are not just in reconciling multiple products, currency valuation, accounting principles, documentation, translation issues and trade definitions, but also in accurately computing varying data parameters from incompatible computer systems, unstructured e-mails or hard-copy documents, or rich-media (voice, video, and images) formats, and dynamic integration of change such as currency valuation, tax liabilities and tariffs.
IT, compliance and business effectiveness are inter-twined. Precision in compliance planning can deliver a competitive advantage. Streamlining the IT infrastructure to fix compliance issues can deliver functional advantages for better decisions implemented faster. See Figure 3.
The granularity and infrastructure needed to meet compliance are the same as that which boosts the competitive efficiency of the enterprise. The same tools that secure and authenticate incoming data, structure, source and destination, and also integrate, analyze and compile reporting elements can create fact-based management action reports. Critical path failures occur not around the tools, but rather around the business rules and processes that constitute policies for the tools. This is where building a bridge between IT deliverables and business objectives can leapfrog competition.
CIO’s Role in Compliance
Compliance is the CIO’s opportunity to lead and deliver the full power of IT tools. Commissioned to respond to the demands of the auditors, most CIOs have served a marginal role at best. Typically, the CFO’s office along with accountants, auditors and legal counsel has determined what needs to be reported and the manner of reporting. The CIO’s limited mission is to deliver these requirements. This sub-optimizes the enterprise’s opportunity to excel. Rapid advances in tools (quality, integration, analysis and reporting) can both accelerate projects that focus on critical success factors in detail and trend analysis as never before. By engaging the CIOs primarily for meeting the auditors’ needs, the enterprise is forfeiting the benefits of these IT advances. This is IT’s opportunity to shine.
The IT function can collaborate and deliver not just regulatory requirements but a revitalized decision support infrastructure. Signing up for more deliverables with no new funding can be a recipe for disaster. Nevertheless, in the case of compliance, ROI is irrelevant and executives are sanctioning budgets. Your enterprise will spend to just achieve its compliance needs, or it can streamline the enterprise to achieve agility and sustained competitive advantage.
This is not an easy goal, but it is a powerful weapon with proven results. You need to communicate the benefits that can be achieved across both business and IT to the executive levels so that shared compliance and business effectiveness deliverables become annual performance objectives of all involved. Communications, education, collaborative spirit and leadership have delivered compliance, enterprise effectiveness, teamwork benefits, joint recognition and a winning spirit for the enterprise.
Benefits of Establishing Shared Cross-Functional Performance Objectives
Successfully achieving performance objectives determines annual bonuses, promotions, pay raises and growth in managerial responsibility. Power-driven and politically perceptive executives seriously negotiate and manage these commitments. They must be able to visualize results before signing on to your compliance program. For compliance or IT related goals, the CIO must establish the expected business results and define the process of getting there.
Benefits of such collaboration are far-reaching. IT thirsts for business insights, but often lacks leverage to garner attention from line-of-business executives. For recent successes, compliance can be a constraining factor for business and IT collaboration through shared performance objectives. The greatest impact is executive awareness of IT tools to revitalize the enterprise. Education and evaluation of the business processes are centric to securing resources--funds and headcount for joint departments, taskforces and IT. Deliverables are mapped realistically to meet compliance and competitive advantage.
Seven Elements of the CIO action plan:
In this series on Compliance, we are striving to show how compliance investments can provide true competitive advantage. We introduced a new compliance architecture that integrates enterprise compliance with performance objectives.
In summary, we have provided a tried and tested method, shared performance objectives to collaborate, lead and succeed.