Data-Driven Compliance

Savvy businesses are architecting their compliance and risk management programs to accommodate frequent change, and to support multiple regulations and standards with a single compliance process

Change is a constant in the compliance regulations impacting business today. As new or revised regulations and standards come into effect, inefficiencies result from compliance programs that are either manual in nature, or dedicated to a single regulation. Savvy businesses are architecting their compliance and risk management programs to accommodate frequent change, and to support multiple regulations and standards with a single compliance process. Compliance regulations have been around for years. The likes of HIPAA, SOX, GLBA, and others have been in our faces for some time. So why is it that the costs of complying and the process for enabling compliance is still extremely costly, primarily manual, and riddled with errors at nearly every step? Forward thinking organizations are now seeking to build sustainable compliance programs and processes that leverage compliance work across multiple regulations. As a part of their re-engineering of compliance, many organizations are determining how best to measure compliance, and report on compliance status. Companies who are finding the greatest success in complying, reducing the costs of compliance and reducing the risks of non-compliance are leveraging a data-driven framework that leverages the same processes across multiple regulatory compliance mandates. The cost of regulatory compliance enforcement has been on the rise for corporations for years. Compliance is taking an increasingly larger percentage of information technology budgets. Latest studies show that 8-12% of all information technology budgets are spent on compliance technology or processes, up from 6-7% in previous years. According to a recent ControlPath Compliance Survey, 72% of respondents feel that they are uncertain and not confident in their compliance posture. The primary reason for this lack of confidence in compliance processes is due to a lack of education on the actual regulations themselves. Secondarily, they feel there is a lack of specificity in the regulation to enable a system for compliance management. Companies who have greater confidence in their compliance posture have implemented universal systems across multiple regulations to manage and report the compliance process. These compliance automation tools allow those responsible for managing compliance to leverage a single system for getting data collected, assessed, organized and reported upon for gaining true visibility into the progress a company is making on their compliance efforts. Companies that take a data-driven approach to building their compliance framework are able to leverage more universal systems to comply with not only with one of the regulatory compliance issues, but the ability to leverage that same process for one compliance framework into multiple compliance frameworks. For example, a financial institution that has undergone a massive effort to comply with GLBA and uses a data-driven compliance framework, can take that same methodology and enable the process for other compliance drivers such as Sarbanes-Oxley, PCI-DSS, and others. This is accomplished by leveraging the universal framework process of: 1- Assessment 2- Remediation 3- report/monitor for all compliance regulations, no matter what they are. Once the overall framework is in place, then new regulations can be imported into the system, requiring significantly less time to implement and fewer resources required to build them. With this data-driven framework in place, the process of assessment for each compliance regulation can be consolidated into a single assessment, assessing only once and complying many times. The benefits for this approach are many. Primarily, you must look at the cost structure of compliance in order to understand the benefits. According to a recent TowerGroup study, 67% of the costs of compliance are in staffing and training, and that can be reduced significantly by way of automation in processes, people and planning. Let s use a fictitious company as an example. Company XYZ has revenues of $1.25 billion per year. Using published statistics, this means they are spending approximately $1.175 million on compliance. Of this total, if 67% of their spending on compliance is on people and training, this amounts to $787,250 per year. If the company can reduce their spending on people and training by 25% by implementing a system that leverages multiple compliance regulations with the same resources, that would be a total savings of $196,812.50. If they were to invest in a data-driven compliance framework that cost approximately $150,000 then the compliance framework would pay for itself in just nine months. The cost-related benefits of implementing a compliance framework are significant, especially when public companies are grappling with the exorbitant costs for complying with SOX alone. Add GLBA, PCI-DSS and others to the mix and the costs can be overwhelming to many companies. The data-driven framework takes nearly all the costs out of the second, third and even fourth regulatory compliance drive that must be implemented in the organization. The non-cost driven benefits of implementing a data-driven compliance framework can be significant as well. With the data-driven approach, the speed with which new compliance regulations can be implemented is significantly faster. The process and reporting is in place...all you need to do is implement a new template. This leverages existing resources with ease. In addition, with a better framework in place and more data organized in a logical format, the ability to identify those risks to compliance are more easily identified, managed and remediated. Source: line56.coma>

Deel dit artikel

Submit to FacebookSubmit to Google PlusSubmit to TwitterSubmit to LinkedIn