Ever since CIO Insight started surveying IT executives about compliance issues in
In past surveys, getting and staying compliant was seen as something to achieve in the future. Spending and staffing for compliance kept increasing, and IT executives were growing more pessimistic about getting any business benefit out of the work. This year seems to mark a turning point, and the cost-benefit analysis looks brighter. Many more companies have achieved compliance with Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley. Spending appears to have peaked for some companies (although compliance is still driving spending for such technologies as document management, IT auditing, and other technologies and services). And fewer CIOs say compliance costs will hurt profitability than in last year’s survey.
But the best news is that CIOs are beginning to see a payoff. IT executives say that financial, medical and employee records are now more secure as a result of their compliance work. And about half our respondents say their company has achieved improved business processes, risk management, the accuracy of their financial records, or some other benefit through their work on Sarbanes-Oxley. Companies are entering a new phase in compliance: from ramping up to managing compliance smoothly and unobtrusively—at least until Congress passes a new batch of regulations.
Story Guide:
Compliance Spending is Leveling Off
Data Security Receives a Boost from Compliance Efforts
CIOs Find Compliance Brings Business Benefits
Compliance Remains a Project, Not a Process
How the survey was done: CIO Insight editors designed the 2006 Compliance Survey together with Equation Research, LLC (www.equationresearch.com), an Estes Park, Colo.-based supplier of custom research services. IT executives gathered from Ziff Davis Media publication lists were invited to participate in the study by e-mail. The questions were posted on a password-protected Web site, and 204 qualified private-sector respondents (63 from companies with revenues in calendar 2005 below $100 million, 77 from companies with revenues between $100 million and $999 million, and 64 from companies with revenues of $1 billion or more) replied from April 4 to April 24, 2005. Of the respondents, 60 % percent were the top IT executive of their company, and the rest held senior IT executive positions.
Read our previous surveys on compliance: