Regulatory compliance a CIO priority in 2006
- 17 January, 2006 11:28
Australian CIOs have rated regulatory compliance a New Year priority with organizations keen to leverage standards in a bid to gain competitive advantage.
In a survey of 148 CIOs in the Asia-Pacific region, 70 percent of respondents said compliance will be used to gain an advantage over competitors.
Interviews with medium to large companies across Australia, China, Hong Kong, India, Japan, Korea and Singapore found the uptake of regulatory compliance programs will increase significantly this year.
To date only 21 percent of those surveyed had implemented regulatory compliance programs, but 52 percent will have standards in place by the end of the year.
Undertaken by Serena Software, the survey was conducted in October-November 2005.
The company's local manager Charles Rignall said the Asia Pacific is waking up to the relevance of international compliance requirements such as Sarbanes-Oxley and Basel II.
However, Rignall said Australia is yet to legislate mandatory compliance.
"Relevance for compliance will be driven by corporate headquarters' demands and global trade requirements," he said.
"If companies want to do business with a multinational corporation or trade with an overseas company they have to meet minimum standards. Assurance must be given to customers and partners that you can work at the same level."
The survey found IT will have a major role to play in meeting regulatory compliance standards.
More than three quarters of CIOs in the Asia-Pacific region indicated that compliance will be one of their top IT objectives to implement and maintain regularly over the next year.
Corporate governance consultant Mark Toomey wasn't surprised that Australia ranked fourth in compliance leadership. "It is lamentable, but not surprising," Toomey said.
"This poor result joins with other indicators to confirm that Australian organizations are weak in corporate governance of information technology.
"Weak governance allows problem situations to develop, such as the disastrous implementation of the Australian Customs Service Imports module in October 2005, and it costs the Australian economy billions of dollars every year."
Toomey said effective corporate governance, from the boardroom down, should include formal systems of monitoring and control for compliance.
"These systems should ensure that both business and technology managers are properly engaged in identifying compliance requirements and planning compliance initiatives which typically involve complementary adjustments in systems, practices, training and organization," he said.
"In the interests of efficiency and effectiveness, many organizations would benefit from adoption of software tools to underpin the ongoing monitoring and control of their compliance obligations."
But Toomey warned that adoption of compliance and governance tools is not a panacea, and that specific effort is required to do it successfully. Other key survey findings:
- Most APAC CIO respondents (88 percent) think that IT has a major role to play in ensuring regulatory compliance.
- CFOs and CEOs may no longer be the only executives responsible for compliance activities. The survey revealed that 57 percent of APAC CIOs feel that they may be held directly accountable for compliance activities in the future.
- The survey shows that APAC respondents currently spend a low proportion of their IT budget on compliance-related activities. Most companies (60 percent) say that they currently spend "less than 5 percent" of their total IT budget on compliance-related activities with only 9 percent of companies saying that they currently spend "more than 15 percent".
- But APAC companies surveyed will start to use more of their IT budgets on compliance-related activities over the next two years. Nearly 30 percent of companies (up from 9 percent) plan to spend "over 15 percent" of their total IT budgets on compliance-related activities in the next two years.