June 2006 Survey: IT's Compliance Efforts Finally Begin Paying Off

By Allan Alter  |  Posted 07-06-2006

Ever since CIO Insight started surveying IT executives about compliance issues in 2004, we knew there were three questions that really mattered: Have you achieved compliance? At what cost? And was it worth the effort (aside from avoiding scandal and jail)?

In past surveys, getting and staying compliant was seen as something to achieve in the future. Spending and staffing for compliance kept increasing, and IT executives were growing more pessimistic about getting any business benefit out of the work. This year seems to mark a turning point, and the cost-benefit analysis looks brighter. Many more companies have achieved compliance with Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley. Spending appears to have peaked for some companies (although compliance is still driving spending for such technologies as document management, IT auditing, and other technologies and services). And fewer CIOs say compliance costs will hurt profitability than in last year's survey.

But the best news is that CIOs are beginning to see a payoff. IT executives say that financial, medical and employee records are now more secure as a result of their compliance work. And about half our respondents say their company has achieved improved business processes, risk management, the accuracy of their financial records, or some other benefit through their work on Sarbanes-Oxley. Companies are entering a new phase in compliance: from ramping up to managing compliance smoothly and unobtrusively—at least until Congress passes a new batch of regulations.

Story Guide:
Compliance Spending is Leveling Off

  • Finding 1: Many more companies report full compliance with recent regulations than did last year.
  • Finding 2: It's not yet clear whether compliance spending has peaked.
  • Finding 3: Compliance is driving spending on consulting, security and document management.
    Data Security Receives a Boost from Compliance Efforts
  • Finding 4: Regulations appear to be achieving what the government intended.
    CIOs Find Compliance Brings Business Benefits
  • Finding 5: Despite low expectations, companies have received business benefits from Sarbanes compliance.
    Compliance Remains a Project, Not a Process
  • Finding 6: Compliance goes more smoothly when a holistic approach is taken.

    How the survey was done: CIO Insight editors designed the 2006 Compliance Survey together with Equation Research, LLC (www.equationresearch.com), an Estes Park, Colo.-based supplier of custom research services. IT executives gathered from Ziff Davis Media publication lists were invited to participate in the study by e-mail. The questions were posted on a password-protected Web site, and 204 qualified private-sector respondents (63 from companies with revenues in calendar 2005 below $100 million, 77 from companies with revenues between $100 million and $999 million, and 64 from companies with revenues of $1 billion or more) replied from April 4 to April 24, 2005. Of the respondents, 60 % percent were the top IT executive of their company, and the rest held senior IT executive positions.

    Read our previous surveys on compliance:

  • Compliance 2005: Is Automating Compliance a Waste of Money?
  • Sarbanes-Oxley 2004: Are You Ready to Comply?