June 2006 Survey: Compliance Spending is Leveling Off

By Allan Alter  |  Posted 06-07-2006

June 2006 Survey: Compliance Spending is Leveling Off

In previous CIO Insight studies on compliance and Sarbanes-Oxley, getting and staying compliant was seen as something to achieve in the future. But in our new survey, many more respondents say they have achieved full compliance with the regulations we've most closely tracked: the Sarbanes-Oxley Act, the health Insurance Portability and Accountability Act (HIPAA), the USA Patriot Act and Gramm-Leach Bliley Act.

But has compliance spending peaked? It's not yet clear. While there are some signs spending will soon begin to wane, other data suggests spending will increase at many companies. Compliance-related spending on IT auditing and consulting, and security and document management technologies seems especially strong.

Story Guide:

  • Finding 1: Many more companies report full compliance with recent regulations than did last year.
  • Finding 2: It's not yet clear whether compliance spending has peaked.
  • Finding 3: Compliance is driving spending on consulting, security and document management.
  • Finding 4: Regulations appear to be achieving what the government intended.
  • Finding 5: Despite low expectations, companies have received business benefits from Sarbanes compliance.
  • Finding 6: Compliance goes more smoothly when a holistic approach is taken.

    Read our previous surveys on compliance:

  • Compliance 2005: Is Automating Compliance a Waste of Money?
  • Sarbanes-Oxley 2004: Are You Ready to Comply?

    Next page: Many more companies report full compliance with recent regulations than did last year.

    Many more companies report

    full compliance with recent regulations than did last year.">

    Many more companies report full compliance with recent regulations than did last year.
    Eighty percent of respondents' companies are in full compliance with the major regulations that have come down the pike in recent years, with the exception of Sarbanes-Oxley. Two percent or fewer say they are not in compliance at all with Sarbanes, HIPAA, the USA Patriot Act or Gramm-Leach Bliley. Sarbanes-related work will continue to be a focus for many companies. IT executives at small companies who thought—wrongly, as it turns out—that these rules would be loosened for them will need to reconsider their spending plans.



    Read our previous surveys on compliance:

  • Compliance 2005: Is Automating Compliance a Waste of Money?
  • Sarbanes-Oxley 2004: Are You Ready to Comply?

    Next page: It's not yet clear whether compliance spending has peaked

    It

    's not yet clear whether compliance spending has peaked">

    Compliance spending is finally peaking.
    While nearly half say IT spending will increase, and two thirds are still investing in financial systems, there's been a drop in the percentage of IT budgets going to compliance, and the staff devoted to compliance at large and small companies. Spending has peaked for some companies, but overall, much depends on whether smaller companies will pour more resources into compliance-related work, now that the S.E.C. has made it clear in a statement issued on May 17, that they too will need to audit their internal controls under Sarbanes-Oxley.





    Story Guide:

  • Finding 1: Many more companies report full compliance with recent regulations than did last year.
  • Finding 2: It's not yet clear whether compliance spending has peaked.
  • Finding 3: Compliance is driving spending on consulting, security and document management.
  • Finding 4: Regulations appear to be achieving what the government intended.

    Read our previous surveys on compliance:

  • Compliance 2005: Is Automating Compliance a Waste of Money?
  • Sarbanes-Oxley 2004: Are You Ready to Comply?

    Next page: Compliance is driving spending on consulting, security and document management.

    Compliance is driving spending

    on consulting, security and document management.">

    Compliance is driving spending on consulting, security and document management.
    Since these regulations were designed to protect the integrity of customer, employee and financial records, it makes sense that the IT systems and services most frequently budgeted for compliance are those that store and manage documents, including e-mails and financial reporting. But companies haven't seen a need to invest in regulatory compliance management systems. Is this because these systems aren't effective, or existing systems are sufficient.